“Loose Lips Sink Ships” posters appeared during World War II. The phrase, coined by the War Advertising Council, was used on posters issued by the US Office of War Information to alert citizens to beware of unguarded talk. You would think that in 80 years, people would learn not to divulge secrets in public.
Recently, you might have heard how Ukrainian forces were able to listen to Russian troops’ conversations to locate them as well as collect a large amount of intelligence from their phone calls. Or how the US Department of Defense requires troops to shut down GPS tracking devices on overseas bases, such as smartphones, fitness wearables, etc.
It is not just the military that should be concerned about information disclosure. My lawyer told me that when he started his career as a young attorney, he was riding the elevator one day with a prosecutor discussing a case with a clerk. My lawyer could overhear the strategy they had planned for the case. That was the first case he won.
A common theme of our blogs is that cyber security should be everyone’s responsibility. Don’t miss opportunities to educate your employees and colleagues, using formal or creative means to cultivate and keep security best practices top-of-mind.
Here are a few to generate conversation as we renew our resolve for the New Year:
Being able to travel and work is wonderful. But remember to close or lock your computer screen on the plane or train where confidential information may be difficult to protect from wandering eyes.
Do not enter details of work activities on social media (Facebook, Twitter, LinkedIn, etc.). For instance, consider how your recruiting activities may reveal details about your infrastructure when describing the skills and competencies required for an open role. Also, discourage employees from posting pictures of their workspace (at home or onsite). Encourage them to be mindful of oversharing. A photo showing how hard someone is working may also capture proprietary or sensitive information in the frame.
Do not publicly discuss proprietary or sensitive work details, even with friends. You never know who might be listening. Conferences and social or networking gatherings outside of work are not open forums to discuss confidential matters. Train employees to intuitively know what and how much to discuss in a conversation and when to end the conversation.
Before attending a public video call, make sure that all private windows, tabs, documents, chats, applications, and any information that should not be shared outside your company are closed. It’s also a good idea to verify participants, if possible, to ensure the audience is not compromised in any way.
Share only what is permissible and relevant with authorized vendors and third parties.
Do not share any information with someone you do not know (via email or phone) Phishing techniques can be very effective in exploiting human vulnerabilities. Seemingly innocent conversations can be weaponized.
Build these and other critical information security practices into your team meetings. Try simple tools like checklists as visual cues to establish new habits.
The keys are education, commitment, and vigilance!
Comments