×

Data Loss Prevention

Overview

ITS is implementing Data Loss Prevention (DLP) to protect data and build awareness about information security at Loyola. Data loss prevention is a way for the University to monitor, identify, and reduce the accidental release of sensitive information found in emails and Office 365 files. For examples of Loyola sensitive and protected data, see the Data Classification policy.

Data Loss Prevention will help classify and protect MS Office 365 documents and Outlook emails by applying sensitivity labels. In Office 365, a label is associated to a document and then stored as a sensitivity property on it. Once saved, DLP classification labels will remain with the document, whether shared internally or externally.

Benefits

  • Ensures that data is managed in a uniform manner across the University.
  • Warns users about disclosing confidential data outside the University.
  • Monitors the usage of and secures data according to the Loyola Data Classification Policy.

Getting Started

  • DLP Overview Video: an overview of the benefits of DLP.
  • DLP Application Uses Video: step-by-step visual instructions for applying DLP.
  • For personal devices, install the DLP client (Note: the DLP client cannot distinguish between personal and work-related files. Inspection according to the defined DLP rules may take place for any supported document that is opened on the machine. Sensitivity labeling functionality is now also built into the Microsoft 365 versions of Office applications, even without the DLP client installed.)
    1. Navigate to https://www.microsoft.com/en-us/download/details.aspx?id=53018. (Note: the DLP client is unavailable for macOS)
    2. Download and save the file "PurviewInfoProtection.exe".
    3. Open this file and follow the prompts to install the software.
  • Loyola Secure Transfer is recommended if there is a business need to transmit Loyola Protected Data to a 3rd party.

Data Loss Prevention and Email Forwarding

Forwarding Rules

When a user sets up a forwarding rule to an outside email account, DLP changes the behavior of the forwarding rule when protected information is received by the Loyola mailbox that has the rule.

When the email containing protected information is received, the forwarding rule will attempt to send the email to the outside provider, but the DLP rule will apply and the email will remain in the Loyola mailbox and will not forward. The Loyola mailbox will then send the DLP warning message that it attempted to send protected information to the forwarded email.

The recipient will need to log in to their Loyola email to retrieve the message.

Email Redirect

When a user sets up a redirect rule to an outside email account, DLP changes the behavior of the redirect rule when protected information is received by the Loyola mailbox that has the rule.

When the email containing protected information is received, the redirect rule will attempt to send the email to the outside provider, but the DLP rule will apply and the email will remain in the Loyola mailbox and will not be redirected. The Loyola mailbox will then send the DLP warning message that it attempted to send protected information to the person that originally sent the message.

The recipient will need to log in to their Loyola email to retrieve the message but will not receive any notification that they received and email with protected information.

ITS recommends daily use of your Loyola email account for official communication. If forwarding is still necessary, it is recommended that forwarding be used rather than a redirect.

Information Sessions

Information Sessions were held in April and May and are now complete. Click HERE for the Information Session PowerPoint.

Have an issue or concern?

Contact the ITS Service Desk by logging an incident, via email at ITSServiceDesk@luc.edu, or via phone at 773-508-4487.

Last Modified:   Tue, June 11, 2024 4:19 PM CDT

Overview

ITS is implementing Data Loss Prevention (DLP) to protect data and build awareness about information security at Loyola. Data loss prevention is a way for the University to monitor, identify, and reduce the accidental release of sensitive information found in emails and Office 365 files. For examples of Loyola sensitive and protected data, see the Data Classification policy.

Data Loss Prevention will help classify and protect MS Office 365 documents and Outlook emails by applying sensitivity labels. In Office 365, a label is associated to a document and then stored as a sensitivity property on it. Once saved, DLP classification labels will remain with the document, whether shared internally or externally.

Benefits

  • Ensures that data is managed in a uniform manner across the University.
  • Warns users about disclosing confidential data outside the University.
  • Monitors the usage of and secures data according to the Loyola Data Classification Policy.

Getting Started

  • DLP Overview Video: an overview of the benefits of DLP.
  • DLP Application Uses Video: step-by-step visual instructions for applying DLP.
  • For personal devices, install the DLP client (Note: the DLP client cannot distinguish between personal and work-related files. Inspection according to the defined DLP rules may take place for any supported document that is opened on the machine. Sensitivity labeling functionality is now also built into the Microsoft 365 versions of Office applications, even without the DLP client installed.)
    1. Navigate to https://www.microsoft.com/en-us/download/details.aspx?id=53018. (Note: the DLP client is unavailable for macOS)
    2. Download and save the file "PurviewInfoProtection.exe".
    3. Open this file and follow the prompts to install the software.
  • Loyola Secure Transfer is recommended if there is a business need to transmit Loyola Protected Data to a 3rd party.

Data Loss Prevention and Email Forwarding

Forwarding Rules

When a user sets up a forwarding rule to an outside email account, DLP changes the behavior of the forwarding rule when protected information is received by the Loyola mailbox that has the rule.

When the email containing protected information is received, the forwarding rule will attempt to send the email to the outside provider, but the DLP rule will apply and the email will remain in the Loyola mailbox and will not forward. The Loyola mailbox will then send the DLP warning message that it attempted to send protected information to the forwarded email.

The recipient will need to log in to their Loyola email to retrieve the message.

Email Redirect

When a user sets up a redirect rule to an outside email account, DLP changes the behavior of the redirect rule when protected information is received by the Loyola mailbox that has the rule.

When the email containing protected information is received, the redirect rule will attempt to send the email to the outside provider, but the DLP rule will apply and the email will remain in the Loyola mailbox and will not be redirected. The Loyola mailbox will then send the DLP warning message that it attempted to send protected information to the person that originally sent the message.

The recipient will need to log in to their Loyola email to retrieve the message but will not receive any notification that they received and email with protected information.

ITS recommends daily use of your Loyola email account for official communication. If forwarding is still necessary, it is recommended that forwarding be used rather than a redirect.

Information Sessions

Information Sessions were held in April and May and are now complete. Click HERE for the Information Session PowerPoint.

Have an issue or concern?

Contact the ITS Service Desk by logging an incident, via email at ITSServiceDesk@luc.edu, or via phone at 773-508-4487.