< All End User Security Awareness | 1 Hour Notes

tsirhCdneM | End User Security Awareness | 1 Hour | Module 2

By: Raul Pop | Related Course: End User Security Awareness | 1 Hour | Published: June 14, 2017 | Modified: June 14, 2017
Join Cybrary

NotepadPersonally Indentifiable Information

Information used to identify someone

First and last Name

Phone Number


Credit Card Number

Account Number



Follow Company Policy

Established policies and protocols always are the first check when we are unsure on how to handle requests for PII.Check and see if polcy dictates what information can be given out how to authenticate invididuals it can be given to and the secure way to send the information.If this documentation is unavailable check with an authority.


Defer Questions to Authority

If in doubt get guidance from another authority.Check with any manager or security team manager before releasing any information you are not sure about.The security team can help you with understanding how to PROTECT PII that is saved on the network or needs to be send across the internet.



SOME PII may not be so obvious

Mothers Maiden Name

High school Mascot

Biometric Data

Email Address

Employer Information


PII can be used to access sensitive information

Bank Security Questions

Background Check Questions

Account Recovery Questions


What does the law say about PII

Payment Card Industry Data Security Stands

Health Insurance Portability and Accountability

Data Directive(EU)



How personally identifiable information is compromised


Social engineering is the act of manipulating people for malicious means

Attackers will ask questions and request seemingly insignificant information to gain knowledge on a target

Innocent questions can give attackers information they need to reset passwords request more information or impersonate an individual

Never give out individuals PII without proper authorization or identification

Always give the least amount of PII if it becomes absolutely necessary


Authenticate According to policy

Before giving out any information verify that the person you are communicating with is who they say they are.Always verify before sending critical information not only over the phone but also through email.The person on the other end may have had their email account compromised.Be suspicious of requests that seem out of character and if necessary,verify the other person’s identify


Do not leave PII unprotected

Always make sure to lock your computer when you step away even if only for a few moments.When leaving for the day do not leave sensitive documents on your desk or out in the open.Be sure to lock them away in a secure cabinet or the proper location.Do not send sensitive information through insecure means.(file hosting,website,unecrypted USB,public email,etc).

< All End User Security Awareness | 1 Hour Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?