Hi, would like to ask if anyone could share any Best Practices (CIS, NIST, Cobit etc.) on how to monitor and block attachments that are password protected. So we do not want to block any legit mails with password protected attachments but we also do not want anyone to send any unauthorize email with PII or confidential data using password protected attachments. How best should we address this issue? I can only think of the following controls to minimize the impact, not too sure if these are adequate. Would appreciate if anyone could provide any advise or inputs.
a. Notification pop-up to be accepted by users when attachment is detected, to warn of the possible violating of DLP b. Block webmail domains, review outbound email accounts at least monthly for unauthorized usage c. Justify the necessity or requirements for sending out encrypted email attachments, i.e. block encrypted email attachments for staff that have no business requirements to do so d. Log all outbound encrypted attachments sent via emails to SIEM for correlation and trigger alerts based on policies or rules.