Organizations typically have regulatory, contractual, or ethical obligations to protect the data they hold about individuals.
To ensure the security and privacy of sensitive information, organizations must be able to demonstrate they have robust data protection measures in place. This includes the ability to manage access to sensitive information, to monitor data sharing and sending, and to store data securely.
What counts as sensitive information
Sensitive information refers to data that is confidential, private, or otherwise protected by law, policy, or contractual obligation, and requires special care in handling, storage, and access.
Sensitive information typically falls under one of the following types:
- Personally Identifiable Information (PII): Information that allows a reasonable inference of the identity of a person either directly or indirectly, such as full name, email address, passport number, or social security number. PII is covered by data protection regulations such as GDPR in Europe and state privacy law in the United States (for example, CCPA, NYPA, CPA).
- Payment Card Industry (PCI): a set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
- Protected Health Information (PHI): Information about an individual's health or medical history that is collected, stored, used, or disclosed in the course of providing health care services, such as patient name, medical history, and health insurance details. PHI is protected by law under legislation such as the Health Insurance Portability and Accountability Act (HIPAA).
- Non-Public Personal Information (NPI): personal financial information that is collected and stored by financial institutions, such as social security number, financial account numbers, home address, email address, income details, and employment information. NPI s protected by law under legislation such as the Gramm-Leach-Bliley Act (GLBA).
To see the list of data descriptors that Coro is able to identify as sensitive information, see Data descriptors recognized by Coro Cybersecurity.
To learn more about the standards enforced for protecting sensitive information, see Compliance.
What are the threats
A number of threats can place your company's data at risk and it is important to be aware of them and take measures to limit their impact:
- Cyber attacks: Cybercriminals can use a variety of methods to access sensitive information, such as hacking into systems, phishing scams, and malware.
- Insider threats: Employees and contractors may intentionally or unintentionally access or misuse sensitive information.
- Physical theft: Sensitive information can be stolen or lost through physical theft or misplacement of devices, such as laptops and smartphones.
- Human error: Mistakes, such as accidentally sending sensitive information to the wrong person, can result in data breaches.
How does Coro Cybersecurity protect against such threats
Coro Cybersecurity provides the means to reduce the risk of data breaches and to protect sensitive information from unauthorized access and misuse.
You can use the Coro console to configure, review, and analyze the data protection activities that are being captured and saved by protected and unprotected users.
Log in to the Coro console with your admin credentials to configure your protection features and to monitor the activity in your organization.
Coro provides the following features:
Permission management
On a day-to-day basis, an organization must balance legitimate data access needs by authorized employees against the risk of unauthorized access and sharing of sensitive information. To achieve this balance, Coro Cybersecurity includes a permission management function where you define the access rights for individuals and groups of employees.
To configure your permissions, navigate to the Control Panel (the "cog" icon at the top-right). From here, select the Data option:
Then, select the Permissions tab:
Through this page, you can implement a comprehensive access strategy for your users as they review or share sensitive information.
NOTE: Your workspace users have access to sensitive information granted by default. Use this page to add restrictions according to your organizational needs.
Use the + ADD PERMISSION button to include new permission settings for all users, specific users, or specific groups of users. You can choose from the following access types:
- Can Access: Enable the named user(s) or group(s) to view information.
- Can Access and Expose: Enable the named user(s) or group(s) to view and share information with anyone (regardless of that person's own permission settings).
Make sure you select the data types for which you want this permission to apply. Then, select ADD to save your changes.
If you want to change or remove a permission later, select the permission access setting and choose a different option from the list:
Data monitoring
Strong data monitoring and detection controls are necessary to prevent sensitive information from being shared with, or accessed by, unauthorized users. One way to achieve this is by detecting sensitive information through the use of technologies for data loss prevention (DLP).
Coro Cybersecurity’s DLP capability monitors in real-time and scans all outgoing communications for sensitive information, flagging to the workspace administrator any instances where such information is sent to an unauthorized user or group of users.
Coro recommends monitoring the information types critical to your business or industry to achieve optimal results. For example:
- A company providing accounting services might collect personal customer information to effectively deliver its services. In this case, Coro recommends monitoring for PII and PCI.
- A company providing nursing services to patients would need to collect personal and health information as part of the service. Coro recommends monitoring for PHI, PII and PCI.
- Automotive agency that provides loan services collects personal and financial information. Coro recommends monitoring NPI as the agency must comply with GLBA regulations.
To configure data monitoring in Coro Cybersecurity, navigate to the Control Panel (the "cog" icon at the top-right).
From here, select the Data option followed by the Monitoring tab:
Enable or disable each option listed (categorized under Data Exposure or Data Possession) as applicable to your needs.
Coro recommends enabling information types according to the following table of industry sectors and typical regulatory needs:
NOTE: This list is non-exhaustive, nor warrantied in any way, and is included for guidance only.
Sector | Regulation | Data Type | Comment |
Accounting Services | SOX, State Privacy , ISO 27001 | PII | |
Agriculture & Food | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Automotive | State Privacy , GLBA | NPI | |
Business & Marketing | State Privacy | PII | |
Business Services | State Privacy | PII | |
Colleges & Universities | State Privacy , GLBA, ISO 27001, FERPA | NPI & PII | |
Construction | State Privacy | PII | |
Consulting | State Privacy | PII | |
Consumer Services | State Privacy | PII | |
Education | State Privacy , FERPA | PII | |
Energy, Utilities & Waste | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Finance | State Privacy, GLBA, SOX, ISO 27001 | NPI | |
Government | FISMA, State Privacy | PII | |
Health | HIPAA, State Privacy | PHI & PII & PCI | |
Holding Companies & Conglomerates | State Privacy | PII | |
Hospitality | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
HR | State Privacy | PII | |
Insurance | State Privacy, GLBA, SOX, ISO 27001 | NPI | |
IT services | State Privacy | PII & PCI | |
Law Firms & Legal Services | State Privacy | PII | |
Manufacturing | State Privacy | PII | |
Media & Internet | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Minerals & Mining | State Privacy | PII | |
Organizations | State Privacy | PII | |
Pharma | HIPAA, State Privacy | PHI & PII & PCI | |
Real Estate | State Privacy | PII | |
Retail | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Software | State Privacy , SOC 2 | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Telecommunications | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Transportation | State Privacy | PII & PCI | PCI is relevant for establishment that receive credit card payments |
Coro can also monitor customized Security and business sensitive data. This is data that is important to your specific organization, and is grouped as follows:
- Passwords
- Certificates
- Source code
- Specific keywords
- Specific file types
Ticket management
In the Coro console Actionboard, you can view a summary of applications, users, devices, email, and data activity across your workspace. To observe an analysis of data protection and monitoring activity, use the Data panel:
Through this panel you can identify and prioritize areas of concern, such as top violators or flagged data monitoring tickets. This helps to ensure that security incidents are quickly addressed and resolved, and that sensitive information is being protected in a consistent and effective manner. Use the information provided in the Actionboard as part of an overall strategy in raising awareness among your users of the importance of protecting sensitive information.
Coro Cybersecurity creates data monitoring tickets where sensitive information is identified as being used or shared in a manner that violates your permissions and monitoring policies. A ticket contains information about the type of sensitive information that was detected, the user who triggered the ticket, and the context of the activity (such as the file name, when, its findings, and so on).
This information can be used to quickly and efficiently identify and respond to security incidents, such as unauthorized data sharing or data breaches. Additionally, tickets can be used to provide insight into the usage and sharing patterns of sensitive information, which can help organizations to identify data protection policies and procedures needing improvement.
Coro Cybersecurity generates the following types of data monitoring tickets:
Tickets requiring manual review by administrators
Tickets that trigger a high level of suspicion or have a high potential of direct violation of regulatory requirements are marked as requiring review by an administrator or security personnel. These tickets often contain very sensitive information and it is important that action is taken.
The review period is limited to 2 weeks, after which a ticket is automatically closed and logged. This review period is designed to ensure that all potential security incidents or violations are captured and addressed in a timely manner.
Some examples of this type of ticket include:
- PCI: Detection of a credit card number
- PII: US Passport and person name
- NPI: SSN and bank statement
- PHI: Medical image or scan
Your review options are:
- Close ticket: Close this ticket immediately as reviewed.
- Suspend user from all cloud apps: Temporarily suspend the user from all Coro-protected cloud applications.
- Suspend user from Microsoft 365 / Google Workspace: Temporarily suspend the user from the Microsoft 365 or Google Workspace account indicated in the ticket.
- Remove exposing sharing: Remove all shares with people from outside of your organization.
- Contact User: Send a direct message the the user that has violated the policy.
Automatically closed tickets
These are tickets containing sensitive information, but do not require manual review by administrators.
Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing.
Some examples of this type of ticket include:
- PII: IP and MAC address
- NPI: Monthly payment (Financial Content) and email address
- PHI: Medical Records Number (MRN)
Your review options include:
- Re-open: Reopen this closed ticket for manual review.
- Suspend user from all cloud apps: Temporarily suspend the user from all Coro-protected cloud applications.
- Suspend user from Microsoft 365 / Google Workspace: Temporarily suspend the user from the Microsoft 365 or Google Workspace account indicated in the ticket.
- Contact user: Send a direct message the the user that violated the policy.
- Un-log and remove from audit reports: Exclude this ticket from the log if the ticket details constitute a false positive.
Unprotected user sensitive data monitoring
Coro Cybersecurity monitors unprotected user activity across your workspace in addition to your defined protected users.
By monitoring potential data violations by unprotected users, Coro enables organizations to track and document incidents in order to identify patterns or trends in user behavior. Such events might indicate systemic issues or vulnerabilities, and an organization can then mitigate the risk and amend policy and user protection accordingly.
Device monitoring
Coro Cybersecurity can remotely scan endpoint device drives for sensitive data. This feature enables organizations to proactively identify and monitor the storage of sensitive information on its user's devices.
The remote scan feature works by conducting a thorough scan of the specified drives and detecting any sensitive files that are present.
To remotely scan a device, navigate to the Devices panel and use the left-hand section to view the device list. Choose either all devices (select the View > link), devices that have critical issues (select the red section of the chart), or devices that have no issues (select the green section of the chart):
From the list of devices shown, select an active device (not marked Offline) and choose Remote scan for sensitive data from the Actions menu:
For each drive that is scanned, a ticket is created that contains a list of the sensitive files that have been detected. This information can be used by administrators or security personnel to review and address the issue by remotely encrypting the drive.
To remotely encrypt a device, navigate to the Devices panel and select tickets from one or more of the following categories:
- Endpoint drive with NPI
- Endpoint drive with PCI
- Endpoint drive with PHI
- Endpoint drive with PII
Coro displays the list of tickets where sensitive information was detected on a device. For each open ticket, review the findings and, if required, select the Actions menu and choose Encrypt Drive.