Data Loss Prevention - Email Security

Detecting Sensitive Information

It is best practice to use existing services or portals designed to support the collection of electronic information containing PII and PCI data.  It is your professional responsibility to determine whether the information should be sent electronically.

Our Data Loss Prevention (DLP) tool uses an automatic detection process from Microsoft 365 using policy tips to flag all outgoing email containing protected information, either internally or externally.

Data Loss Prevention automatic detection example

How will this help me?

  • The policy tip will alert you of information that may be considered confidential data and should not be sent via email.

Data Loss Prevention automatic warning email example

If the policy tip appears, but you believe the email you are sending does not contain protected data and that this is a false positive, you will still be able to send the email at this time. However, you will immediately receive an email in return with a description of the detected violation(s). Please note that an alert will also be sent to the I.T. administrators.

Securing Email with Encryption

When sending emails containing protected information, encrypt them with Microsoft 365 Message Encryption. It's fast, easy, and will prevent anyone but the recipient from opening it since a private key will be needed to access it.

From the email message you are sending in Outlook, select the Options tab, Encrypt.

Microsoft 365 Message Encryption option for sending message with sensitive information

Choose your encryption method, draft your email, and send as usual.  The encryption options are:

  • Encrypt-Only: The message will be encrypted and recipients cannot remove encryption. This option can be used when sending messages to accounts outside of Stetson.
  • Do Not Forward: The message can be read by the recipient, but not forwarded, printed or copied. This option can be used when sending messages to accounts outside of Stetson.
  • Stetson University, Inc. - Confidential: The message is identified as proprietary information for internal users.  Message content can be modified but not printed or copied.
  • Stetson University, Inc. - Confidential View Only: The message is identified as proprietary information for internal users and may not be modified.

If the recipient is not using Office 365, they will receive an email that looks like this:

Encrypted message example using Microsoft 365 Encryption

To read the email, the user clicks “Read the message” and the system will send a one-time code to the recipient’s email address to authenticate the user.  Once the correct pass-code is entered, the email will be displayed.