Enabling data loss prevention policies

In addition to creating and enabling policies that protect your email system from email threats, you can enable DLP policies that can detect the presence of sensitive data in your organization’s email and execute appropriate actions to prevent data loss. You can use DLP policies for inbound, outbound, and internal email.

Configure email DLP policies in the Data Security module of the Forcepoint Security Manager (Main > Policy Management > DLP Policies > Manage Policies). A new policy wizard provides the steps for creating a new email DLP policy. See Forcepoint DLP Administrator Help for detailed information.

It is recommended to create a DLP policy in the Data Security module to use message encryption. Ensure that the policy has an action plan of “encrypt.” See Handling encrypted messages for information about email encryption options.

You can also create filter actions for use in a DLP action plan. See Creating and configuring a filter action for information about configuring a DLP filter action.

Data loss prevention policies are enabled by default in the Email Security module. However, the Email Security module must be registered with the Data Security module before the policies are applied to email. See Registering the DLP Module for instructions on how to register with the Data Security module.

Steps

  1. From the section Inbound, Outbound, or Internal on the page Main > Policy Management > Policies, click Data Loss Protection.
    The Edit Policy page displays.
  2. On the page Edit Policy, set the following options:
    • Status: Enabled or Disabled. Enable or disable the DLP policy. Data loss prevention policies are enabled by default.
    • Mode: Monitor or Enforce. Select Monitor to enable the data loss prevention function to simply monitor your email, and select Enforce to apply DLP policies to your email.
    • Notification: Add a notification to a message when an email attachment to that message has been dropped as a result of a DLP policy.
      1. Enable notifications; mark the check box Send notification when a message attachment is dropped.
      2. In the text field, enter the notification message text.
      3. Select whether the notification text appears above or below the message body of the mail whose attachment was dropped.
        Note: A message that triggers a DLP policy whose action is Quarantine is isolated in the Data Security module quarantine queue, not in an Email Security module queue. The message can be released for delivery by the Data Security module.
  3. Click OK.
    The settings are saved.