Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data leaks are a type of data loss threat that often fly under the radar — making them potentially more damaging than a malware or ransomware attack. Compared to data breaches, data leaks put customer information at risk accidentally. Data leaks can lead to credit card fraud, extortion, stolen IP, and further attacks by cybercriminals who seek to take advantage of security misconfigurations.

Last month, on December 8, we hosted a webinar alongside Bluecore CISO Brent Lassi to discuss data security risks facing high-growth organizations like his on SaaS systems like Slack. With 2022 just beginning, we wanted to share 5 important lessons about Slack and SaaS security that are worth keeping in mind this year.

DLP ensures confidential or sensitive information (like credit card numbers, PII, and API keys) isn’t shared outside of Slack by scanning for content within messages and files that break predefined policies. DLP is important for both security and compliance reasons. With DLP in place, you’ll be able to.

Salesforce houses high volumes of customer information, support tickets, quotes and files, synced emails, tasks & notes, and much more. This data can often be accessed by teams across the company who may leverage Salesforce to provide prospects and customers with a great customer experience. However, allowing sensitive data like PII and credit card numbers to live within Salesforce can pose security & compliance risks.

Some of the most damaging data leaks have resulted from poor database security. In March 2020, 10.88 billion records were stolen from adult video streaming website CAM4’s cloud storage servers. In March 2018, 1.1 billion people were the victim of a breach of the world’s largest biometric database, Aadhaar. And, in April 2021, 533 million users had their information compromised when a Facebook database was leaked on the dark web for free.

Endpoint data loss prevention (DLP) discovers, classifies, and protects sensitive data – like PII, credit card numbers, and secrets – that proliferates onto endpoint devices, like your computer or EC2 machines. This is a way to help keep data safe, so that you can detect and stop occurrences of data exfiltration. Our endpoint DLP application will be composed of two core services that will run locally.

Nightfall is a data security vendor that integrates with our customers’ third party applications (Slack, Google Drive, Github, Jira etc) to, on a continuous real-time basis, scan all content being added to these applications for sensitive data.