Sharing Sensitive Information Securely
National Cybersecurity Awareness Month
What is PII?
PII is any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to an individual. Some PII is not sensitive, such as that found on a business card. Other PII is Sensitive PII, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Sensitive PII requires stricter handling guidelines.
Examples of Sensitive PII include: Social Security number (SSN), alien registration number (A-Number), or biometric identifier (e.g., fingerprint, iris scan). Other data elements such as a driver’s license number, financial information, citizenship or immigration status, or medical information, in conjunction with the identity of an individual, are also considered Sensitive PII.
- Share sensitive information only with those who have a need to know
- Encrypt emails containing sensitive information
- When emailing Sensitive PII, save it in a separate document and password-protect or encrypt it. Send the encrypted document as an email attachment and provide the password to the recipient in a separate email or by phone.
- Setup internal policies and procedures
- Can employees combine personal and business email accounts?
- Is there a right way to open attachments?
- Are there any dangers to be aware of in forwarded emails?
- What restrictions are there for sending and receiving emails from external contacts?
- Never access email from a public wifi
For more videos about Best Practices and being #BeCyberSmart, subscribe to NephōSec’s YouTube channel and checkout our National Cybersecurity Awareness Playlist.