Skip to Main Content

Data Loss Prevention

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside an organization's network. DLP products use business rules to classify and protect confidential and critical information so that users do not accidentally or maliciously share data whose disclosure could put the organization or individual at risk.

 

Beginning Friday February 1, 2019, all email that contains sensitive information will be automatically encrypted.  The sender will receive an Outlook tip and a message when an email is sent that contains sensitive information. Sensitive data should be redacted from email whenever possible, but UNF now supports this new protection allowing it to be sent securely when no alternative exists.  Faculty and staff can still manually encrypt any email by following the email encryption section below. 

 

Example sensitive data matches include but are not limited to:

  • Social Security Number (SSN)
  • Credit Card Number
  • Bank routing information (Account/Routing Numbers)
  • Drivers license or passport number
  • Other Personally Identifiable Information (PII)

See UNF's Data Classification Policy for more information.  

If you have any questions about DLP, please submit a ticket to the help desk at helpdesk@unf.edu or (904) 620-4357.

Best Practices

  • Do not forward email you receive that contains sensitive information.  If it is required to do so, redact the sensitive information before replying. 
  • Seek alternate means of transmitting the sensitive data. (secure web applications, phone, etc.)
  • Become familiar with UNF's Data Classification Policy.
  • See IT Security’s best practices website for more information.

Example Messages 

Before sending an email, user tips will be displayed in Outlook when sensitive data is found in a draft email.  This is to warn the user of the potential sensitive information found in the current draft email. 

 

 DLP Tip Auto Encrypt

 

If you send an email to an external mailbox (not @unf.edu) that contains sensitive information, you will receive a notification from the system warning you about the content found in the email.  This includes any attachments. The notification will contain the email you sent as an attachment and the type of sensitive information that was found in the email.


 DLP Notification

 

The email will still be sent with encryption and the recipient of the email will get an email notifying them of the secure message.


DLP-Protect-ReceivedMessage


Email Encryption

 

UNF email now supports email encryption.  The encryption feature can be found in both the Outlook web client and the latest version of Outlook Click to run for desktop.

 

When creating a new message, you will see a button at the top named, "Protect".  Clicking this button will bring up the following notification that sets the email to "Do Not Forward". 

 

DLP-Protect-Default-New

 

Clicking the "Change Permissions" button in the notification will allow you to turn on encryption for that email by selecting the "Encrypt" option. Please note that if the email contains sensitive information as noted above, you will still need to override the DLP block and provide a business justification including a note that you encrypted the email.

 

DLP-Protect-Options

 

In Outlook for desktop, when drafting a message you will see the option to encrypt found under the Options menu after dropping down the Permission button. Ensure to not use the Encrypt button found next to the permission drop down as this is a feature that is not supported at UNF.

OutlookDesktopEncrypt

 

 

The receivers of the email are the only recipients that can open and read the message after authenticating. An example of a received message can be seen below. 

 

DLP-Protect-ReceivedMessage