Inbound Workflows for Data Loss Prevention

Description

Data Loss Prevention (DLP) is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. Shield's Email Traffic Control helps you orchestrate incoming message behaviors using inbound workflows.

Lockbox is a Shield Pro feature that provides an extra layer of protection for sensitive emails. Messages can only be unlocked using Shield multi-factor authentication, so your messages are secure even if your email account is compromised during an account takeover (ATO).

Only Shield Admins with the Superuser or Administrator role may create, modify, or delete workflows and workflow templates.

Sensitive Data Types

Email Traffic Control offers the following sensitive data to be automatically protected for inbound delivery:

Bank Account Number Detects US routing numbers, IBAN, and bank account numbers
Credit Card Number Detects credit card numbers for major card types (Visa, MasterCard, American Express, etc.)
Date of Birth Detects dates of birth with contextual keywords in various formats
Financial Information Detects common financial information like credit cards, bank accounts, and tax IDs.
Phone Number Detects US and international phone numbers in various formats
Passport Number Detects passport numbers for US, UK, EU, Canada, and Australia
Personal Identifiable Information (PII)  Detects common PII patterns including SSN, credit cards, phone numbers, and more.
Protected Health Information (PHI) Detects common PHI keywords and patterns in text
Social Security Number Detects US Social Security Numbers in format XXX-XX-XXXX or XXXXXXXXX
Tax ID / EIN  Detects US Tax Identification Numbers including EIN and ITIN formats
US Driver's License Detects US driver's license numbers in various state formats

Lock with Lockbox

To lock incoming messages with Lockbox, the recipient must have a Shield Pro license enabled. If the user is not licensed, this workflow will deliver the message as-is to the user's mailbox, and the message X-ray timeline will include the entry: Skipped lock action for workflow [Workflow Name] due to missing Shield Pro license.

To create this workflow, go to your parent organization or to a specific customer organization, then:

Add incoming workflow sensitive data via Lockbox.png
  1. Click on Workflows.
  2. Under Build a Workflow, click Create.
  3. Enter a Name and Description for the workflow.
  4. Under Trigger type, select Incoming email.

  5. Click Add.

    Workflows are disabled by default. Please ensure it remains disabled until all conditions or actions are added to the workflow.

  6. Click Add conditions on the workflow's conditions and actions builder page. DLP Lockbox - Conditions and Actions.png

  7. On the New Condition page, click in the Search field and scroll to the Message section to choose from: 

    Email Content Checks the content of the email body for sensitive information
    Message Body Checks the content of the email body
    Subject Line Checks the subject line of the email
  8. Check the Add condition box to continue adding sensitive data conditions, if applicable, then click Add. New Condition - Add more conditions (in).png
    The workflow can trigger on Any or All conditions, configurable after all conditions are added. 
  9. Click on Add actions.
  10. On the New Actions page, click in the Search field and scroll to the Security section to choose Lock with Lockbox.
  11. Click Add.

The workflow is now created for the current Shield organization. Click on the vertical ellipsis () menu in the upper-right corner to choose to convert the workflow to a template or delete the workflow.

Related to

Updated

Was this article helpful?

0 out of 0 found this helpful