My team has been thinking of having a software that can block all spam mails/apps that seems to be a regular in our email system. But a colleague mentioned that there is a way like "“Block sharing if it’s to someone outside of the company ” or “Encrypt any PII found in our sanctioned cloud storage app.”, if we are to use such, Does this mean the risk has been minimized all together?