Datapath Blog

Confidential Information Handling

Posted by Datapath on Jun 17, 2019 7:47:05 AM

Confidential, Top Secret, Sensitive, For Internal Use Only
These terms apply to information both hard-copy and electronic that should be handled with care. A lot of times, these designations apply to intellectual property, trade secrets, and security configurations. Listed below are several things to keep in mind when dealing with confidential information.

Shred, Shred, Shred
Someone may hand you documents, or you may print out a file or email containing sensitive information. Make sure that when you are done with it, that you shred-shred-shred these files instead of just placing them in the trash. Things to keep in mind: Leaving printed files in the printer tray, meeting handouts, printed emails.
- Attackers will go through the trash and dumpsters to obtain these sensitive documents.

Tidy up
Take a look around your desk... how many documents do you have out and available for someone to grab, or view? Be sure to keep a tidy workplace: put files away in locked drawers when not in use. Would you leave the keys to your house outside the front door at night, or inside, locked away?
- Bad guys have been known to impersonate maintenance staff and cleaning crews to grab files off of desks after hours

Data and Files - Encryption and Secure deletion
Does your company give you a laptop to use? Is the data on that laptop encrypted? What about USB (thumb) drives that contain company files... are those encrypted?
What would happen if that laptop or USB drive were to go missing, or even stolen? All those files could easily be read, copied, sold... Consider using encryption on sensitive files wherever they may be located. It becomes very difficult for attackers to read them if they are encrypted.
- Immediately report to your manager if you suspect sensitive data has been compromised, lost, or stolen.

Sensitive information is the holy grail of an organization. If it were to be stolen or lost, the company is at risk of losing value, may suffer fines, and even public embarrassment. Treat your company's data like you would your own social security number, credit card information, or healthcare information: with great care.

Topics: Security