My June issue of “IT Compliance in Realtime” journal is hot off the press!
I’ve heard from some of you that when I post the articles from my journal that the posts are too long. So, what I will do from now on is to break up the articles into smaller postings to make them easier, and faster, to read.
Here is the first part of the first article within the June journal, “What to Tell Personnel: Messaging Security and Privacy”…
————————————
In March, I discussed 12 messaging risks that information security and privacy leaders must address. Armed with this knowledge, it is important to effectively communicate to your personnel what they need to know about messaging security and privacy.
See “Twelve Messaging Risks to Address Now” in the March issue of IT Compliance in Realtime at http://nexus.realtimepublishers.com/rtitc.htm.
Here are four of the topics [NOTE FOR BLOG: I will include the other topics in separate blog postings] you should communicate to your personnel about messaging.
Messaging Includes More Than Email
In the course of conversations I have with diverse and numerous folks who are not information security or privacy practitioners in airports and on airplanes, at school functions, and other social settings, I repeatedly hear growing concerns about email privacy incidents. However, I rarely see any awareness of the risks involved with using instant messages (IMs) and text messaging. I take note of the kinds of information these folks indicate they typically send within IMs and text messages. Some of these include:
- Details about the locations where they will be at certain times and days
- Phone numbers
- Birthdates
- Social Security numbers
- Photos
Oftentimes, the information the individuals are sending is not just their own, but the information of others. You need to provide effective training and ongoing awareness communications that describes the risks involved in using all kinds of electronic messaging.
For details about IM and texting risks, see “Preventing Data Leakage Through Email and Instant Messaging” at http://www.realtime-itcompliance.com/itces_v02.asp.
————————————
Download the full PDF article, within the journal, here.
Add to the above list of commonly sent text messages the following…
- Email addresses
- Credit card numbers
- Street addresses
- Private information about OTHERS
- Accusations about others
There were some very interesting and concerning news stories recently about how pre-teens and teens were sending each other naked photos of themselves using texting and their cell phones, and then some who received them would publish them on the social networking sites, and other Internet sites…it really blows my mind!
See a couple of the news reports here and here.
What are these kids thinking? What have their parents taught them? What have the schools taught them? So much more information security and privacy education, through targeted training and ongoing awareness, needs to be provided throughout all parts of society.
It is really quite alarming to consider all the implications…
Tags: awareness and training, Information Security, IT compliance, messaging privacy, messaging security, policies and procedures, privacy, privacy training, risk management, security awareness, security training