Customers send emails that contain customer’s personal information (PII or PHI) to employees in order to get some business activity done.
Data Breaches: $1.9B loss due to Business Email Compromise (BEC) reported to FBI in 2020 and 45k cases of personal data breach reported to FBI in 2020.
Insider Threats:Verizon's 2021 Breach Investigation Report state that the Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges and also suffer the most from lost or stolen assets. Employees accidentally or maliciously sharing emails or attachments to external email addresses (outside of the organization).
Compliance: Each state has come up with its own privacy and security laws to protect customer data in the recent past. What started with GDPR in the EU in 2016 translated to CCPA in CA and most recently New York, Virginia also passed their privacy acts.
Solution
Strac Office 365 App is a Data Loss Prevention (DLP) software.
It discovers (aka detects) sensitive emails. You can turn on Strac Office 365 App to just get findings of sensitive emails shared.
It masks (aka redacts or removes) sensitive emails while still giving the opportunity to authorized users to view those emails in Strac UI Vault.
It prevents unauthorized email forwarding to external email addresses if configured. You can build a workflow around email shared to external email addresses. For e.g., send an email/attachment only if an owner approves it. If the owner rejects it, that email to external party won't be sent.
A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.
Below is a sample list of sensitive data elements that will be detected & redacted:
Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
Payments (aka Financial Details) or PCI (Payment Card Industry) Data Elements: Bank Account, Routing Numbers, Credit Card Number, CVV, Expiration Date, Debit Card, IBAN, etc.
Secrets: API Keys, Passwords, Passphrases, etc.
Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
Physical Network: IP Addresses, MAC Address, etc.
Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
Profanity: Curse words, abuse words, offensive content, etc.
Voice Call Recordings: Audio or Video recordings that have sensitive data