how would this system detect sharing with external accounts? sounds like they put some words together to make it sound like it’s all standardized and automated and not result of human actions
All outgoing email is being scanned for sensitive information in plain text or attachments. This is standard practice in every corporation and something you are being warned about when being on-boarded as a new-joiner.
why would she email it from her corp account to various accounts instead of emailing it to her personal account or just uploading it directly to some personal drive account
> an account had exfiltrated thousands of files and shared them with multiple external accounts
I'm just questioning why she would email to multiple external accounts directly from her corp email instead of saving to 1 personal account and then sharing from there, undetectable, many times. And yes, they would still have detected the 1 email but I'm questioning the accuracy of this explanation; sounds partly made up to make it sound more serious.
Multiple external accounts could mean her lawyer's account and her own. Or 2 lawyers' accounts. The latter would help show she didn't distribute the files to anyone else.
> sounds like they put some words together to make it sound like it’s all standardized and automated and not result of human actions
Part of my job is administering a system for detecting unauthorized sharing, exporting, or printing. It has thresholds and a rules-based engine for specifying what behavior should trigger alerts. Google's system is probably custom but there are definitely products on the market for this sort of thing.
