Recommended Security Protocols for Confidential Content in SharePoint Online

SharePoint is one of the most popular platforms for collaborative working and sharing content. Most organizations utilize this platform to empower teamwork, quickly find information, and widely unite their team on-premises or in the cloud. Klarinet understands that some information on SharePoint should be considered highly confidential content and recommends the following security protocols:

  1. Delegate an internal IT resource, such as an Information Security Coordinator (ISC).
  2. Work with the Leadership Team and have the internal IT resource in charge of creating and maintaining a list of sites containing highly confidential information.
  3. IT security resource shall conduct regularly scheduled security audits of the highly confidential SharePoint Online sites. Consider, at minimum, quarterly audits, preferably monthly.
  4. Leverage Alert Policies in the Office 365 Security & Compliance Center. Klarinet has already created Alerts to notify clients when a new Site Administrator is added and when permissions are changed on two of the highly confidential sites (see screenshots below).

Other recommendations:

  1. Leverage Information Rights Management for highly confidential documents. Information Rights Management (IRM) helps to control and protect digital documents by limiting the actions that users can take on documents that have been downloaded from SharePoint Online or OneDrive for Business document libraries and lists. IRM encrypts the downloaded files and limits the set of users and programs that are allowed to decrypt these files, as well as restricts the rights of the users who are allowed to read files so that they cannot take actions such as print copies of the files or copy text from them.
  2. Password Protect and Encrypt documents which contain the most highly confidential information. This is a feature included in both Office documents (Word/Excel/PowerPoint) as well as Adobe PDF documents.
  3. Security Alerts can also be created whenever someone accesses specific documents.
  4. Klarinet is available as a training resource for clients’ IT teams for the Security & Compliance Center in Office 365.

We encourage organizations to implement an organizational SharePoint strategy to protect their infrastructure assets from internal and external attacks. However, keeping your SharePoint environment secure requires commitment, planning, and transparency between IT and end-users. In this article, our recommended security protocols for highly confidential content in SharePoint Online seeks to help you improve your SharePoint security and alleviate the stress of managing sensitive information.

Do you need help putting SharePoint security measures?

We are here for you, reach out to us at 866.211.8191 or book a product demo here. Klarinet Solutions specializes in optimizing your SharePoint Online, implementing policies to secure your data, and developing a streamlined process that supports business objectives.

Leave a Reply