Skip to content

Using Coro to protect against data loss and misuse

Organizations typically have regulatory, contractual, or ethical obligations to protect the data they hold about individuals.

To ensure the security and privacy of sensitive information, organizations must be able to demonstrate they have robust data protection measures in place. This includes the ability to manage access to sensitive information, to monitor data sharing and sending, and to store data securely.

What counts as sensitive information

Sensitive information refers to data that is confidential, private, or otherwise protected by law, policy, or contractual obligation, and requires special care in handling, storage, and access.

Sensitive information typically falls under one of the following types:

  • Personally Identifiable Information (PII): Information that allows a reasonable inference of the identity of a person either directly or indirectly, such as full name, email address, passport number, or social security number. PII is covered by data protection regulations such as GDPR in Europe and state privacy law in the United States (for example, CCPA, NYPA, CPA).

  • Payment Card Industry (PCI): a set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

  • Protected Health Information (PHI): Information about an individual's health or medical history that is collected, stored, used, or disclosed in the course of providing health care services, such as patient name, medical history, and health insurance details. PHI is protected by law under legislation such as the Health Insurance Portability and Accountability Act (HIPAA).

  • Non-Public Personal Information (NPI): personal financial information that is collected and stored by financial institutions, such as social security number, financial account numbers, home address, email address, income details, and employment information. NPI s protected by law under legislation such as the Gramm-Leach-Bliley Act (GLBA).

To see the list of data descriptors that Coro is able to identify as sensitive information, see Data descriptors recognized by Coro.


Coro recognises sensitive data for defined descriptors in US-format only.

To learn more about the standards enforced for protecting sensitive information, see Compliance.

What are the threats

A number of threats can place your company's data at risk and it is important to be aware of them and take measures to limit their impact:

  • Cyber attacks: Cybercriminals can use a variety of methods to access sensitive information, such as hacking into systems, phishing scams, and malware.
  • Insider threats: Employees and contractors may intentionally or unintentionally access or misuse sensitive information.
  • Physical theft: Sensitive information can be stolen or lost through physical theft or misplacement of devices, such as laptops and smartphones.
  • Human error: Mistakes, such as accidentally sending sensitive information to the wrong person, can result in data breaches.

How does Coro protect against such threats

Coro provides a number of features to protect sensitive information from unauthorized access and misuse, helping to reduce the risk of data breaches.

Use the Coro console to configure your protection features and to monitor the activity by protected and protectable users in your organization. Sign in to the Coro console to get started.

Coro provides the following:

Permission management

On a day-to-day basis, an organization must balance legitimate data access needs by authorized employees against the risk of unauthorized access and sharing of sensitive information. To achieve this balance, Coro includes a permission management function where you define the access rights for individuals and groups of employees.

To configure your permissions, access User Data Governance from the Control Panel:

Control Panel

Then, select the Permissions tab:

User Data Governance Permissions tab

Through this page, you can implement a comprehensive access strategy for your users as they attempt to view or share sensitive information contained in your cloud applications.


Your workspace users have access to sensitive information granted by default. Use this page to add restrictions according to your organizational needs.

Use the + ADD PERMISSION button to include new permission settings for all users, specific users, or specific groups of users. You can choose from the following access types:

  • Can Access: Enable the named user(s) or group(s) to view information.

  • Can Access and Expose: Enable the named user(s) or group(s) to view and share information with anyone (regardless of that person's own permission settings).

Make sure you select the data types for which you want this permission to apply. Then, select ADD to save your changes.

If you want to change or remove a permission later, select the permission access setting and choose a different option from the list:

Permissions menu

User monitoring

Strong data monitoring and detection controls are necessary to prevent sensitive information from being shared with, or accessed by, unauthorized users. One way to achieve this is by detecting sensitive information through the use of technologies for data governance and data loss prevention (DLP).

Coro’s data governance capability monitors users in real-time and scans all outgoing communications for sensitive information, flagging to workspace admin users any instances where such information is sent to an unauthorized user or group of users.

Coro recommends monitoring the information types critical to your business or industry to achieve optimal results. For example:

  • A company providing accounting services might collect personal customer information to effectively deliver its services. In this case, Coro recommends monitoring for PII and PCI.
  • A company providing nursing services to patients would need to collect personal and health information as part of the service. Coro recommends monitoring for PHI, PII and PCI.
  • Automotive agency that provides loan services collects personal and financial information. Coro recommends monitoring NPI as the agency must comply with GLBA regulations.

To configure data monitoring for user activity, access User Data Governance from the Control Panel:

User Data Governance

Then, select the Monitoring tab:

Data Monitoring tab

Enable or disable each option as applicable to your requirements. Coro recommends enabling information types according to the following table of industry sectors and typical regulatory needs:


This list is non-exhaustive, nor warrantied in any way, and is included for guidance only.

Sector Regulation Data Type Comment
Accounting Services SOX, State Privacy , ISO 27001 PII
Agriculture & Food State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
Automotive State Privacy , GLBA NPI
Business & Marketing State Privacy PII
Business Services State Privacy PII
Colleges & Universities State Privacy , GLBA, ISO 27001, FERPA NPI & PII
Construction State Privacy PII
Consulting State Privacy PII
Consumer Services State Privacy PII
Education State Privacy , FERPA PII
Energy, Utilities & Waste State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
Finance State Privacy, GLBA, SOX, ISO 27001 NPI
Government FISMA, State Privacy PII
Health HIPAA, State Privacy PHI & PII & PCI
Holding Companies & Conglomerates State Privacy PII
Hospitality State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
HR State Privacy PII
Insurance State Privacy, GLBA, SOX, ISO 27001 NPI
IT services State Privacy PII & PCI
Law Firms & Legal Services State Privacy PII
Manufacturing State Privacy PII
Media & Internet State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
Minerals & Mining State Privacy PII
Organizations State Privacy PII
Pharma HIPAA, State Privacy PHI & PII & PCI
Real Estate State Privacy PII
Retail State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
Software State Privacy , SOC 2 PII & PCI PCI is relevant for establishment that receive credit card payments
Telecommunications State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments
Transportation State Privacy PII & PCI PCI is relevant for establishment that receive credit card payments

Coro can also monitor customized Security and business sensitive data. This is data that is important to your specific organization, and is grouped as follows:

  • Passwords
  • Certificates
  • Source code
  • Data objects with specific keywords
  • Specific file types

Enable the settings required by your organization and, for Data objects with specific keywords or Specific file types, type your keyword or file type list into the boxes provided:

Security and business sensitive data

Ticket management

In the Coro Actionboard, you can view a summary of activity across your workspace. To observe an analysis of data protection and monitoring activity, use the User Data Governance and Endpoint Data Governance panels:

Data Governance panels

Through these panels you can identify and prioritize areas of concern, such as top violators or flagged data monitoring tickets. This helps to ensure that security incidents are quickly addressed and resolved, and that sensitive information is being protected in a consistent and effective manner. Use the information provided in the Actionboard as part of an overall strategy in raising awareness among your users of the importance of protecting sensitive information.

Coro creates data monitoring tickets where sensitive information is identified as being used or shared by your protected users, or stored on your endpoint devices, in a manner that violates your permissions and monitoring policies. A ticket contains information about the type of sensitive information that was detected, the user or device that triggered the ticket, and the context of the activity (such as the file name, when, its findings, and so on).

This information can be used to quickly and efficiently identify and respond to security incidents, such as unauthorized data sharing or data breaches. Additionally, tickets can be used to provide insight into the usage and sharing patterns of sensitive information, which can help organizations to identify data protection policies and procedures needing improvement.

Coro generates the following types of data monitoring tickets:

Tickets requiring manual review by admin users

Tickets that trigger a high level of suspicion or have a high potential of direct violation of regulatory requirements are marked as requiring review by admin users. These tickets often contain very sensitive information and it is important that action is taken.

The review period is limited to 2 weeks, after which a ticket is automatically closed and logged. This review period is designed to ensure that all potential security incidents or violations are captured and addressed in a timely manner.

Some examples of this type of ticket include:

  • PCI: Detection of a credit card number
  • PII: US Passport and person name
  • NPI: SSN and bank statement
  • PHI: Medical image or scan

The available ticket review and remediaton options depend on the ticket type, and are listed in full at User Data Governance ticket types or Endpoint Data Governance ticket types.

Typical options include:

  • Close ticket: Close the ticket immediately as reviewed.
  • Suspend user from all cloud apps: Temporarily suspend the user from all Coro-protected cloud applications.
  • Suspend user from <cloud application>: Temporarily suspend the user from their account in the specific named cloud application.
  • Remove exposing sharing: Remove all shares with people from outside of your organization.
  • Contact User: Send a direct message that the user that has violated the policy.

Automatically closed tickets

These are tickets containing sensitive information, but do not require manual review by admin users.

Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing.

Some examples of this type of ticket include:

  • PII: IP and MAC address
  • NPI: Monthly payment (Financial Content) and email address
  • PHI: Medical Records Number (MRN)

Typical review options include:

  • Re-open: Reopen this closed ticket for manual review.
  • Suspend user from all cloud apps: Temporarily suspend the user from all Coro-protected cloud applications.
  • Suspend user from <cloud application>: Temporarily suspend the user from their account in the specific named cloud application.
  • Contact user: Send a direct message that the user that violated the policy.
  • Un-log and remove from audit reports: Exclude this ticket from the log if the ticket details constitute a false positive.

Protectable user sensitive data monitoring

Coro monitors protectable user activity across your workspace in addition to your defined protected users.

By monitoring potential data violations by protectable users, Coro enables organizations to track and document incidents in order to identify patterns or trends in user behavior. Such events might indicate systemic issues or vulnerabilities, and an organization can then mitigate the risk and amend policy and user protection accordingly.

Device monitoring

Coro can remotely scan endpoint device drives for sensitive data. This feature enables organizations to proactively identify and monitor the storage of sensitive information on user's devices.

The remote scan feature works by conducting a thorough scan of the specified drives and detecting any sensitive files that are present.

To initiate a remote scan on a device, select Devices from the Coro console toolbar:

Devices list

Select an active device (not marked Offline), select the Actions menu, then select Remote scan for sensitive data:

Device actions


Admin users with sufficient permissions can also set up schedules to regularly scan groups of devices at defined intervals. To learn more, see Scheduling a sensitive data scan.

For each drive that is scanned, a ticket is created that contains a list of the sensitive files that have been detected. This information can be used by admin users to review and address the issue by remotely encrypting the drive.

To remotely encrypt a device, view the Endpoint Data Governance dashboard panel and select tickets from one or more of the following categories:

  • Endpoint drive with NPI
  • Endpoint drive with PCI
  • Endpoint drive with PHI
  • Endpoint drive with PII

Endpoint Data Governance panel

Coro displays the list of tickets where sensitive information was detected on a device. For each open ticket, review the findings and, if required, select Encrypt Drive from the Actions menu.

To learn more about the Coro modules used in this guide, see User Data Governance and Endpoint Data Governance.