< All End User Security Awareness | 1 Hour Notes

tsirhCdneM | End User Security Awareness | 1 Hour | Module 2

By: Raul Pop | Related Course: End User Security Awareness | 1 Hour | Published: June 14, 2017 | Modified: June 14, 2017
Join Cybrary

NotepadPersonally Indentifiable Information

Information used to identify someone

First and last Name

Phone Number

Address

Credit Card Number

Account Number

 

 

Follow Company Policy

Established policies and protocols always are the first check when we are unsure on how to handle requests for PII.Check and see if polcy dictates what information can be given out how to authenticate invididuals it can be given to and the secure way to send the information.If this documentation is unavailable check with an authority.

 

Defer Questions to Authority

If in doubt get guidance from another authority.Check with any manager or security team manager before releasing any information you are not sure about.The security team can help you with understanding how to PROTECT PII that is saved on the network or needs to be send across the internet.

 

 

SOME PII may not be so obvious

Mothers Maiden Name

High school Mascot

Biometric Data

Email Address

Employer Information

 

PII can be used to access sensitive information

Bank Security Questions

Background Check Questions

Account Recovery Questions

 

What does the law say about PII

Payment Card Industry Data Security Stands

Health Insurance Portability and Accountability

Data Directive(EU)

 

 

How personally identifiable information is compromised

 

Social engineering is the act of manipulating people for malicious means

Attackers will ask questions and request seemingly insignificant information to gain knowledge on a target

Innocent questions can give attackers information they need to reset passwords request more information or impersonate an individual

Never give out individuals PII without proper authorization or identification

Always give the least amount of PII if it becomes absolutely necessary

 

Authenticate According to policy

Before giving out any information verify that the person you are communicating with is who they say they are.Always verify before sending critical information not only over the phone but also through email.The person on the other end may have had their email account compromised.Be suspicious of requests that seem out of character and if necessary,verify the other person’s identify

 

Do not leave PII unprotected

Always make sure to lock your computer when you step away even if only for a few moments.When leaving for the day do not leave sensitive documents on your desk or out in the open.Be sure to lock them away in a secure cabinet or the proper location.Do not send sensitive information through insecure means.(file hosting,website,unecrypted USB,public email,etc).


< All End User Security Awareness | 1 Hour Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel