Below is a draft copy for an emailer written for a bank to be sent to its internal staff:
VISUAL: Arabic Warrior (reference Google) holding Himaya shield
HEADLINE: The enemy is within!
SUBHEAD: Data leaks mainly happen from inside. Learn how to protect our company’s data and avoid regulatory action.
PARAGRAPH TITLE: What is Data leakage?
Data leakage is the unauthorized transmission of data from within an organization to an external destination or recipient either physically or digitally. This has a huge impact on organizations ranging from loss of brand reputation and other financial implications due to loss of customers’ confidence and penalties by regulators.
PARAGRAPH TITLE: Examples of Data leaks in major industries
In the financial sector, more than 2.4 million records of Dow Jones were exposed in March 2019. A third party leaked the data of Dow Jones’ watchlist of risky individuals and businesses to a public server.
In the public sector in 2019, an employee of the Oregon Department of Human Services opened a phishing link and revealed his credentials to cyber criminals. This helped hackers to get emails and personally identifiable information of 645,000 people.
PARAGRAPH TITLE: Regulatory actions by the Central Bank and government
We are legally obliged to protect the confidentiality of customers’ information as contained in the
Customer-Bank Services Agreement.
It is our duty as employees to secure ADIB’s information and ADIB customer data. Any staff who fails to fulfil their duty will face disciplinary consequences, or legal actions and ADIB is required to report cases investigated to Central Bank of UAE.
PARAGRAPH TITLE: How to prevent Data leakage
Data protection can be done at every level in the organization.
You can take simple steps to avoid data leakage. Ask these questions before sharing any information or data:
– Do you need to send all this data, can you filter it to remove unnecessary information?
– Did I discuss it with my manager?
– Who is the data owner?
– Did you get the approval of the data owner to share?
– Can I add a password to the document?
PARAGRAPH TITLE: Know _____ Data sharing Policy. Watch this educational video
As per ______ policy, all information or data regarding ____ or its business cannot be shared outside _____!
We have categorized our data into the following self-explanatory classifications:
1. Secret: Strategy Documents, Intellectual Property
2. Confidential: Account statements, Customer personal information, Payroll & Incentives, Login credentials/ passwords
3. Internal: Policies & Procedures, Internal Emails, Training Material
4. Public: Published Marketing Brochures, Hoardings and Ads
Please take appropriate care when dealing with the above types of data.
PARAGRAPH TITLE: In conclusion
Data is becoming increasingly valuable and most vital assets to businesses. Data breaches have affected numerous industries around the world as we saw in the above examples.
No matter how big or small, data leakages may have a huge impact on organizations ranging from loss of brand reputation and other financial implications due to loss of customers’ confidence and penalties by regulators.
To eliminate data leakage in our organisation, we should always remember that each one of us is accountable. “I didn’t know” is not an excuse. You need to be aware. Together as Team ____, we all are data owners and are responsible for our organisation’s data.
For any clarifications, please contact:_________________________________
Be Security Smart, Stay Vigilant!