System and method for user-context-based data loss prevention

摘要

In one embodiment, a method includes determining a user context of at least one user device currently accessing an enterprise communication platform. The method further includes selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context. The dynamic DLP policy specifies one or more communication events of interest. In addition, the method includes monitoring communication events initiated by the at least one user device for the one or more communication events of interest. Moreover, the method includes, responsive to each communication event of interest: assessing the communication event of interest based, at least in part, on a content-based classification of a communication associated with the communication event of interest; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.

主权项

1. A method comprising, by at least one computer system comprising computer hardware:
determining a user context of at least one user device currently accessing an enterprise communication platform; selecting a dynamic data loss prevention (DLP) policy applicable to the at least one user device based, at least in part, on the user context; wherein the dynamic DLP policy specifies one or more pre-transmission communication events of interest; wherein the one or more pre-transmission communication events of interest comprise creation of an unsent draft communication via the at least one user device; monitoring communication events initiated by the at least one user device for the one or more pre-transmission communication events of interest; responsive to the monitoring, determining that a pre-transmission communication event of interest has occurred, the determining comprising detecting a new unsent draft communication, initiated by the at least one user device, in a designated storage location for unsent draft communications; assessing the pre-transmission communication event of interest based, at least in part, on a content-based classification of the new unsent draft communication; and responsive to a risk assessment meeting certain criteria, taking at least one action specified by the dynamic DLP policy.