If you ask to borrow my car and while it's in your possession the car is stolen, who is at fault? Obviously it's you, because when I gave you the keys it came with the reasonable expectation that you would take care of it. (yes insurance may cover the cost but the moral question is if you become responsible for the car while it is under your care)
Now let's replace car with data. If I give you my credit card number to pay a bill, and somebody steals the number from you, who is at fault? Same answer, you. It's one thing to have procedures in place for how you store information like credit card numbers, but how do you make sure people in your organization abide by the rules and don't inadvertently, or on purpose, share or transmit that sensitive data? There is so much information flying around your network in the form of documents, emails and chat messages, how could you possibly make sure the information given to you by your customers is kept safe? The Microsoft 365 compliance centre has a great feature called Data Loss Protection or DLP. It is an easy to configure tool which monitors all documents, inbound and outbound emails and chat messages for any data you declare might be sensitive. Like social insurance numbers, credit card numbers, and banking information just to name a few. For example, in our organization anytime an email is sent or received which contains what might look like a bank account number or a transit number, it is flagged for me to review. This is to make sure that we don't accidentally send a payment to a Vendor we're not supposed to. You have probably heard the many news stories where companies have been tricked into sending payments to the wrong Vendor as part of a financial scam. This is almost always done through social engineering and has nothing to do with technology being hacked. To prevent this type of situation you need to educate your staff to make sure they are sending payments to the right people, and you need a layer of auditing with the Data Loss Protection service, to double check you're not paying the wrong vendor. You have a legal and moral obligation to protect the data you store on your computer systems. With the Data Loss Protection service, you not only support that obligation but also provide another later of protection for possible financial fraud. For a very small amount of money, it just makes sense to take advantage of the tools and protections made available to you. If you want to learn more about the Microsoft 365 compliance centre or Data Loss Protection service, drop us an email, but remember… don't email us your credit card number.