Notion

Problem

Notion is a productivity app that enables users to write, plan, collaborate, and organize. It offers features like notes, databases, kanban boards, wikis, calendars, and reminders. Users can connect these components to create their own systems for knowledge management, note taking, data management, project management, among others.

In a platform like Notion where data can be easily shared, collaborated and exported, it is more important than necessary that Notion account needs to be protected:

• Regulatory Compliance: Many industries are subject to regulations that require certain standards for data protection, such as GDPR for personal data in the European Union, or HIPAA for health information in the U.S. A DLP strategy can help ensure compliance with these regulations.
• Insider Threats: Verizon's 2021 Breach Investigation Report state that the Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges and also suffer the most from lost or stolen assets. Even trusted employees can sometimes unintentionally or intentionally cause data leaks. Notion is used by teams for collaboration, and DLP can help ensure that this collaboration can take place securely, without risking data leaks. In a platform like Notion where data can be easily shared and exported, DLP provides a way to maintain control over the data, ensuring that it doesn't end up in the wrong hands.

Solution

Strac Notion App is a Data Leak Prevention (DLP) software which is highly alert driven:

• It discovers (aka detects) sensitive messages & files from Notion pages, blocks, databases, comments. You can turn on Strac Notion App to just get findings of sensitive messages shared.
• It masks (aka redacts or removes) sensitive messages and files from Notion pages, blocks, comments while still giving the opportunity to authorized users to view those messages/files in Strac UI Vault. With Strac's redaction experience sensitive PII or PHI data is blocked.
• A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.

Below is a sample list of sensitive data elements that will be detected & redacted:

• Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
• PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
• PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
• Payments (aka Financial Details) or PCI (Payment Card Industry) Data Elements: Bank Account, Routing Numbers, Credit Card Number, CVV, Expiration Date, Debit Card, IBAN, etc.‍
• Secrets: API Keys, Passwords, Passphrases, etc.
• Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
• Physical Network: IP Addresses, MAC Address, etc.
• Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
• Profanity: Curse words, abuse words, offensive content, etc.
• Voice Call Recordings: Audio or Video recordings that have sensitive data
• Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.

‍