Data Protection Actions (Formerly Rules)

Learn how to protect sensitive files with encryption and file event restrictions.

Once you’ve identified sensitive data using classifiers, you can take steps to protect it. These actions include:

• Encrypting your data to make it inaccessible to unauthorized users.

• Blocking certain file operations like deletion, sharing, or sending sensitive files.

• Setting up notifications when such operations are attempted.

You can configure or update data protection actions for any of your active classifiers by following these steps:

Step 1. Go to Deployment > Active Classifiers, and locate the classifier you want to modify.

Step 2. Click the classifier’s name to open its settings, then click Next until you reach the Actions screen.

Encryption

When a sensitive file is encrypted, only authorized users—those with Actifile running on their device and a valid installation key—can access its content. This security measure ensures that even in the event of a data breach, encrypted data remains inaccessible to unauthorized individuals.

For more information about encryption, explore the following articles:

– How encryption works

– Encryption best practices

– Encryption functionality FAQ

Certain applications can be allowlisted, enabling Actifile to auto-decrypt files when those applications interact with them. For example, you can allowlist an email platform to create a secure method for sharing files.

Learn more about allowlisting in this article:

– Application Allowlisting

Set up encryption

You can configure encryption for your files from the classifier settings or directly from the Active Classifiers table.

From the classifier settings

Step 1. Navigate to Deployment > Active Classifiers and locate the classifier to which you want to apply actions.

 

Step 2. Click the classifier’s name to open its settings, then click Next until you reach the Actions screen.

Step 3. In the Manage Encryption section, check the Encrypt Data box. Once selected, you can:

• Set up an encryption delay (the number of days after the file’s last modification before encryption occurs).

• Configure the current classifier's encryption settings to override others if a file is flagged by multiple classifiers with differing encryption settings.

• Allowlist applications that will automatically receive the encrypted version of files.

 

From the Active Classifiers table

Step 1. Navigate to Deployment > Active Classifiers and locate the classifier you want to modify.

Step 2. Check the box in the Encryption & Delay column. Once selected, you can set the encryption delay directly from the table.

File Event Blocking

Actifile allows you to prevent specific file events to safeguard sensitive data. The events you can block include:

• Change extension

• Transfer to a removable device

• Delete

• Upload

Additionally, you can create a case for any of these events. This means you’ll receive a notification whenever an attempt is made to perform the operation.

For a practical example of file event blocking, check out this tutorial:

– Restrict SSN sharing across your organization, except for a specific device

Set up file event blocking

Follow these steps to configure file event blocking:

Step 1. Navigate to Deployment > Active Classifiers and locate the classifier to which you want to apply actions.

 

Step 2. Click the classifier’s name to access its settings, then click Next until you reach the Actions screen.

Step 3. In the Manage File Events section, click Add Action Group. Set up the following options:

• Device(s) where the action(s) will be applied, using include or except logic.

• Event that will trigger the action(s), such as changing the extension, moving to a removable device, deleting, or uploading.

• Actions: Select whether to prevent the operation, create a case, or both.

• Processes: For the upload event, specify the applications to which the actions will apply, using include or except logic.

 

You can add multiple action groups for different device groups or different file events.