Los Angeles-based Trusaic specialises in helping clients ensure they are compliant with the 2010 Affordable Care Act. The Act requires employers that meet specific criteria to provide healthcare insurance to their employees. Using state-of-the-art technology, advanced data analytics and human expertise, Trusaic helps clients track compliance and carry out mandatory reporting.
"We chose Egress because its contextual machine learning applies the intelligence required to genuinely detect when data is being put at risk."
Data protection is a core corporate value at Trusaic, as Maxfield Marquardt, Counsel and Associate Director of Regulatory Affairs, explains: “Due to the nature of the work we do for clients, we’re regularly interacting with very sensitive data in their employee records – such as social security numbers, dates of birth, addresses and salary information, so we take our data security duty very seriously”. Trusaic is regulated by the CCPA and is SOC2-certified, but the company’s commitment to safeguarding client data is driven by more than compliance, as Maxfield continues: “Achieving CCPA compliance was easy for us, because we were already so committed to data security! We believe that protecting client information is simply the right and necessary thing to do.”
As part of its drive for continuous improvement in IT infrastructure and data security, Maxfield frequently reviews Trusaic’s current provision and explores new functionality that could strengthen their position. In 2020, he was looking to enhance email security to better address the problem of misdirected emails and mitigate the risk of data compromise. Trusaic already had a rules-based solution in place but Maxfield was aware that it had limitations. Frequent pop-up alerts were causing user friction, resulting in click fatigue that increased the chance of a high-risk email being shared with unauthorised recipients.
Contextual machine learning seals the deal
Following research, Maxfield evaluated Egress Prevent as a potential solution to improve email security, specifically to stop misdirected emails. Prevent uses contextual machine learning to analyse users’ typical email behavior patterns and combines this with advanced DLP to spot when a user is about to accidentally
email the wrong person or send confidential data to an unauthorised recipient. By alerting the user, Prevent stops the breach before it happens, while continuous machine learning constantly refines the solution to ensure maximum protection with minimum user friction.
Maxfield felt that contextual machine learning added considerably more robust functionality that would improve Trusaic’s data protection posture, noting: “We chose Egress because its contextual machine learning applies the intelligence required to genuinely detect when data is being put at risk. It’s able to make the connection between users’ habits and relationships, and what they have sent by email in the past, linking with that an intelligent understanding of the sensitivity of data contained in emails and attachments. So it can stop a user accidentally sending something that might have otherwise slipped through the cracks with static rules-based technology.”
He also recognised that Egress Prevent could alleviate the administrative burden and vulnerability of rules-based systems, saying: “The problem with creating rules is that a person is still creating them – a rule is only as good as the people who think it up and implement it. Having that extra back-up of a machine learning algorithm that is constantly improving is great – it really sets the solution apart.”
"One of the things I really enjoy about the product is that I don’t have to choose a single set of rules for everybody – it’s not one-size-fits-all."
Meeting corporate goals, not just compliance checklists
Trusaic implemented a phased rollout, with Maxfield and his colleagues in the legal department taking the lead: “User experience is a huge priority for us, so it’s brilliant that Egress gives us the flexibility to refine our deployment over time. In today’s environment, if a cybersecurity tool is standing still it’s not working!” The ability to customise Prevent to match the priorities and risk tolerance of each department is a key feature for Trusaic, as Maxfield explains: “One of the things I really enjoy about the product is that I don’t have to choose a single set of rules for everybody – it’s not one-size-fits-all. The solution is intelligently learning from each individual user’s behavior, and I can also dial up or down the number of alerts specific teams or employees get. This means I can be responsive to the needs of different departments as they require.”
Egress Prevent helps Trusaic deliver on its commitment to prioritising data protection as a core business value that goes beyond basic compliance demands. Maxfield anticipates an enduring relationship: “We’re always going to want a solution to the issue of misdirected emails. Our company leadership recognises that this is a necessary problem to solve. As long as we get what we’re getting now – a cutting edge solution that creates the maximum value with the least amount of friction to prevent user error when sending sensitive data – we’re going to be partnering with Egress.”