Staff Security Awareness Tips

Improving Employee Security Awareness

Contact Sales
PhishingBox Security Awareness Training Provider and Phishing Simulation End-PointPhishingBox Security Awareness Training Provider and Phishing Simulation End-Point

Handling Sensitive Information
 

This is the Security Tip: Handling Sensitive Information email that is used within the PhishingBox security awareness training. These security tips can be used to provide ongoing security reminders to employees.

PhishingBox Logo
Banner
What You'll Learn Today: How to Handle Sensitive Information

Some of the information we access on a daily basis is sensitive and should be handled appropriately.

Keep sensitive info secure
Search Icon
You first need to know what information is considered sensitive. In general terms, this will be any information that is not readily available to the public, such as employee identification numbers.
Floppy Disk Icon
Non-public or sensitive information should be secured all all time. When in printed form, it should be physically secured when not being used. In electronic form, the data should be encrypted, especially if the storage device is not in a secure facility, such as a laptop or other mobile device.
  
Search Icon
You first need to know what information is considered sensitive. In general terms, this will be any information that is not readily available to the public, such as employee identification numbers.
Floppy Disk Icon
Non-public or sensitive information should be secured all all time. When in printed form, it should be physically secured when not being used. In electronic form, the data should be encrypted, especially if the storage device is not in a secure facility, such as a laptop or other mobile device.
Transfer Icon
When sensitive information is transferred from one person or location to another, it should be done through a secure mechanism, such as an encrypted filed sharing system. DO NOT attach a document with sensitive information to a non-encrypted or plain text email.
Archive Icon
Archiving is the long-term storage of information. This storage may be electronic or physical. Like other storage, it should be physically secure or be encrypted. In addition to security, archived items will often include a specific retention period.
Shred Icon
When sensitive information is no longer needed, it can be destroyed. For paper documents, this destruction should be via a means that does not allow the information to be put back together, such as using a cross-cut shredder. Documents should be physically secured pending description. Electronic media should be erased and overwritten so that the data is not retrievable.
Transfer Icon
When sensitive information is transferred from one person or location to another, it should be done through a secure mechanism, such as an encrypted filed sharing system. DO NOT attach a document with sensitive information to a non-encrypted or plain text email.
Archive Icon
Archiving is the long-term storage of information. This storage may be electronic or physical. Like other storage, it should be physically secure or be encrypted. In addition to security, archived items will often include a specific retention period.
Shred Icon
When sensitive information is no longer needed, it can be destroyed. For paper documents, this destruction should be via a means that does not allow the information to be put back together, such as using a cross-cut shredder. Documents should be physically secured pending description. Electronic media should be erased and overwritten so that the data is not retrievable.
If you are unsure of how to handle sensitive information, contact your security personnel for additional guidance.

Copyright © 2021 PhishingBox, LLC