How to Automate Document Security Using Sensitivity Labels in Microsoft 365

How to Automate Document Security Using Sensitivity Labels in Microsoft 365

It’s not always a major data breach that causes a compliance violation. It can be an employee inadvertently sharing sensitive information with someone outside your company. 

In cases like this it’s a failure of good document security practices that can allow files to end up being compromised. 

One stark example of poor document handling was a report by The Canadian Press earlier this year. It was found that 38 government agencies reported an average of 20 incidents of mishandling sensitive documents per working day. 

Document security can be challenging. The average office can have hundreds of documents and emails being created by their staff daily. How do you ensure those containing sensitive information are properly protected?

Another challenge is the fact that documents don’t just stay in one application. They’re often transferred from one cloud app to another in the course of a business workflow, which further complicates any security restrictions you try to put into place.

If you use Microsoft 365, there is a way you can automate the process to improve your document security without putting an undue time burden on your staff. You do this through a feature called “sensitivity labels.”

How Do Sensitivity Labels Work?

Sensitivity labels in Microsoft 365 allow you to attach a label to a document or email as it’s created. That label then corresponds to a specific set of security policies. It’s also persistent, meaning it stays with the document as it travels from app to app.

Here’s one example of using a sensitivity label to secure content:

Say that you wanted to ensure that any email sent containing R&D department information was properly secured.

You could create a sensitivity label named, “R&D” and then attach a policy that will encrypt any email or document with that label, add a watermark, and restrict copying.

If your team had to do that by hand for each email or document, it would be a big drag on productivity, but by using sensitivity labels, the process can be automated.

Here’s how the systems works and how you can use it to protect your documents.

Apps That Can Use Sensitivity Labels

Sensitivity labels can be applied to any Word, Excel, or PowerPoint document or to an Outlook email.

They will “stick” to the document and the security policies will be applied as it travels through other Microsoft Office programs. 

Using Microsoft Cloud App Security, companies can have sensitivity labels work with other 3rd party platforms as well (e.g. Salesforce).

How Are the Labels Classified?

You have full control over how you create and classify your sensitivity labels. You can use a simple format like:

  • Public
  • Internal
  • Confidential

Or get more detailed and include labels for various departments.  The system also allows you to create sublabels. 

For each label, you create a specific set of policies that you want to be applied to any document with that label.

What Can Sensitivity Labels Do?

There are a wide range of policies that you can put in place on documents and emails using sensitivity labels. You can also apply more than one policy.

  • Add encryption
  • Add a watermark
  • Track document use
  • Set time limits for when content is readable
  • Protect content in containers (like SharePoint sites and MS365 groups)
  • Restrict document access
  • Restrict actions like edit, save, print, copy

How Are Sensitivity Labels Applied?

Sensitivity labels can be applied in a number of ways, both manually and automatically.

  • By the User: Users can use the dropdown menu in any of the Office programs to apply a sensitivity label to a document or email. They can also access a help page with labeling guidance if set up by the admin.
  • By Default: You can have a sensitivity label applied to all documents by default to ensure they have a standard document security applied. This label can then be changed as needed.
  • By an Administrator: A system administrator can edit sensitivity labels. For example, ones that a user may have changed without proper justification or if they need to increase security from a default setting.
  • Automatically Based on Content: You can set up the system to look for specific keywords in documents and then based on those keywords an appropriate sensitivity label can be applied automatically when a document is created and saved.

Additional protections that you can use with sensitivity labels that can increase your document security are:

  • Requiring all users to apply a sensitivity label to documents (so none are left unprotected)
  • Requiring a user provide justification for any changes to a document’s sensitivity label

Learn How to Automate Your Document Protection 

Document security doesn’t have to be time consuming if you put automated processes in place that handle the heavy lifting for you. Our cybersecurity team at Haxxess can help you stay protected and productive at the same time. 

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.