Which Sensitivity Label Do I Use?
Which Sensitivity Label Do I Use?
A practical guide to not accidentally emailing your secrets to the internet
Let’s be honest: most data breaches don’t start with elite hackers in hoodies. They start with someone emailing the wrong file to the wrong person and thinking, “Well… that’s probably fine.”
Spoiler: it’s usually not.
That’s why CyberProtex uses Microsoft 365 Sensitivity Labels......a simple, built-in way to tell your data how it should behave when it grows up. Think of labels as seatbelts for your files. You might not always notice them, but you’ll be very glad they’re there when things get bumpy.
So let’s answer the question everyone asks:
Which sensitivity label do I use?
When in doubt, start with Internal. Escalate only when the data actually deserves it.
A practical guide to not accidentally emailing your secrets to the internet
Let’s be honest: most data breaches don’t start with elite hackers in hoodies. They start with someone emailing the wrong file to the wrong person and thinking, “Well… that’s probably fine.”
Spoiler: it’s usually not.
That’s why CyberProtex uses Microsoft 365 Sensitivity Labels......a simple, built-in way to tell your data how it should behave when it grows up. Think of labels as seatbelts for your files. You might not always notice them, but you’ll be very glad they’re there when things get bumpy.
So let’s answer the question everyone asks:
Which sensitivity label do I use?
When in doubt, start with Internal. Escalate only when the data actually deserves it.
✅ Internal (Default)
Your everyday, “this is normal work stuff” label
If this is part of your regular job, chances are this is the right label.
Use Internal for:
If you’re unsure, Internal is your safe harbor.
If this is part of your regular job, chances are this is the right label.
Use Internal for:
- Routine emails and documents
- Internal collaboration, drafts, and meeting notes
- General business information
If you’re unsure, Internal is your safe harbor.
🌍 Public
For content you wouldn’t mind seeing on Google
Public is exactly what it sounds like—and should be used sparingly.
Use Public for:
Public is exactly what it sounds like—and should be used sparingly.
Use Public for:
- Marketing materials
- Public website content
- Press releases and announcements
🔒 Confidential
When exposure would be a bad day
Now we’re getting into grown-up data.
Use Confidential for:
Rule of thumb:
👉 If exposure could cause harm, embarrassment, or regulatory pain—use Confidential.
Now we’re getting into grown-up data.
Use Confidential for:
- Contracts and legal documents
- Financial information
- HR or employee records
- Customer information
Rule of thumb:
👉 If exposure could cause harm, embarrassment, or regulatory pain—use Confidential.
🔐 Highly Confidential
The “absolutely not for everyone” category
This is your crown-jewel data. Handle with care.
Use Highly Confidential for:
If only a very small group should ever see it, this is your label.
This is your crown-jewel data. Handle with care.
Use Highly Confidential for:
- Intellectual property
- Security architecture or vulnerabilities
- Executive or board communications
- M&A or strategic planning materials
If only a very small group should ever see it, this is your label.
🚫 Controlled / Regulated (CUI, ITAR, HIPAA, etc.)
When the rules aren’t optional
Some data doesn’t just belong to the company—it belongs to regulators, contracts, or the federal government.
Use Controlled / Regulated for:
Translation: if regulations dictate how the data must be handled, this label is required.
Some data doesn’t just belong to the company—it belongs to regulators, contracts, or the federal government.
Use Controlled / Regulated for:
- CUI or government-controlled information
- Export-controlled or regulated data
- Protected health information (PHI)
Translation: if regulations dictate how the data must be handled, this label is required.
The Quick Decision Guide
Because nobody has time to overthink this:
- Not sure? → Use Internal
- Sensitive? → Use Confidential
- Critical or restricted? → Use Highly Confidential or Controlled / Regulated
Why This Actually Matters
Correct labeling:
And if you’re ever unsure?
Default to Internal or contact the CyberProtex security team. We promise—no judgment, no eye-rolling.
Security works best when everyone understands it. And maybe even smiles once in a while.
- Protects CyberProtex
- Protects our clients
- Protects you
- Enables secure collaboration
- Supports regulatory compliance (without slowing work down)
And if you’re ever unsure?
Default to Internal or contact the CyberProtex security team. We promise—no judgment, no eye-rolling.
Security works best when everyone understands it. And maybe even smiles once in a while.
