Data loss prevention in Zoho Cliq
Data is prone to leaks and theft, especially when it involves external parties. With Zoho Cliq's DLP, you can implement organizational strategies to help reduce data leaks and theft across your organization. Getting started is easy—simply create a DLP policy within Zoho Cliq to safeguard your data and enhance security throughout the organization.
Info: This feature is available only in the Zoho Cliq Enterprise plan.Where do I find this in the admin panel?
Navigate to the Admin Panel -> Data Administration -> Data Loss Prevention.
The DLP module is divided into three sub-sections, such as:
- Policies
- Sensitive information types
- Alerts
Policies
Policies are defined to ensure how sensitive data should be handled, monitored, and protected in an organization. They protect a wide range of sensitive information types and set rules tailored to your requirements.
Active and inactive policies
By default, you can view the list of active policies that are currently enforced in the organization and also convert active policies to inactive policies, or vice versa.
Create a policy
Select the create policy button under Policies to create a policy and follow the below steps.
Step 1: Select Category
Select a category from the below options:
- Existing template
When selecting templates, you'll see three predefined categories: Privacy, Finance, and Healthcare. Each category includes policies for five regions: India, the US, Australia, Canada, and the UK. You can choose a template from these categories or create a custom policy. - Create from scratch
You can create a custom policy by selecting the Create from scratch option.
Step 2: Policy details
The next step would be to add policy details such as policy name and description.
Sensitive information types
Sensitive information types are categories or classifications of data that are valuable, critical, and confidential and need measures to protect them.
Default and custom
Zoho Cliq has some predefined sensitive information types that you can select from. You can also create your own sensitive information type.
To create a sensitive information type:
- Select Add New Sensitive Information Type.
- Add a name and description, then choose a primary method.
- You can either enter a regular expression or provide a set of keywords, separated by commas.
Note:
- If any keyword from the set matches, the DLP action will be triggered.
- Alternatively, you can upload a file as a dictionary as the primary method.
- The file you import should be only of the '.txt' format.
Step 3: Update sensitive information types and rules
Add sensitive information type
If you've selected a template, the associated information types will be automatically added.
You can also add additional information types to the template.
To protect specific data relevant to your organization, you have the option to create custom information types as needed.
If you have selected existing templates, the list will be updated. Otherwise, you can add a sensitive information type here. You can create your own sensitive information types depending on the kind of organization data you want to protect.
If you are creating a policy from scratch, you ll have to select at least one sensitive information type and click Add.
Create DLP rules
Rules are sets of criteria and conditions that are used to define how sensitive data should be protected in an organization. You can create up to five rules for a policy. To create a rule, you'll need to define the following:
- Rule name: Add a name to the rule.
- Select users: You can select all users or apply the rule to specific users/roles/departments.
- Select chats: You can select all chats or apply the rule to specific chat types from the options.
- Select actions: You can select the following actions that can be performed on a message when the rule is met: Block, Block & allow only after approval, Block & allow override, and Allow and audit.
How rules work?
In a DLP policy, you can apply rules to all users or select specific users, departments, or roles. Multiple rules can also be added to a single DLP policy.
When a DLP policy includes multiple rules with different user selections and actions, the rule with the most restrictive DLP action will be enforced.
If there are multiple policies with single rules, the policy with the most restrictive action will apply.
Example:
In a DLP policy:
- Rule 1: Engineering Department → Block
- Rule 2: HR Admin Role → Allow
How it works: If a user belongs to both the Engineering Department and has the HR Admin role, they will still be blocked from sending sensitive information because the most restrictive action (Block) is applied.
Once the sensitive information types are added and the rules are set, you can select Next.
Step 4: Alerts
The organization admin can choose whether they or other admins should be notified when a rule violation occurs in chat. The admins selected in the 'Notify admin' field will receive a policy violation alert message. Here, you can specify the alert severity and add a policy tip to be displayed to the user who violates the policy.
Note:
- Alert severity works as a reference to help organization admins categorise the importance of each DLP policies in better way.
- Admins can select "Low, Medium, or High" in the severity option. This will create visual distinction in the Alert module's listing, helping to filter out alerts with "high" priority.
When a user sends a message that violates a policy, the selected organization admins will receive an alert message.
Step 5: Preview
Once all the details are defined, you can preview the policy before creating one.
Types of actions for handling sensitive data:
Block
- This is the recommended action for managing sensitive data. When a rule is set to "Block," users are prevented from sending messages containing sensitive information as defined by the policy.
- User experience: If a user attempts to send a message that violates the policy, the message will be sent but it will be masked, and a policy tip will be displayed explaining the restriction.
Web
Android
iOS
Block and allow only after approval
- This action blocks messages that violate the policy but allows them to be sent after the admin's approval.
Android
iOS
- Admin options:
- Approval requirement: Admins can mandate a valid reason for approval.
- Notifications: Admins can opt to receive notifications about these approval requests in the alerts section.
- User experience: In the chat location, users will see an info that their message is blocked and is pending approval.
- Upon admin approval, the message sent will be visible and an info will be displayed that 'This message, ideally blocked by DLP policy restrictions, has bypassed the policy and has been sent' in the message.
- Upon admin decline, the message will be blocked permanently, and an info will be displayed that 'The request for approval to send this message blocked by DLP policy restrictions, has been rejected' in the message.
Block and allow override
- This action blocks messages that violate the policy, but allows users to override the block and send the message after providing a reason.
Web
Android
iOS
- Admin options:
- Approval requirement: Admins can mandate users to provide a reason to override.
- User experience: Users will see a notification that their message is blocked due to the DLP policy. They can choose to override the block, provide a reason, and send the message. A notification will be displayed that 'This message, ideally blocked by DLP policy restrictions, has bypassed the policy and has been sent.
Allow and audit
- This action allows users to send messages that violate the policy but logs these messages for audit purposes.
- User experience: Users can send their messages without interruption. However, each message is logged in the alerts log for auditing and review by admin.
Alerts
In the alerts section, you'll find a list of all instances where users have violated a policy. You can filter this list based on various criteria, including policies, sensitive information, users, alert severity, and status. If an entry in the list is highlighted, it means the user has sent a message for your approval.
You can view all the pending alerts left when users send a message and request for your approval. You can either approve or decline the request.
Note:
We'll be syncing the status of DLP policies of chats/users every 15 minutes. When a new DLP policy is added or when updating an existing policy & a sensitive message is sent within the 15 minute time-frame, the DLP action may not be implemented completely.
We'll be syncing the status of DLP policies of chats/users every 15 minutes. When a new DLP policy is added or when updating an existing policy & a sensitive message is sent within the 15 minute time-frame, the DLP action may not be implemented completely.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Cliq Cart
Cliq Cart is a nifty e-commerce tool crafted for your organization and teams to seamlessly browse, purchase, sell, and even host auctions without leaving Zoho Cliq. Whether you're searching for essential office supplies, showcasing your latest ...Data storage compliance in Zoho Cliq
Zoho Cliq is a GDPR-compliant service that ensures your personal data remains secure. We follow all the security compliance regulations and make sure that your data is stored and handled within your geographic region. We follow this pattern not just ...Zoho Writer for Cliq
Available Regions: US, IN, EU, AU.Available Plans: All plans.Available To: Roles Entire organization Team Organizational Admins ✔ ✔ Members ✔ How this integration helps The Zoho Writer for Cliq ...eDiscovery and data retention policies in Zoho Cliq
Using Zoho Cliq, an admin can retain data using policies, investigate by searching for specific data, hold this data, and export the data retained for compliance purposes. Follow the below steps for eDiscovery and retaining data in Zoho Cliq: Step 1: ...HIPAA Compliance with Zoho Cliq
The Health Insurance Portability and Accountability Act (including the Privacy Rule, Security Rule, Breach Notification Rule, and Health Information Technology for Economic and Clinical Health Act) ("HIPAA"), requires Covered Entities and Business ...
New to Zoho LandingPage?
Zoho LandingPage Resources