Recommended settings
When setting up your data control policy, consider the following:
- Use the Allow file transfer and log event action to detect but not block controlled data. Initially defining a report only policy enables you to gain a better view of data use across your network.
- Use the Allow transfer on acceptance by user and log event action to alert users about the risks of transferring documents that potentially contain sensitive data. This approach can reduce the risk of data loss without a significant impact on IT operations.
- Use the "quantity" setting within content rules to
configure the volume of sensitive data you want to find before a rule is triggered.
For example, a rule that is configured to look for one postal address within a
document will generate more data control events than a rule looking for 50 or more
addresses.Note Sophos provides default quantity settings for each Content Control List.
- Use the data control Event Viewer to quickly filter events for investigation. All data control events and actions are logged centrally in Sophos Enterprise Console. You can access the Event Viewer by clicking .
- Use the Report Manager to create trend reports on data control events by rules, computers, or users.
- Use the custom desktop messaging options to provide users with additional guidance when an action is triggered. For example, you could provide a link to your company's data security policy.
- Use the verbose logging mode to gather additional
detail on the accuracy of data control rules. Once the evaluation of these rules is
complete, disable verbose logging.Note Verbose logging must be activated on each computer. All data generated is stored in the computer's local data control log. When the verbose logging mode is active, all strings contained in each file that match the data specified in a rule are logged. The additional detail within the log can be used to identify phrases or strings within a document that triggered a data control event.