Customers post sensitive personal information (PII or PHI) on Zendesk tickets for a given business function. Some of the burning reasons on why your Zendesk account needs to be protected:
All organizations are subject to security attacks and breaches. Zendesk is also not immune. In 2016 Zendesk was subject to a data breach exposing 10,000 Zendesk accounts where sensitive PII (Personally Identifiable Information) was accessed.
Compliance: Every day government legislation is passing Consumer Privacy laws geared to protect consumer data from malicious entities. California and Illinois have been the latest to introduce these laws, including a Biometric Information Privacy Act. For many organizations, data can be spread across a wide range of systems, which can be challenging to keep up with Privacy law enactments. It is a nightmare for companies to do manual cleanup of those sensitive messages sitting within your employee's Zendesk account as deep inspection is time-consuming and error-prone. At the same time, you need to stay compliant and prevent exfiltration of sensitive data.
In the first six months of 2019, a reported 3,813 data breaches affected 4.1 billion records, an increase from 2018. Of which, 70% of leaks exposed user emails, while 65% included sensitive information revealing passwords. According to IBM, the average time it takes for an organization to identify a data breach occurred is 206 days, with an organizational cost of $3.92 million.
Strac Zendesk App is a Data Loss Prevention (DLP) software. There are 2 modes:
Detect Only: Once configured, it automatically discovers sensitive comments and attachments. Customers can see Findings of sensitive tickets in the Strac UI Vault and get notifications.
Redact: Once configured, it masks (aka redacts) sensitive comments and attachments while still giving the opportunity to authorized users to view those Zendesk tickets in Strac UI Vault.
A business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.) to redact. Compliance, Risk and Security officers will get audit reports of who accessed which messages.
Below is a sample list of sensitive data elements that will be detected & redacted:
Identity: Drivers License, Passport, SSN (Social Security Number), National Identification Number, etc.
PII: Name, Address, Email, Phone, DoB, Age, Gender, Ethnicity, etc.
PHI: PII data, Medical Record Number (MRN), Insurance ID, Health Plan Beneficiary Number, Biometric, Medical Notes, etc.
Payments: Bank Account, Routing Numbers, Credit Card, Debit Card, IBAN, etc.
Secrets: API Keys, Passwords, Passphrases, etc.
Vehicle: License Plate, Vehicle Identification Number (VIN), etc.
Physical Network: IP Addresses, MAC Address, etc.
Crypto Secrets: Seed Phrase, Bitcoin, Ethereum, Litecoin Addresses, etc.