Azure Information Protection (Day 3)

This is the third in a series of posts documenting our experiences and impressions with Azure Information Protection. Today we wanted to use Office 365 Data Loss Prevention (DLP) to map AIP classification labels applied within an external domain to labels defined within our domain. The use case for this is a customer or partner […]

Read More

Azure Information Protection (Day 2)

This is the second in a series of posts documenting our experiences and impressions with Azure Information Protection. Here are a few things we learned today: The Policy setting “All documents and emails must have a label (applied automatically or by users)” should be disabled. When doing manual classification of emails and files, forcing users […]

Read More

Azure Information Protection (Day 1)

Azure Information Protection is Microsoft’s suite of advanced security capabilities for Office 365 (and, sometimes, legacy on-premises environments). The concept is simple: manually or automatically classify files and emails and then have security templates apply to those objects based on the classification. However, you quickly get into a dizzying array of licensing combinations, administrative portals, […]

Read More

5 Best Practices for Employee Data Privacy

As a member of your Human Resources department, no doubt you already have a clear idea of the importance of the privacy of employees’ personal information. If scam artists can wreak havoc with a single voided check or credit card number, it’s not hard to imagine the harm they can do with the motherlode of […]

Read More

Discovering and Identifying Sensitive Data

The exposure of sensitive data in documents can create serious problems. Some types of information, such as Tax File Numbers (or other national identification number) and credit card numbers, are inherently sensitive. They always need to be kept out of public documents, and any internal documents that hold them need protection. Regulations and contractual obligations […]

Read More

Adding Data Security to Your Off-Boarding Checklist

Every time an employee leaves the company, whether willingly or unwillingly, HR has a checklist to complete. Not only are you responsible for coordinating their departure and replacement with their team, supervisor, and subordinates, but there is also an incredible amount of data management to do. This was one of your flock, one of the […]

Read More

Lessons from the OPM Data Breach

In 2015, the US government’s Office of Personnel Management (OPM) reported data breaches that affected millions of applicants and employees. It was the worst data breach in history in a human resources department. Most of the news coverage focused on the politics of the attack, which came from China. From the standpoint of HR departments, […]

Read More

What if your data could talk?

Digital transformation and how to listen to your data It is estimated that 80% of organisations are currently undertaking or planning some form of business or digital transformation, with the aim of increasing revenues, improving efficiency, managing risks and reducing costs. While these efforts can be absolute game-changers for businesses and many of the strategies […]

Read More

Encrypt Everything!? Maybe not.

I was working as a Security Architect when the Director of Strategy and Architecture made the announcement that our latest strategy was to “Encrypt Everything”. This was a telecoms company with a distributed IT infrastructure, thousands of staff, and a huge number of networks. The volume of confidential documents created daily numbered in the thousands, […]

Read More

The Problem with Data Security

Data breaches are a huge problem and one that’s still growing. In the United States alone, over 20 million records were stolen in the first two months of 2018, and those are the ones that we know about due to disclosure. It’s fair to wonder why this is happening, and what the true scale of […]

Read More