Email Data Protection Service Best Practices

book

Article ID: 179084

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

 

Resolution

The Email Data Protection service enables you to control the flow of email content for your inbound and outbound email. The polices that you define for Email Data Protection assist in monitoring and controlling your company's acceptable use policy. You can use our predefined policy templates as a starting point, to address specific regulatory requirements.

The following best practices will help you to craft policies that will enable you to take full advantage of the service.

  • Aim to make each policy as simple and precise as possible. If you wish to filter for content that has multiple parameters, it is advised that you create separate policies. This makes it easier to troubleshoot issues later on without disrupting the functionality of a single complex policy.
  • Plan to activate policies outside of business hours if it will be affecting multiple groups or a large number of users.
  • Endeavor to test policies on groups or users prior to applying them globally.
  • When using templates, update each field to ensure that the policy is detecting the specific content you desire.
  • Please be aware that an administrator email address bypasses the Email Data Protection scans. Data Protection policies will not apply to any email address that is designated as an administrator in any Data Protection policy. This is by design and therefore there is no workaround available.
  • Be sure to take propagation time into consideration when making changes to policies. All changes in Data Protection require approximately 1 hour to take effect.
  • Take special care when creating regular expressions as regular expression that you create may not perform exactly as you expect. We do not troubleshoot poorly performing regular expressions. However, you can submit a request for us to create a regular expression that meets a specific requirement. This can be requested by contacting Support.
  • We recommend that initially you set up four policies to log various aspects of content within emails, as follows:
  1. Log inbound emails over 2 MB
  2. Log outbound profanities
  3. Block inbound emails over 10 MB
  4. Log audio and video files inbound and outbound

Once you are familiar with the kinds of emails that are detected, you can feel more confident in blocking some and redirecting others. The following are some common policies. But every organization is different. We recommend that you do not set up these example rules without understanding the requirements of your business. You can then align your email security policy with these requirements.

 

Table: Common Email Data Protection Policies

                        Policy

                                                                                       Description

 

Block emails over 25 MB

Reduces the size of emails coming into the organization to save bandwidth. All emails over 25 MB can be blocked and deleted. You can send notifications to all parties.

 

Redirect emails to/from suspicious domains

Monitors emails coming from or going out to competitors' domains, restricting the passing on of intellectual property and poaching of employees.

 

Monitor profanity outbound

Protects the organization's brand and reputation. For example, you can prevent an employee from sending out an email containing slander to a friend.

 

Redirect encrypted or password-protected mail

Enables you to monitor and control who sends and receives encrypted or password-protected messages.

 

Compress emails of between 10 MB and 25 MB

Reduces the bandwidth that is taken up by large messages coming into the organization.

See About Email Data Protection

See About policies and Email Data Protection

See Creating an Email Data Protection policy - process overview