How to Use Office 365’s Information Barriers to Reduce Your Compliance Risk

How to Use Office 365's Information Barriers to Reduce Your Compliance Risk

Someone in your R&D department accidentally reveals a new product feature to a colleague in your sales department. That person then excitedly tells a customer, not realizing that they’ve just caused major issues for your public company by releasing important information before it was officially announced.

Inadvertent communications are just one problem that can plague companies in their efforts to comply with certain industry regulations, whether they’re subject to SEC rules, in the financial arena and governed by FINRA, or a healthcare provider following HIPAA guidelines.

FINRA, in particular, has specific conflict of interest guidelines that financial firms have to follow that restrict information sharing between departments. An example of this is their Regulatory Notice regarding debt research, which restricts the interactions between debt research analysts and those outside their department, like those in sales, trading, and investment banking departments.

Non-compliance with data privacy regulations costs businesses over 2x the cost of maintaining compliance.

Companies can put multiple IT security strategies in place to combat things like phishing attacks, ransomware, and other outside attacks. But when it comes to internal company communications, that’s a whole different issue to address.

When information is disclosed between employees and departments that shouldn’t be, it can lead to compliance violations and penalties. One way that Microsoft is helping companies solve this communication and compliance issue is through their Information Barriers feature in Office 365.

How Does Information Barriers Work?

Information Barriers in Office 365 gives you the ability to restrict communication between individuals or groups within your organization.

For example, you could make it impossible for someone in your sales department to contact someone in your product development department using the chat or calling features in Microsoft Teams.

Teams is the main collaboration platform that Microsoft offers with Office 365 and it helps connect your employees and enable collaboration by real-time chat, audio call or video conferences. That’s why Teams is the target application for Information Barriers.

The communication restrictions will also be rolled out soon for SharePoint sites. This feature is currently in private preview and visiting that link allows you to request to participate.

Information Barrier policies can be applied to groups, users, and guest users to restrict interactions.

What Activities Does Information Barriers Control?

Using Information Barrier policies, you can restrict certain user interactions, such as:

  • Starting a chat session
  • Searching for a user
  • Adding a member to a team
  • Group chat
  • Inviting someone to join a meeting
  • Placing a call (audio or video)
  • Sharing your screen

What Happens When Someone is Blocked?

When users or groups are blocked from each other, they can’t interact through Microsoft Teams as usual. Here are some of the ways this materializes for the user.

  • Blocked users will not be available to chat or call, on the contacts list the only action a user can take is to delete them.
  • Blocked users won’t show up on the People tab, in the People Picker, or on the Activity tab in Teams.
  • Blocked users won’t appear on the suggested contacts list that shows up for new users.
  • On organizational charts, blocked users will appear as an error message.
  • Once SharePoint support is rolled out, only those associated with a team site will have access to the files included.

What Do You Need to Use Information Barriers?

The Information Barriers feature is included in the following subscriptions:

  • Microsoft 365 E5
  • Office 365 E5
  • Office 365 Advanced Compliance
  • Microsoft 365 E5 Information Protection and Compliance

Administrators can manage Information Barrier policies in the Office 365 Security & Compliance Center (SCC) using PowerShell cmdlets.

Examples of Where to Use Information Barriers for Compliance

Information Barriers can be used multiple ways to restrict users or groups from contacting other users or groups within your organization.

Compliance is the specific purpose for the creation of the feature and the policies it enables. Here are some examples of how restricting user communication via Information Barrier policies can support your compliance.

  • A research and development team being restricted to only interacting with a product development team to keep confidential information from leaking.
  • Front reception desk team members at a healthcare facility being restricted from communicating directly with the medical records department to avoid inadvertent disclosure of patient health information to an unauthorized caller.
  • Restricting chat sessions between the sales department and accounting department to keep them from passing through customer payment card details in a non-approved format.
  • To keep finance personnel working on confidential audit materials from being called by other departments in the company until the audit is finished.

The flexibility of Information Barrier policies allows you to control how much communication you restrict. For example, you can only restrict screensharing or video calls, or you can completely silo one department from another.

Get Help with Compliance from Certified Specialists

Excedeo team members are certified and have helped companies meet their compliance needs for guidelines such as HIPAA and PCI throughout the U.S. We can help you with effective and comprehensive compliance solutions.

Contact us today to book a technology consultation!