Files Containing Financial Information
Whenever a Google Drive file that is not private is found to contain financial information, we need to revoke all sharing for that file, notify the user who owns the document, and alert the security team in case of an ongoing breach.
This workflow will run whenever a file that is shared in Google Drive contains financial information and triggers the ‘Files Containing Financial Information’ custom alert. It will set the file sharing settings to private, remove all file collaborators, send an email to the file owner, and send an email to the domain’s security group.
1. ‘Files Containing Financial Information’ Alert
You will need to start by configuring the ‘Files Containing Financial Information’ custom alert from the Alerts Manager. Using the ‘Sensitive Data Scanned’ alert template allows you to create your new alert that includes content scanning conditions. In the example below we’ve added the following information types:
- Credit Card
- Bank Routing Number
- American Bankers CUSIP ID
You may add additional information types as needed. These conditions will function with OR logic, meaning that documents need only contain one of the information types to trigger the alert and workflow.
Please Note: This alert will only scan and trigger on documents that are edited from this point forward. You may also choose to scan private files using the ‘Include Private Files’ checkbox. However, please note that this may cause BetterCloud to take significantly longer to scan your files. In this example we have specifically not checked the box so that we do not trigger the workflow on files that are not shared.
2. Set File Sharing Settings
Use the ‘Set File Sharing Settings’ action to target the file that triggered your workflow and change the sharing settings to off.
Under ‘Sharing Settings’, select ‘Off - Specific People - Shared with specific people’. This will ensure that the file cannot be viewed publicly or domain-wide.
3. Remove File Collaborators
Add the ‘Remove File Collaborators’ action to your workflow. Under ‘Collaborator to Remove’, select the ‘Remove All Collaborators from this file?’ checkbox.
Please note: Selecting "Remove All Collaborators from this file?" will remove both external and domain-internal users.
4. Send Email to User
Using the ‘Send Email to User’ action, target the file owner in order to send them an email notifying them that their document has been found to contain financial information. In this example we’ve BCC’ed our InfoSec team, and the body of the email contains both the file owner’s name and the name of the file.
5. Send Email to Group
Finally, we’ll send an email to the security team using the ‘Send Email to Group’ action. The IT team has been set as a CC to make sure they are aware of the incident and can assist as necessary. The body of the email contains both the name of the file that triggered the workflow, and the email address of the file’s owner.
Additional Alert and Workflow Example
Here is an additional example of how you can create the same Workflow in Box. Other providers are coming shortly.
Sensitive Data Scanned
Remove File Collaborator - Use this action to remove all file collaborators and sharing links for the specified file.
Important: Due to limitations with the Box API, removing a file collaborator will also revoke the user's access to any parent folders containing the file if file permissions were inherited.
Please note: It is not yet possible to target users across providers to send them an email. This is coming in the near future. You can still specifically send to the security and IT groups.