Kustomer

Protect sensitive personal data (PII & PHI) from Kustomer tickets

Problem

Customers post sensitive personal information (PII or PHI) on Kustomer CRM. Some of the burning reasons on why your Kustomer account needs to be protected:

  • Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's Kustomer account as deep inspection is time-consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.
  • In the first six months of 2019, a reported 3,813 data breaches affected 4.1 billion records, an increase from 2018. Of which, 70% of leaks exposed user emails, while 65% included sensitive information revealing passwords. According to IBM, the average time it takes for an organization to identify a data breach occurred is 206 days, with an organizational cost of $3.92 million.
  • Between 2018 and 2020, there was a 47% increase in insider threat incidents. This includes malicious data exfiltration and accidental data loss.

Solution

Strac Kustomer App is a Data Loss Prevention (DLP) software. It masks (aka redacts) sensitive comments and attachments while still giving the opportunity to authorized users to view those Kustomer tickets in Strac UI Vault. A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed which messages.

Below is a sample list of sensitive data elements that will be detected & redacted:

  • Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
  • PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
  • PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
  • Payments: Bank Account, Routing Numbers, Credit Card, Debit Card, IBAN, etc.
  • Secrets: API Keys, Passwords, Passphrases, etc.
  • Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
  • Physical Network: IP Addresses, MAC Address, etc.
  • Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
  • Profanity: Curse words, abuse words, etc.
  • Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.

Please contact hello@strac.io for any questions