Slack

Detect & Mask Sensitive Slack Messages & Files

Problem

Slack users send messages that contain customer’s personal information (PII or PHI) in order to get their work done. Some of the burning problems on why your Slack account needs to be protected:

  • Attackers target Slack: In Slack's Securities and Exchange Commission S-1 filing, Slack mentioned about a data breach the company experienced in March 2015, which exposed usernames, email addresses, encrypted passwords, and phone numbers stored by the company.
  • Insider Threats: Verizon's 2021 Breach Investigation Report state that the Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges and also suffer the most from lost or stolen assets.
  • Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's slack account as deep inspection is time consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.

Solution

Strac Slack App is a Data Loss Prevention (DLP) software.  It masks (aka redacts) sensitive slack messages & files while still giving the opportunity to authorized users to view those slack messages/files in Strac UI Vault. A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed what messages.

Strac App works across all slack channels in a workspace: Public, Private, Direct IM, Group IM.

Below is a sample list of sensitive data elements that will be detected & redacted:

  • Identity: Drivers License, Passport, SSN (Social Security Number), etc.
  • PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
  • PHI: PII data, Medical Record Number (MRN), Medical Notes, etc.
  • Payments: Bank Account, Routing Numbers, Credit Card, Debit Card, etc.
  • Secrets: API Keys, Passwords, Passphrases etc.
  • Physical Network: IP Addresses, MAC Address, etc.
  • Crypto Secrets: Bitcoin, Ethereum, Litecoin Addresses, etc.
  • Custom: Create your own rules or use regex

Support

Please contact hello@strac.io for any questions