Documentation
1. Policies and Procedures
1.1. Message and Communication Security

1.1. Message and Communication Security

1. Purpose

This policy establishes guidelines for the secure handling of messages and communication within Lean Transition Solutions (LTS) utilizing Microsoft 365 services, including email (Outlook), Teams, and OneDrive. The aim is to protect confidential information, maintain compliance with relevant laws and regulations, and ensure the integrity of our communications.

2. Scope

This policy applies to all employees, contractors, and other authorized users of Microsoft 365 services at LTS.

3. Policy Statement

LTS is committed to protecting the confidentiality, integrity, and availability of its communications. All users are responsible for using Microsoft 365 services in a secure and responsible manner.

4. Key Principles

  • Confidentiality: Sensitive information should be protected from unauthorized access, use, disclosure, disruption, modification, or destruction.
  • Integrity: Communications should be accurate and complete, and should not be tampered with or altered.
  • Availability: Communication systems should be accessible to authorized users when needed.

5. Security Practices

  • Email:
    • Strong Passwords: Use complex and unique passwords for your Microsoft 365 account.
    • Two-Factor Authentication (2FA): Enable 2FA for all Microsoft 365 accounts to add an extra layer of security.
    • Phishing Awareness: Be vigilant of phishing attempts and report suspicious emails to the IT department.
    • Attachment Security: Avoid opening attachments from unknown senders or suspicious sources. Scan attachments with antivirus software before opening.
    • Email Filtering: Configure email filters to block spam and malicious emails.
    • Data Loss Prevention (DLP): Utilize Microsoft 365’s DLP features to identify and prevent the accidental or malicious sharing of sensitive information.
  • Teams:
    • Channel Privacy: Set the appropriate privacy levels for Teams channels, ensuring sensitive information is only accessible to authorized users.
    • Meeting Security: Use strong passwords or meeting codes for Teams meetings. Utilize meeting recording controls appropriately.
    • File Sharing: Use secure file sharing methods within Teams and avoid sharing sensitive information in public channels.
  • OneDrive:
    • File Permissions: Set appropriate sharing permissions for OneDrive files, restricting access to authorized users.
    • Password Protection: Password protect sensitive files or folders within OneDrive.
    • Synchronization: Regularly back up important OneDrive files to local storage and utilize OneDrive’s version history for data recovery.

6. Prohibited Actions

  • Sharing Sensitive Information: Do not share confidential company information or personal data via unsecured channels (e.g., public Wi-Fi).
  • Unauthorized Access: Do not access unauthorized accounts or systems.
  • Spoofing: Do not impersonate others or send misleading messages.
  • Misuse of Company Resources: Do not use company resources for personal gain or illegal activities.

7. Reporting Security Incidents

Any suspected security incidents or breaches related to Microsoft 365 services should be reported immediately to the IT department.

1. Policies and Procedures1.2. Data Storage and Management