Note: The following is a “Vigilize Post.” If you want regular fodder for your security awareness reminders, along with catchy subject lines if you intend to use e-mail, consider following us on www.twitter.com/vigilize! Each week we tweet a post that you are welcome to customize to your own situation. The tweet itself is designed to be an e-mail subject line that will entice your users to at least open the message. This is in reaction to a very common complaint from our ISO clients: “They don’t even open my awareness reminder e-mails.”
Email Subject: Someone Was In Your Office!
If you received a message with this in the subject, would your heart jump into your throat? What do you have laying around the office that could be grabbed by a visitor?
Office space is frequented by visitors, consultants, vendors, cleaning crews, maintenance and other employees. As it is crucial to protect sensitive information from disclosure, employees should not leave confidential or sensitive information on their desks. Such items may include:
- User IDs and/or passwords
- PHI (insurance applications, EOB’s, medical history, etc.)
- IP addresses, Audit Reports, etc.
- Contracts, Loan Files,
- SSN’s, Account numbers, Insurance ID Numbers, etc.
- Customer lists (including Social Security number, address, telephone number, etc.)
- Employee records
The above information must be kept under lock and key whenever employees are not present in their office for extended periods of time. Third parties should never be able to remain alone with customer data.
Let’s be sure we’re following this practice every single time we leave our office!