Tips for Using Office 365's Sensitivity Labels to Protect Files & Business Email

Have you ever had a company email include sensitive information that the recipient shared publicly because they weren’t aware of the handling procedures?

How do you handle files that are created by your team and stored in the same cloud platform with both confidential and public documents mingled together?

Setting up and applying appropriate document handling procedures for business IT security can be complicated due to the sheer number of documents a typical office can generate on a daily basis, between emails, Word docs, spreadsheets, presentations, and more.

Productivity losses due to time spent doing manual document handling can really add up, and it causes businesses to waste an average of $20,000 per worker, per year due to issues with classifying or otherwise handling documents.

82% of employees mention the need for a solution to automatically tag office documents.

Office 365 users have a tool at their disposal to reduce the burden on employees of classifying and tagging documents, and one that allows them to put automated protections in place for things like:

  • Word documents
  • Excel documents
  • PowerPoint documents
  • Emails
  • OneDrive documents
  • SharePoint documents

This tool is called “Sensitivity Labels,” and it offers a big boost in both productivity and document security.

How Do Sensitivity Labels in Office 365 Work?

Sensitivity labels allow organizations to classify and protect their data through the use of labels that are applied to documents digitally. These labels can be applied in two ways:

  • Manually by users or admins
  • Automatically based upon document/email content

Admins can also require that a sensitivity label be applied to a document before it can be saved, which avoids issues with users forgetting to classify a document.

Automated or suggested sensitivity labeling helps prevent confusion over how to classify a document by applying or suggesting a label based upon a scan of the content.

Companies can set up their sensitivity labels however they like to correspond to their document handling policies. Such as, indicating that anything with a sensitivity label of “Confidential” cannot be copied, attached to an email, or shared outside your organization.

These document handling policies for labeled files and emails can follow the data throughout other Microsoft programs and in multiple 3rd party applications as well (Like Dropbox and Salesforce).

To use sensitivity labels, you need to have at least one of the following:

  • Microsoft 365 E3 or higher
  • Office 365 E3 or higher
  • Azure Information Protection Premium P1 or higher

For the capability for automatic or recommended sensitivity labeling, you need to have one of the following:

  • Microsoft 365 E5 or higher
  • Office 365 E5 or higher
  • Azure Information Protection Premium P2

Tips for Using Sensitivity Labels in Your Business Workflow

You can implement multiple document protections just by designating what happens when a document has a particular sensitivity label. Here are several tips on how to use them effectively.

Watermark Sensitive Documents

It’s easy to miss the sensitivity label on a document if you’re not looking for it. Using a watermark on a sensitive document helps the classification and handling procedure stand out.

Source: Microsoft

Encrypt Highly Confidential Content

If you need to send an email to your R&D team containing highly confidential trade secrets for a company product, you can use sensitivity labels to apply encryption automatically to labeled emails or Microsoft documents.

Stop Windows Devices from Sharing Data

Employees may have access to company data that is for “internal use only” on their mobile devices. Without proper protections, they may inadvertently share a brief on a product still in development outside the organization without permission.

Sensitivity labels can be applied to stop Windows devices from copying or sharing that content with a third-party application such as Gmail or Twitter.

Prevent Unauthorized Document Copying

In movies, you often see a malicious contractor or rogue employee stealing data from a corporate system using a USB device. You can prevent this type of scenario from playing out at your office by adding policies that prevent the copying of sensitive data to removable storage devices.

Classify Content for Tracking Purposes

You don’t have to institute specific security policies on a sensitivity label for it to be useful. Say that you wanted to track how your employee training documents are being used and shared. You can apply a sensitivity label that will allow you to generate usage reports showing activity data for any documents with that label applied.

Help Users Work with Sensitivity Labels

The first time you begin using sensitivity labels, it can take a while for users to get the hang of the new document handling procedures. You can help them ramp up that learning curve in a number of ways:

  • Provide a help link for sensitivity labeling instructions that appear on the label drop down.
  • Require mandatory labeling of documents and emails so users don’t forget to add a sensitivity label.
  • Add a default sensitivity label that will automatically apply initially to all documents.
  • Require justification for changing a label, so it’s not done inadvertently by a user.

Get Help with Document Security from Unbound Digital

From setting up sensitivity labels to ensuring your network is protected with a multi-pronged cybersecurity strategy, we can help keep your data safeguarded from authorized access and secure your network from a breach.

Contact us today to schedule a free IT security consultation. Call 423-335-2461 or reach us online.

View Desktop Site