Slack

Problem

Slack users send messages that contain customer’s personal information (PII or PHI) in order to get their work done. Some of the burning problems on why your Slack account needs to be protected:

• Attackers target Slack: In Slack's Securities and Exchange Commission S-1 filing, Slack mentioned about a data breach the company experienced in March 2015, which exposed usernames, email addresses, encrypted passwords, and phone numbers stored by the company.
• Insider Threats: Verizon's 2021 Breach Investigation Report state that the Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges and also suffer the most from lost or stolen assets. Employees accidentally or maliciously sharing files on public channels or on Slack Connect.
• Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's slack account as deep inspection is time consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.

Solution

Strac Slack App is a Data Loss Prevention (DLP) software which is highly alert driven:

• It discovers (aka detects) sensitive messages & files. You can turn on Strac Slack App to just get findings of sensitive emails shared.
• It masks (aka redacts) sensitive slack messages & files while still giving the opportunity to authorized users to view those slack messages/files in Strac UI Vault.
• It prevents file sharing on channels or on Slack Connect if configured. You can build a workflow around file sharing. For e.g., share a file only if an owner approves it.
• A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.

Strac App works across all slack channels in a workspace:

• ‍Public Channels
• Private Channels
• Direct Message (DM) and
• Group Direct Message (Group DM)

Strac App also works with Free, Pro, Business and Enterprise plans.

Below is a sample list of sensitive data elements that will be detected & redacted:

• Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
• PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
• PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
• Payments: Bank Account, Routing Numbers, Credit Card, Debit Card, IBAN, etc.
• Secrets: API Keys, Passwords, Passphrases, etc.
• Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
• Physical Network: IP Addresses, MAC Address, etc.
• Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.
• Profanity: Curse words, abuse words, etc.
• Custom: Create your own rules or use regex

Checkout Strac's catalog of sensitive data elements that Strac automatically detects and redacts.