Axa Assurance Maroc - Insurer Innovation Award 2024
Securing Your Business Information - Template from Microsoft
1. Work Smart by Microsoft IT
Securing Your Business
Information
Customization note:This document contains guidance and/or step-by-step instructions that
can be reused, customized, or deleted entirely if they do not apply to your organization’s
environment or installation scenarios. Any text marked by yellow highlighting indicates either
customization guidance or organization-specific variables. All of the highlighted text in this
document should either be deleted or replaced prior to distribution.
Whether you are exchanging emails, sharing documents, or having a phone conversation, it
is your responsibility to help protect your company’s confidential information from any
unauthorized disclosure.
In this Work Smart guide, you will learn how to use four Microsoft technologies that help
protectbusiness information. These technologies include Information Rights Management
(IRM), Secure/Multipurpose Mail Extensions (S/MIME), BitLocker Drive Encryption, and
Encrypted File System (EFS).
Note:For more information about how to classify business information and data according to
the potential impact of unintentional disclosure read the “Classifying and Protecting Your
Business Information” Work Smart guide at http://aka.ms/customerworksmart.
Topics in this guide include:
Using IRM to protect
information
Applying S/MIME to
email messages
Protecting data with
BitLocker
Protecting data with
EFS
For more information
2. 2 | Securing Your Business Information
Using IRM to protect information
When a company has configured their systems to use Information Rights Management
(IRM), employees using Microsoft Office can apply permissions to messages or documents
by using options on the ribbon. The protection options that are available are based on
permission policies that are customized for an organization. Office 2013 also provides
several predefined groups of rights, such as Do Not Forward in Outlook 2013. More
information about IRM is available athttp://technet.microsoft.com/en-
us/library/cc179103.aspx.
Protecting documents on SharePoint Online
To learn more about applying IRM on SharePoint Online using RMS, see
http://office.microsoft.com/en-us/sharepoint-server-help/apply-information-rights-
management-to-a-list-or-library-HA010154148.aspx and the Work Smart Guide "Secure
Collaboration using SharePoint Online" at http://aka.ms/customerworksmart.
Using IRM to protect email messages
To restrict permissions on email messages and prevent recipients from forwarding, printing,
or copying sensitive data, do the following:
1. In Outlook 2013, on the Mail page, select the Home tab, and click New Email.
2. In the new message, click the Options ribbon tab, and clickPermissions.
Note: If you are not connected to your corporate network, you may first need to
clickConnect to Rights Management Servers to get templates. Once connected to the
server, a list of permissions displays.
3. Select the appropriate permission for the email message.
3. 3 | Securing Your Business Information
Configuring a message to expire
1. In Outlook 2013, on the Mail Home tab, click New Email.
2. In the new message, click the Options ribbon tab.
3. In the More Options section, click Delay Delivery.
4. Select the Expires after check box and enter date and time.
5. Click Close.
Using IRM to protect emails in Outlook Web App
To restrict permissions on email messages and to prevent recipients from forwarding,
printing, or copying sensitive data, when using Exchange 2013, do the following:
1. In OWA, on the Outlook page, click new mail.
2. In the new message, click the ellipses (…).
3. In the drop-down list, select set permissions, and then select the appropriate
permission for the email message.
4. 4 | Securing Your Business Information
Note:When users send an IRM-protected message from OWA, any files attached to the message
also receive the same IRM protection and are protected by using the same rights policy template
as the message. In Exchange 2013, IRM protection is applied to files associated with Microsoft
Office Word, Excel, and PowerPoint, as well as .xps files and email messages. IRM protection is
applied to an attachment only if it's not already IRM-protected.
Using IRM to protect a document
You also can protect Microsoft Office Word, Microsoft Office Excel, and Microsoft Office
PowerPoint files by applying IRM:
1. In Word 2013, click File, and on the Info page, click Protect Document.
2. SelectRestrict Access and click to select the appropriate restriction to apply.
Note: If you are not connected to yourcorporate network, you may first need to
clickConnect to Rights Management Servers to get templates. Once connected to the
server, a list of permissions displays.
Specifying who can access or change a document
1. In Word 2013, click File, and on the Info page, click Protect Document.
2. UnderRestrict Access click Restricted Access.
3. In the Permissions window, select the Restrict Permissions to this document check
box.
5. 5 | Securing Your Business Information
4. Add users in the Read or Change boxes and click OK.
Configuring a file to expire
Use IRM to enforce an expiration date so that recipients cannot access the file after a
specific date:
1. In Word 2013, click File, and on the Info page, click Protect Document.
2. Under Restrict Access click Restricted Access.
3. In the Permissions window, select the Restrict Permissions to this document check
box.
4. In the Permissions window, click More Options.
5. Select the This document expires on: check box, enter an expiration date, and click
OK.
6. When the date has passed, the user will not be able to open the document.
6. 6 | Securing Your Business Information
How to password protect a section in OneNote 2013
1. In OneNote, open the section you wish to protect and select the Review tab.
2. Under Password Protection, select Set Password.
3. In the Password Protection window, enter and confirm your new password and click
OK.
4. A pop-up window appears. Select whether to keep or delete existing backups of the
section that do not have the assigned password.
How to change or remove a password from a section in OneNote 2013
1. In OneNote, open the section that is password protected and select the Review tab.
2. Under Password Protection, select Change Password or Remove Password.
a. If changing the password, enter the old and new password and confirm the new
password. Then, click OK.
b. If removing the password, enter the password and click OK.
Applying S/MIME to email messages
Secure/Multipurpose Mail Extensions (S/MIME) enables you to encrypt and/or digitally sign
your email messages. Encrypting your messages converts regular text data with an
encrypted text so that only people who you specify can read it. Digitally signing an email
message helps ensure that no tampering occurs while your message and its attachments
are in transit.
Signing a message digitally with S/MIME
Signing a message digitally applies an authorized certificate to it that validates that the
message is from you and is unaltered. To sign a message digitally:
1. In Outlook 2013, in an open message, click the Options tab.
2. In the More Options group, click the arrow in the lower-right corner to expand options
box.
3. Under Security, click Security Settings.
7. 7 | Securing Your Business Information
4. Select the Add digital signature to this message check box.
5. Select the following options, if applicable:
Select the Send this message as clear text signed check box to enable recipients
who do not have S/MIME security to read the message.
Select the Request S/MIME receipt for this message check box to verify that the
recipient validates the digital signature and receives the message unaltered, and for
you to receive an email notification about who opens the message and when it is
opened.
6. Click OK.
Notes:
For more information about S/MIME in Office 2010, seehttp://office.microsoft.com/en-
us/outlook-help/send-an-email-message-with-an-s-mime-receipt-request-
HP010356428.aspx.
For more information about S/MIME in Office 2013, seehttp://office.microsoft.com/en-
us/outlook-help/send-an-email-message-with-an-s-mime-receipt-request-
HA102748933.aspx.
Encrypting a message with S/MIME
Encrypting a message with S/MIME means that recipients cannot access it unless they have
a private key that matches the public key that you used for encryption. To encrypt a
message with S/MIME:
1. In Outlook 2013, in an open message, click the Options tab.
2. In the More Options group, click the arrow in the lower-right corner to expand options
box.
3. Under Security, click Security Settings.
8. 8 | Securing Your Business Information
4. Select Encrypt message contents and attachments.
5. To change additional settings, such as selecting a specific certificate to use, click
Change Settings, make the changes, click OK twice, and then click Close.
Enabling recipients to access encrypted files
When you send an encrypted message, S/MIME uses the recipient’s certificate and public
key to encrypt the file. Therefore, you have to exchange certificates and keys before you
can send and access encrypted messages from a specific person.
If you plan to send an encrypted message to someone:
1. Send the person an email that you sign digitally by following the directions in the
previous section “Signing a Message Digitally with S/MIME”. Signing your message
digitally ensures that your public encryption key is included. This enables the person to
send you encrypted email.
2. Ask the person to send you a digitally signed email that includes their public encryption
key. This enables you to send them encrypted email.
3. Create an entry in your Outlook contacts for the person, which saves that person’s
encryption key. After that, Outlook uses this key every time that you send this person
an encrypted message. To create a contact entry:
4. Open a digitally signed email from the person, right-click the person’s name or email
address, and select Add to Outlook Contacts.
Important: If you want to exchange encrypted messages with an external party that does not
have a secure email certificate, refer them to Thawte at http://www.thawte.com/home.htmlor
VeriSign at http://www.verisign.com/index.html.
9. 9 | Securing Your Business Information
Protecting data with BitLocker
BitLocker Drive Encryption is a data protection feature available inWindows Vista, Windows
7, and Windows 8.BitLocker encrypts the hard drives on your computer to provide
enhanced protection against data theft or exposure on computers and removable drives
that are lost, stolen, or decommissioned.More information about BitLocker is available at
http://technet.microsoft.com/en-us/library/hh831713.aspx.
BitLocker To Go provides drive encryption helps protect against unauthorized access on
your portable storage drives. This includes the encryption of USB flash drives, SD cards,
external hard disk drives, and other removable drives formatted by using the NTFS, FAT, or
exFAT file systems.
Note:For step-by-step guidance about how to enable BitLocker and BitLocker To Go in
Windows 8, download the “Work Smart: Protecting Data with Windows 8 BitLocker”guide
available at http://aka.ms/customerworksmart.
Protecting data with EFS
If your computer is not BitLocker compatible, you can use Encrypted File System (EFS)to
encrypt your files and folders by using a certificate. EFS requires that users with whom you
share information enter the appropriate decryption key before they can access the
encrypted content.
Although you can encrypt files individually, it is recommendedthat you designate a specific
folder to store your encrypted files, and to encrypt that folder. All files that are created in or
moved to the encrypted folder will automatically obtain the encrypted attribute.
How to encrypt a folder:
1. Right-click a folder you want to encrypt, and then click Properties.
2. On the General tab, click Advanced.
3. In the Advanced Attributes dialog box, click theEncrypt contents to help secure
datacheckbox and click OK.
10. 10 | Securing Your Business Information
4. You will be returned to the General tab. Click Apply.
5. In the Confirm Attribute Changes dialog box, select Apply changes to this folder,
subfolders, and files and click OK.
Important Note:
Encryption of theMy Documents folder is not recommended.
If you move, copy, or save a file to an encrypted folder, the file becomes encrypted.
If you move, copy, or save an encrypted file to a location that is not on your computer, the
file becomes decrypted.
For more information
Information Rights Management (IRM)
http://technet.microsoft.com/en-us/library/cc179103.aspx
Introduction to IRM for email messages
http://office.microsoft.com/en-us/outlook-help/introduction-to-irm-for-
email-messages-HA102749366.aspx
Secure/Multipurpose Internet Mail Extensions (S/MIME)
http://technet.microsoft.com/en-us/library/jj891023.aspx
BitLocker
http://technet.microsoft.com/en-us/library/hh831713.aspx
Encrypted File System (EFS)
http://technet.microsoft.com/en-us/library/bb457116.aspx
Video: Getting Started with Encrypting File System in Windows 7
http://technet.microsoft.com/en-us/windows/how-do-i-get-started-with-
the-encrypting-file-system-in-windows-7.aspx