Open

What is Data Loss Prevention (DLP)?

Data loss prevention is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It can help your organization monitor and protect sensitive information across on-premise systems, cloud-based locations, and endpoint devices. It also allows the Data Center to achieve compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).

Why is DLP important? What are the consequences of a DLP leak?

• A data loss prevention strategy is vital to secure your data, protect intellectual property and stay compliant with regulations. DLP systems ensure that confidential/classified data is not lost, mishandled or accessed by unauthorized users.

• Data loss can be devastating for businesses of all sizes. The harsh truth is that no company is immune to data loss. 2021 estimates show a business will fall victim to a cyberattack every 11 seconds. External threats are not the only cause for concern for companies. The Verizon 2021 Data Breach Investigations Report revealed that more than 20% of security incidents involved insiders.

• Data loss can impact the financial health of your business. As indicated by the IBM Cost of a Data Breach Report 2021, global average data breach costs rose from $3.86 million to $4.24 million in 2021. Apart from financial losses, data loss can result in loss of productivity, revenue and clients. It can also damage a company or agency’s reputation — a long-term negative impact of data loss.

Data Classification - Sensitive Information Types (SITs)

The FCDC DLP program now has policies in place for SIT’s that are being leaked. These policies are for the following SITs:

1. Credit Card Numbers

2. US Bank Account Numbers

3. ABA Routing Numbers

4. US Tax ID Numbers

5. US Social Security Numbers

6. US Passport Information

7. US Driver’s License Numbers

8. US Health Insurance Act Information

What happens if I send Sensitive Information Types (SITs)?

If any one of the 8 SITs are identified when sharing an email through Outlook or Webmail, then a Policy Tip prompts the individual to share that information via Globalscape. Although, when using Mobile email, if any one of the 8 SITs are identified, then a bounce back email will come through referencing usage of Globalscape through a desktop solution like Outlook or Webmail.

There are three different methods to send emails, which include the following:

1. Outlook Desktop - Gets Policy Tips and recommends sharing information via Globalscape

2. Outlook Webmail - Gets Policy Tips and recommends sharing information via Globalscape

3. Outlook Mobile - No Policy Tips at this time (receives bounce back email)

Outlook Desktop

Emails will be sent as usual unless one or more Sensitive Information Types (SITs) are found in the email. In that case, the user will receive a pop-up from Policy Tips about the Policy being enforced. This will only happen when trying to send an email to an entity outside of franklincountyohio.gov.

Open

Example: A test Social Security number has been included in the image.
The ‘To' address was internal, while the 'Cc’ address belongs to an external entity. This alert is specifically designed to activate when SITs are attempted to be transmitted to external email addresses.

Outlook Webmail

Outlook Webmail works the same way as Outlook Desktop. Please note that the Policy Tips are slower than Outlook Desktop, so please take this into consideration.

Emails will be sent as usual unless one or more Sensitive Information Types (SITs) are found in the email. In that case, the user will receive a pop-up from Policy Tips about the Policy being enforced. This will only happen when trying to send an email to an entity outside of http://franklincountyohio.gov .

Open

The ‘To' address was internal, while the 'Cc’ address belongs to an external entity. This alert is specifically designed to activate when SITs are attempted to be transmitted to external email addresses.

Outlook Mobile

Policy Tips are not supported by Microsoft currently on a mobile platform. An immediate bounce back email will be received to notify of the Sensitive Information Type (SIT) triggered event.

Open

Example: Clicking on the email link will open the original email for verification of the
Sensitive Information Type (SIT).

Globalscape

Globalscape is a way to send information over encrypted email to securely transfer files from one party to another. It is a method of Data Loss Prevention (DLP) in Franklin County. This is a secure way of sending information to agencies inside or outside of Franklin County. Examples include:

• Personally Identifiable Information (PII)

• Protected Health Information (PHI)

• Payment Card Industry (PCI)

• Technical Information such as IPs, Certificates, etc.

How does a user send information in Globalscape?

1. Navigate to the Globalscape website.

2. Enter your Franklin County domain credentials along with your password

Open

Example: Login page via Globalscape.

Account Issues

If having issues logging in, please contact the Help Desk at 614-525-3282 or at https://franklincountyohio.atlassian.net/servicedesk/customer/portals

How to Send Files

Open

Upon logging into Globalscape, click the Send Files button in the top of the screen.

Open

The user enters information accordingly, such as a Subject, Message Body, and also has the ability to Upload documents to the secured file transfer system. Simply click on the Send button when ready.

Open

A blue checkmark appears when the user has successfully sent a secure email.

What will the recipient(s) see when they receive a Secure Email?

The user will receive a notification from Globalscape similar to the below image that states:

A confidential message and one or more files have been sent to you.
Visit the Workspace to retrieve files.
You may be prompted to register an account if authentication is required.
This link will expire on MM/DD/YYYY HH:MM:SS AM/PM

Globalscape is a way to send information over encrypted email to securely transfer files from one party to another. It is a method of Data Loss Prevention (DLP) in Franklin County. This is a secure way of sending information to agencies inside or outside of Franklin County. Examples include:
Personally Identifiable Information (PII)
Protected Health Information (PHI)
Payment Card Industry (PCI)
Technical Information such as IPs, Certificates, etc.
For more information about these steps, please visit: Data Loss Prevention (DLP) & Globalscape 

Open

Automated Globalscape Email where the user can access files and information.

Please note the following:

• The user will receive a confidential email where they can visit a workspace link to retrieve the files.

• You may be prompted to register an account if authentication is required.

• The link will expire on first use.

• A new browser screen will open and this is where the recipient can download the data and/or reply back to you regarding the Secure Email.

Open

To download the attached file(s), simply click on the file(s) or click the Download All button.
After, the recipient can simply click on their account in the top right and then click on Log Out to close the page within the browser.