Hi all,[PRODUCT NAME: Slack, Google Drive, GitHub, Confluence, Jira] are integral to how we work together at [Company Name]. Many of us use [Product Name] regularly to collaborate and to be effective in our day to day work.As [Company Name] continues to grow, it remains critically important to protect and secure the information that we share within and across products. Starting [Roll out date], we will begin using a data loss prevention tool called Nightfall which will monitor [Product Name] so that sensitive data (e.g. customer PII, employee personal data, or other forms of restricted data) is not shared or stored insecurely.Why is this important?Our customers require us to provide a high level of protection for any data that they provide to [Company Name]. When we share sensitive data, it should be through a secure cloud sharing solution and not across cloud applications that are not intended to house sensitive information.What is sensitive or restricted data?Sensitive or restricted data is a classification of information at [Company Name]. This data is often customer or employee personal data, including SSNs, credit card information, dates of birth, and credentials.How does this impact you?If you have access to sensitive or restricted data, please be mindful of where and with whom you share it in [Product Name]. Note that our security team may reach out to you to help with remediating any violations to ensure that our data is safe and secure.If you have any questions, please reach out to [Security Team email]. Thanks for helping to keep [Company Name] secure!
Hi all,A few weeks ago, the Security team implemented a data loss protection tool called Nightfall, which detects sensitive information shared between users on [Product].To date, Nightfall has scanned [XXX] messages that detected sensitive information not authorized for sharing via [Product]. This baseline data highlights a few trends that violate our security policies.We’d like to remind everyone to follow the below security protocols and secure sharing practices:
- Customer PII and employee personal data should never be shared over [Product].
- [insert key security protocols and best practices for sharing at your company; examples below]
- Example: Passwords of any kind must be stored in [1Password/LastPass/RPass] or another secure password vault.
- Example: Passwords should be complex and unique. Use [1Password/LastPass/RPass]’s password generator to generate random string passwords - not “Acme123!” or passwords without sufficient randomness.
- Example: Passwords should never be posted in a shared document.
- Example: API Authentication tokens (e.g., Basic, Bearer) or Private Keys are effectively passwords and should never be stored or sent in plain text.Thank you for always keeping [Company Name] secure!