“Loose Lips Sinks Ships” posters appeared during World War II. The phrase was coined by the War Advertising Council and was used on posters issued by the US Office of War Information to alert citizens to beware of unguarded talk. You would think that in 80 years, people would learn not to divulge secrets in public.
Recently, you might have heard how Ukrainian forces were able to listen to Russian troops’ conversations to locate them as well as collect a large amount of intelligence from their phone calls. Or how the US Department of Defense requires troops to shut down GPS tracking devices on overseas bases, such as smartphones, fitness wearables etc.
It is not just the military that should be concerned about information disclosure. My lawyer told me that when he was starting his career as a young attorney, he was riding the elevator one day with a prosecutor who was discussing a case with a clerk. My lawyer was able to overhear the strategy they had planned for the case. That was the first case he won.
A common theme of our blogs is that we all should make cyber security everyone’s responsibility. Don’t miss opportunities to educate your employees and colleagues, using formal or creative means to cultivate and keep security best practices top-of-mind.
Here are a few to generate conversation as we renew our resolve for the New Year:
Being able to travel and work is wonderful. But remember to close or lock your computer screen on the plane or train where confidential information may be difficult to protect from wandering eyes.
Do not enter details of work activities on social media (Facebook, Tweeter, LinkedIn, etc.). For instance, consider how your recruiting activities may reveal details about your infrastructure when describing skills and competencies required for an open role. Also, discourage employees from posting pictures of their workspace (at home or onsite). Encourage them to be mindful of oversharing. A photo showing how hard someone is working may also capture proprietary or sensitive information in the frame.
Do not discuss proprietary or sensitive work details in public, even with friends. You never know who might be listening. Conferences, social or networking gatherings outside of work are not the forum to speak openly about confidential matters. Train employees to intuitively know what and how much to discuss in a conversation, and when to end the conversation.
Before attending a public video call, make sure that all private windows, tabs, documents, chats, applications, and any information that should not be shared outside of your company are closed. It’s also a good idea to verify participants, if possible, to ensure the audience is not compromised in any way.
Share only what is permissible and relevant with authorized vendors and third parties.
Do not share any information with someone you do not know (via email or phone) Phishing techniques can be very effective exploiting human vulnerabilities. Seemingly innocent conversations can be weaponized.
Build these and other critical information security practices into your team meetings. Try simple tools like checklists as visual cues to establish new habits.
The keys are education, commitment, and vigilance!
Comments