Spam Mails and App Blocking

My team has been thinking of having a software that can block all spam mails/apps that seems to be a regular in our email system. But a colleague mentioned that there is a way like "“Block sharing if it’s to someone outside of the company ” or “Encrypt any PII found in our sanctioned cloud storage app.”, if we are to use such, Does this mean the risk has been minimized all together?

 

Thanks for the response. The thing is, the spam mails in our office is either money-related scam or sexually-explicit invitation. Of course, we found it a little off because this happens literally almost every morning. We have read about Shadow IT but we still has to study this option. Any thoughts on this?