Office 365

Detect & Mask Sensitive Emails From Your Inbox - Office 365 DLP

Problem

Customers send emails that contain customer’s personal information (PII or PHI) to employees in order to get some business activity done.

  • Data Breaches: $1.9B loss due to Business Email Compromise (BEC) reported to FBI in 2020 and 45k cases of personal data breach reported to FBI in 2020.
  • Insider Threats: Verizon's 2021 Breach Investigation Report state that the Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges and also suffer the most from lost or stolen assets. Employees accidentally or maliciously sharing emails or attachments to external email addresses (outside of the organization).
  • Compliance: Each state has come up with its own privacy and security laws to protect customer data in the recent past. What started with GDPR in the EU in 2016 translated to CCPA in CA and most recently New York, Virginia also passed their privacy acts.

Solution

Strac Office 365 App is a Data Loss Prevention (DLP) software.

  • It discovers (aka detects) sensitive emails. You can turn on Strac Office 365 App to just get findings of sensitive emails shared.
  • It masks (aka redacts) sensitive emails while still giving the opportunity to authorized users to view those emails in Strac UI Vault.
  • It prevents email shared to external email addresses if configured. You can build a workflow around email shared to external email addresses. For e.g., send an email/attachment only if an owner approves it. If the owner rejects it, that email to external party won't be sent.
  • A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.

Below is a sample list of sensitive data elements that will be detected & redacted:

  • Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
  • PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
  • PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
  • Payments: Bank Account, Routing Numbers, Credit Card, Debit Card, IBAN, etc.
  • Secrets: API Keys, Passwords, Passphrases, etc.
  • Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
  • Physical Network: IP Addresses, MAC Address, etc.
  • Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
  • Profanity: Curse words, abuse words, etc.
  • Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.

Strac: Email Auditor - Detect & remove sensitive personal data (PII/PHI) from email | Product Hunt

Support

Please contact hello@strac.io for any questions