Lock Down Company Email with Gmail Data Loss Prevention
Google gave Google Apps Unlimited users a huge gift for the holidays at the end of 2015 – Gmail Data Loss Prevention (DLP). This set of Gmail security features allows companies to keep a tight grip on sensitive information like credit card numbers, patient information, and anything else that you wouldn’t want leaking out to the wrong person, either internally or externally.
Gmail DLP also makes it easier for companies in the healthcare sector to keep in compliance with HIPAA, which Google Apps already does, but Gmail DLP makes it easy to keep up with HIPAA’s rules for privacy in emails.
How Does Gmail DLP Work?
Gmail DLP lets you set up policies on emails with a library of predefined content detectors. For example, you can select something like “salary information” and set a policy that emails are only to go to single recipients. This means that if someone hits “Reply All” on an email containing sensitive salary information, the email will be stopped by your Gmail DLP policy.
These policies can be applied by department and other organizational units, so you can set policies where outgoing emails from your customer service department are stopped if they contain credit card numbers or social security numbers, but are allowed if they are being communicated internally within your organization between certain departments. For example, an email containing a customer’s social security number wouldn’t be allowed to be sent to an external email address, but would be allowed if being sent to data processing from the customer service department. The Gmail DLP rules don’t just apply to emails, but also attachments such as .doc and .pdf files with machine readable text.
In short, you can set up any rules based on the available content identifiers. Google is expanding its content identifiers, and if one you want is not present, you can file a support request and ask for it. Once an email is flagged by Gmail DLP, the email will be stopped and three actions can possibly be taken at that point; modify the message before it is sent, quarantine the message so a manager can review it, or reject it with a note to the sender as to why it was rejected.
Setting Up Gmail DLP
Simply select “DLP rules” in your administrative panel under. From there, you can specify rules, who they apply to, and the action that is taken when emails are flagged. Note that this feature is only available to Google Apps Unlimited users, so you’ll need to upgrade if you aren’t on Unlimited.
For more on Gmail DLP and how to set it up, see Google’s whitepaper.
If your organization isn’t yet a Google Apps Unlimited client, consider upgrading to take advantage of this extremely useful security feature. If you aren’t yet a Google Apps business, contact us to find out how easy it is to become one.