1: Assess
Managing compliance is c.o.m.p.l.i.c.a.t.e.d. You have to operate under multiple varying standards, shift your regulatory landscape and take note of variations by both industry and country.

Get this – 47 percent of executives were unsure of what data standards their organizations had to comply with. That shows just how detailed this process is.

But you can simplify this journey with ongoing risk assessments, actionable insights, and streamlined compliance workflow.

Microsoft offers a Compliance Manager that can help with all of those things. You’ll want a Compliance Score, something that reflects your overall compliance across different platforms. For example, the responsibility you have when your IT is on the premises vs. the responsibility you have over data in the Cloud. The Compliance Manager will also give you a step-by-step guide to help you improve your business’ data protection capabilities.

2: Protect
You can’t protect something without knowing where it is. So before you can guard your sensitive data, you need to know where it resides, where it travels, and which portions of your data are going where. Classify, label, locate > PROTECT.

Easier said than done. In the modern workplace, corporate data has few travel limits. Something exacerbated by something that also helps us: the increase of mobility and cloud services.

So with data out there in so many places, you’re going to want a single, simple interface to help you keep track of it all. Microsoft 365.

3: Respond
It sounds reactive, but it’s proactive. And we don’t mean responding to a breach. We mean responding to all of the other requests that happen before you get to that point.

What we mean by this, is responding to the routine AI maintenance requests. This helps you pinpoint your most relevant data – so you can reduce the amount of data you need to review.

Microsoft 365 has a rich, built-in, platform-wide tool to help you search and discover your most important data. The biggest thing this helps with: since it’s interface-wide, you don’t have to continuously copy your data to other spots, which can pose another threat and violate your compliance demands. This helps you reduce risk, reduce cost, and review and annotate before you officially export/send your data off.

The post How to achieve a forward-thinking compliance strategy: Three steps appeared first on 6th Street Consulting.

How important is it to *plan for a security breach?

• You don’t want your first time fighting a security breach to be when it’s actually happening when you’re under stress and everything is on the line.
• Several things need to be planned in advance. How do you know a breach is actually happening? Who are the first people who need to be made aware? What’s the proper triage response?

When do you spread the news about an attack? And how do you do it?

• Compare a ransomware attack to a police investigation. Not all of the information is known right away. If you say too much about what’s happening, and to the wrong people, it could do more harm than good.
• Be transparent and clear to the people who DO need to know.
• “Don’t say anything you wouldn’t stake your job on, because you might have to.”
• Find the balance. Divulge information that could help customers who may be impacted by the breach.

A real-world example of what to do during a breach?

• Under Armour: My Fitness Pal phone app was hacked, hitting 150 million users. Passwords were stolen. The company stood with corporate values – they wanted to be transparent. Responded to breach in four days. Under Armour stayed focused on the customer, and coordinated quickly internally. The well-oiled decision-making process allowed them to respond so quickly with minimal collateral damage.

What can companies proactively put in place to help mitigate a cyberattack?

• Breaking attacks down into categories related to severity, and giving your company the ability to see what those attacks look like. That way, they’re easier to spot – AND the decision-making process is expedited.
• Make sure you have visibility into your network, so you can see who is doing what where, why and how. And don’t forget about your remote partners when it comes to this point.

The post Pros Explain How To Recover From A Security Breach appeared first on 6th Street Consulting.

Data Loss Prevention (DLP) capabilities protect your data where it is stored, when it is moved, and when it is shared. These protection features are currently offered in Exchange, Outlook and Outlook on the web, but are now being extended to OneDrive for Business and SharePoint Online, offering broader protection of your data wherever it lives.

IT admins will see new controls in your Office 365 Compliance Center, allowing you to easily set up DLP policies for SharePoint Online and OneDrive for Business. IT admins also can configure their policy tips so that users can interact with the pertinent policy, for example, providing a business justification to override the policy or reporting a false positive.

New features will be rolled out over the coming months, but below are some of the key features that are available now.

• Create automated policies with any of the available built-in sensitive information
• Detect external sharing and apply appropriate actions
• Cope DLP policies to specific SharePoint or OneDrive sites
• Policies based on document properties (metadata)
• Block or restrict access to the sensitive content
• Customizable Policy tips and user notifications via policy tip and email
• Admin-facing Incident reports and reporting

To learn more about DLP in SharePoint and OneDrive for Business, below is a comprehensive overview of the information protection of how DLP helps protect against data loss.

As sharing and collaboration evolve across applications and devices, DLP is in place to help protect your data, with the goal of protecting information from when documents are initially created to when they are stored or shared.

The post Data Loss Prevention in SharePoint Online and OneDrive for Business appeared first on 6th Street Consulting.