Protocols to Protect Sensitive Information in SharePoint


*Updated January 19, 2024.

Recommended Security Protocols for Confidential Content in SharePoint Online

SharePoint is one of the most popular platforms for collaborative working and sharing content. Most organizations utilize this platform to empower teamwork, quickly find information, and widely unite their team on-premises or in the cloud. Klarinet understands that some information on SharePoint should be considered highly confidential content and recommends the following security protocols:

  1. Delegate an internal IT resource, such as an Information Security Coordinator (ISC). This role is crucial for overseeing the security of your SharePoint environment and ensuring that policies and procedures are up-to-date with current security standards.
  2. Work with the Leadership Team and have the internal IT resource in charge of creating and maintaining a list of sites containing highly confidential information. This helps in prioritizing security efforts and ensures that all stakeholders are aware of the critical areas needing protection.
  3. IT security resource shall conduct regularly scheduled security audits of the highly confidential SharePoint sites. Consider, at minimum, quarterly audits, preferably monthly. These audits help in identifying vulnerabilities and ensuring compliance with security policies.
  4. Leverage Alert Policies in the Microsoft 365 Security Center & Microsoft 365 Compliance Center (previously Office 365 Security & Compliance Center). Your organization can create Alerts to notify clients when a new Site Administrator is added and when permissions are changed on your highly confidential sites. These policies can help in identifying suspicious activities and potential breaches.

Other recommendations:

  1. Leverage Information Rights Management for highly confidential documents. Information Rights Management (IRM) helps to control and protect digital documents by limiting the actions that users can take on documents that have been downloaded from SharePoint Online or OneDrive for Business document libraries and lists. IRM encrypts the downloaded files and limits the set of users and programs that are allowed to decrypt these files, as well as restricts the rights of the users who are allowed to read files so that they cannot take actions such as print copies of the files or copy text from them.
  2. Password Protect and Encrypt documents which contain the most highly confidential information. This is a feature included in both Office documents (Word/Excel/PowerPoint) as well as Adobe PDF documents.
  3. Security Alerts can also be created whenever someone accesses specific documents.
  4. Klarinet is available as a training resource for clients’ IT teams for the Security & Compliance Centers in Microsoft 365.

We encourage organizations to implement an organizational SharePoint strategy to protect their infrastructure assets from internal and external attacks. However, keeping your SharePoint environment secure requires commitment, planning, and transparency between IT and end-users. In this article, our recommended security protocols for highly confidential content in SharePoint seek to help you improve your SharePoint security and alleviate the stress of managing sensitive information.

Do you need help implementing SharePoint security measures?

Reach out to the digital workplace experts at Klarinet Solutions for help securing your workplace. We will work with you to optimize your SharePoint intranet, implement policies to secure your data, and develop a streamlined process that supports business objectives and elevates your workplace.

Brian Long
Client Development & Success Director, Klarinet Solutions

Brian Long is experienced in Enterprise Sales Technology and Sales Leadership Professional, with more than 20+ in the industry. Long enables organizations with Modern Digital Workplace Solutions, as the Client Success & Development Director at Klarinet Solutions. With years of experience leveraging technical hands-on knowledge, Long brings a multitude of historical performance of long-term projects and solutions, giving him a unique position to assess and diagnose the evolving business needs of Modern, Remote and Hybrid Workplaces today.