Data Loss Prevention Measures to begin March 18
On Friday, March 18, IT Services will begin implementing an initial data loss prevention (DLP) strategy that examines email messages and files across Microsoft 365 (i.e., Teams, Outlook, SharePoint, etc.) for sensitive information, such as a credit card number, student or social security number, to help prevent the unintentional or accidental sharing of sensitive data.
"DLP is enforced from alerts, encryption and other protective actions to prevent users from accidentally or maliciously sharing data that could put the university at risk," Stephen Tycer, chief information security officer, said. "This is the first step in ensuring our campus users do not transmit or receive restricted, highly sensitive or sensitive (internal) data without proper authorization or controls, such as encryption."
Sensitive data should be securely encrypted when on the device and during transmission. If users attempt to send a message containing sensitive information, a notification will appear with a suggestion to encrypt the message. If a message contains a large quantity of sensitive information (e.g., a list of Social Security numbers), it may be blocked completely.
Students, faculty and staff who work with sensitive information need to stay compliant with university data, management and use policies. According to the university's data classification policy, some examples of sensitive data include, but are not limited to:
-
Student records;
-
University IDs;
-
Social Security numbers;
-
Medical record numbers;
-
Health plan beneficiary numbers;
-
Banking information;
-
Benefits, health, retirement or payroll information; and
-
Vehicle identifiers and serial numbers, including license plate numbers.
If you receive a notification that your email or attachment is blocked, send an email to security@uark.edu, or contact the IT Help Desk.
Contacts
Rachel Gerner, project/program specialist
University Information Technology Services
479-387-3824, rgerner@uark.edu