Improper Document Sharing of Sensitive Data

Collaboration Services and Information Security are using Cisco Cloudlock to detect publicly shared Google Drive files containing sensitive data, like social security numbers and credit card numbers.  Faculty/staff accounts and some student accounts in clinical departments are monitored.

If document containing sensitive information is shared improperly, the owner of the document will receive a notification from Cloudlock with the following wording:

To: eID@vcu.edu

From:  no-reply@cloudlock-ops2.comno-reply@cloudlock-ops2.com via amazonses.com

Subject: IMPORTANT: Improper Sharing of Sensitive Information in your Google Drive

Dear {{user}},

According to our security systems, it appears that you have shared a Google document containing social security numbers either publicly or domain-wide. To maintain the security of this data, we have removed one of the following sharing settings from your document: Public on the web; Public with a link, Domain-wide, or Domain-wide with a link.

<Name of the shared document with a link to the document>

If the data detected by our system was not a social security number, or there is a valid business reason to share this sensitive information publicly, or with everyone in the University, then please contact VCU Information Security, infosec@vcu.edu.

 

 Example of email from Cloudlock