Configuring a download encrypt action
When applying a download encrypt DLP policy on file(s), the file(s) are encrypted upon download and requires users to provide a password to access the files. The password used is unique to each user.
Setup Encryption Password
Users are issued a default password when they are added to Forcepoint ONE SSE initially. However, they can choose to change their encryption password if they wish.
- Have the user login to the Forcepoint ONE SSE portal then they can select their
username in the top right corner and go to Edit Profile.
- On the Profile page, they should see a File Encryption field near the bottom.
- Change Password: Allows users to change their password which will be used for any downloaded files that are encrypted moving forward.
- Password History: Allows users to view their prior password history if they had previously downloaded a file under an older password and can no longer open it.
Accessing Encrypted Files
With an encrypt policy being set, files matching the policies will be encrypted upon the download request and prompt the user for a password.
- Navigate to the cloud app and attempt to download the file.
- Notice that the file has been downloaded as a zip file containing the original document (password protected) and a text document titled "Security Message" alerting the user of the sensitive
content of the file and instructing them to enter their configured password.
The "Security Message" will inform the user of the sensitive content in the file and alert them to use the password from the date the file was downloaded. It will also direct them to the portal if they need to find a prior password.
If accessing through ActiveSync the message will present a link to the portal to discover their password that they can copy and paste. Otherwise if users are accessing through the web they will need to navigate to the portal themselves or copy the link from the security message and paste it into the browser to access their password. - When they attempt to open the file they will be prompted for the password configured in the portal.