Cybersecurity Month Episode 2:
October 12, 2020
In this video, Laura’s boss asks her to email sensitive information. It’s clear she doesn’t feel comfortable using email to share this data, but she also seems hesitant to directly challenge her boss. Like most of us, she wants to protect her privacy, but she also doesn’t want to be hard to work with. So what should we do?
What You Can Do
- Don't email sensitive information. Email is not a secure way to send sensitive information. Besides being the main target of phishing attacks, once you send someone an email, you no longer control access to that information, and it could sit in their inbox forever.
Instead, you should use Google Drive to store and temporarily grant access to files, and always use MFA.
- Work with your supervisor. While it’s hard to say “no” to a boss, we all have to do our part to stop cybersecurity incidents. It’s always okay to pull your boss aside and respectfully voice a security concern, or present a more secure option. If that’s not possible, you can always report a possible security incident, and request to remain anonymous.
- Follow the Principle of Least Privilege. We all like to be “in the know,” but if your job doesn't require you to have access to certain information, talk to your supervisor about removing your access. Similarly, don’t share information with people who shouldn’t see it.
- Review and update sharing settings. Make a habit of reviewing who has access to your Google Drive documents and folders. If you see that data is shared with someone who shouldn’t have access (e.g., someone who no longer works on your team), remove their access!
Check out the first week’s video if you missed it. See you next week!