Data Protection

On the SMTP > Data Protection tab, the Data Protection feature allows you to reduce accidental data loss from workstations by monitoring and restricting the transfer of files containing sensitive data. Accidental data loss is commonly caused by employees mishandling sensitive data. For example, a user sends a file containing sensitive data home via email (SMTP). Data Protection scans outgoing emails including subject line, message body and attachments for sensitive or confidential information. Based on the outcome, the email can be encrypted using SPX encryption, or the email can be rejected or sent.

To configure Data Protection, define the settings in the following sections. As long as no Sophos content control rule is selected, and no custom rule is defined, the feature is disabled.

Data Protection Policy

Scan within attachments: If selected, attachments will be scanned for sensitive data, additionally to the message itself. The SAVI engine, which is used for this scan, scans a large variety of files types dependent on the current database.

Action on rule match: Select how to handle an email if the policy is triggered:

Blackhole: An email that matches the policy will not be sent.

Send with SPX encryption: An email that triggers the policy will automatically be sent SPX encrypted (see Email Protection > SPX Encryption tab). If SMTP is used in Simple Mode, the SPX Template selected on the SMTP > Global tab will be used for SPX encryption. If SMTP is used in Profile Mode, the SPX template used depends on the SMTP profile the sender's domain is assigned to (see SMTP Profiles tab). If the sender's domain is not assigned to any profile, the default template selected on the SMTP > Global tab will be used.

Allow: An email that triggers the policy will be sent nevertheless.

On match, notify: Select one or more of the following recipients who should be notified in case the policy matches:

The notification email can be customized on the Management > Customization > Email Messages tab.

Click Apply to save your settings.

Sophos Content Control Lists Rules

A Content Control List (CCLClosed) is a set of conditions that describe structured file content. CCLs help identifying confidential, malicious or inappropriate email content sent or received by your organization. A CCL may describe a single type of data (for example, a postal address or social security number), or a combination of data types (for example, a project name near the term "confidential"). Based on the policy and the selected Content Control Lists rule you can notify someone if a rule matches.

SophosLabs CCLs provide expert definitions for common financial and personally identifiable data types, for example, credit card numbers, social security numbers, postal addresses, or email addresses. Advanced techniques, such as checksums, are used in SophosLabs Content Control Lists to increase the accuracy of sensitive data detection.

Type: Select an entry from the drop-down list to reduce the number of displayed rules accordingly.

Region: Select an entry from the drop-down list to reduce the number of displayed rules accordingly.

Show selected only: If enabled, only selected rules will be displayed in the list.

Rules: Select the rules you want to use for the Data Protection feature. Hovering the cursor on an entry, a tool-tip with additional information concerning the rule appears.

Click Apply to save your settings.

Custom Rules

Custom expression: Enter expressions that you want to use for the Data Protection feature, in addition to the rules selected above. You can add regular expressions.

Cross Reference – For detailed information on using regular expressions here, see the Sophos Knowledge Base.

Click Apply to save your settings.

Related Topics Link IconRelated Topics