Sensitive Data Handling
Join thousands of professionals and get the latest insight on Compliance & Cybersecurity.
For clarity on what ‘sensitive data is, refer to your Company’s Information Security policy. It should also stipulate guidelines, specific to your org, on how to handle sensitive data.
Generally, any data that helps identify individuals, their residency, banking, or health information is considered sensitive. Also, information that can risk the competitive advantages or reputation of the organization is sensitive.
As an employee, here are 11 steps you can take to handle sensitive data well, to mitigate the risk of a breach:
- Ensure devices have encryption.
- Use synthetic data, instead of actual, where possible. This way, any leakage does not risk real people.
- When sharing information internally, and especially externally, only pass on what is needed. Remove non-relevant content.
- Secure/Wipe the hard drive before disposing of old devices.
- Restrict locations to which work files with sensitive information can be saved or copied.
- Use application-level encryption to protect the information in your files.
- Develop the habit of deleting unnecessary files, which no longer serve your business purpose. Note to check for storage rules in your Company’s information security policies first.
- Use Virtual Private Networks (VPNs) when logging in from outside the workplace.
- Limit sharing of data externally. If possible, consider using data leakage prevention tools.
- Stop using USB drives altogether, or limit the storage of sensitive information on unencrypted devices.
- Use separate wifi for Guests/Customers.
As you may notice in the steps above, developing a more proactive, defensive approach to data is most helpful, especially where sensitivities are high.