Sophos Data Protection

| 02-05-2021
[RAND-1-100] Comments



  1. Sophos Enable Data Protection
  2. Sophos Endpoint Protection
  3. Sophos Software
Data

If you use role-based administration:

Please check the Sophos Central Device Encryption policy in the Sophos Central Admin. Please refer to this document which provides more information on the Policies for Sophos Central Device Encryption. If policies are already in place, please check whether that machine is under that policy or not. The EU General Data Protection Regulation. Understanding the Data Protection requirements and how to comply. The EU General Data Protection Regulation (GDPR) affects all organizations that hold personally identifiable data on EU citizens such as email addresses, photos or medical information. You consent to be contacted about Sophos. Sophos AMSI Protection can be disabled through a Threat Protection Policy: Endpoint Protection Policies Threat Protection AMSI Protection (with enhanced scan for script-based threats): 'This protects against malicious code (for example, PowerShell scripts) using the Microsoft Antimalware Scan Interface (AMSI).

  • You must have the Policy setting - data control right to configure a data control policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

By default, data control is turned off and no rules are specified to monitor or restrict the transfer of files over the network.

To turn data control on:

Sophos Enable Data Protection

  1. Check which data control policy is used by the group or groups of computers you want to configure.
  2. In the Policies pane, double-click Data control. Then double-click the policy you want to change.
    The Data control policy dialog box is displayed.
  3. On the Policy Rules tab, select the Enable data control scanning check box.
  4. Click the Add Rule button. In the Data Control Rule Management dialog box, select the rules you want to add to the policy and click OK.
    Important If you do not add any data control rules, data control will not monitor or restrict the transfer of files until you do so.

If you later want to disable data control scanning, clear the Enable data control scanning check box.

Sophos data loss prevention

Data Loss Prevention (DLP) controls accidental data loss. DLP enables you to monitor and restrict the transfer of files containing sensitive data.

For example, you can prevent a user sending a file containing sensitive data home using web-based email.

You do this by creating rules. You then add the rules to policies, as described below. You can then apply these policies to users, computers and Windows servers.

Data Loss Prevention (DLP) policies include one or more rules that specify conditions and actions to be taken when the rule is matched. When a DLP policy contains several rules, a file that matches any of the rules in the DLP policy violates the policy. A rule can be included in multiple policies. You can add text to the messages shown on protected endpoints or Windows servers when the rules are triggered. There are two types of message:

  • A confirmation notification that asks the user to confirm the file transfer.
  • A block notification that informs the user that they cannot transfer the file.

You can create custom policies or policies from templates. The templates cover standard data protection for different regions. You can apply these policies to users, computers or Windows servers.

Go to Endpoint Protection > Policies to apply DLP.

Sophos Endpoint Protection

To set up a policy, do as follows:

  • Create a Data Loss Prevention policy.
  • Open the policy's Settings tab and configure it as described below. Make sure Use rules for data transfers is turned on.

Sophos Software

  1. Choose whether you want to create a policy from a template or a custom policy.
    • To use a template, select a region and a template and click Create from Template. This adds a pre-defined rule to the policy.

      To add more rules, click Add.

    • To create a custom policy, click Create Custom Policy and click Add. Choose whether you want to an use existing rule or create a new rule. Select the rules you want to add and click Add.
  2. Turn on the options in the Messages For End Users area and click the option names to add your own message to the standard confirmation and block notifications. Each message can have a maximum of 100 characters.
    Note You can turn off either or both of these messages. The standard notification is shown on the endpoint or server. If you leave the message box blank the standard notification is shown.
    1. Enter the message text.
    2. Click Finish.