Loose Lips Sink the Security Ship


A few years ago I was in the elevator of a multiple company office building and overheard two interesting conversations. First, two people got on talking about the next board meeting and commented that the Board “are sure not going to like the numbers this quarter.” In another instance two engineers got on talking about the lack of security surrounding their development environment.

If I were an unethical opportunist investor of the first company or a criminal in the second I could have used these bits of information to my advantage, most certainly at the expense of the companies involved.

Information Security is often thought of as a technological solution to protect sensitive organizational assets. Overlooked is the impact that people have on the security environment. All the technological measures in the world would be rendered ineffective if an employee posts sensitive information to Facebook, overheard talking about it with colleagues, or answers a phishing email.

Northeastern is not a typical business but it does have information that is classified as sensitive by Federal, State and internal regulations and policies:

Steps to keep sensitive information safe:

  • Do not discuss sensitive information in public spaces and elevators
  • Do not post sensitive or confidential data on social media or the Internet
  • Verify a callers identity before engaging in sensitive conversations
  • Make use of a shredder or a secure recycling bin to destroy sensitive documents
  • Ask yourself if the person to whom you are speaking deserves to know the information they are inquiring about

Please contact the Office of Information Security (ois@neu.edu) for questions about sensitive information and PII

More information on the dangers of careless talk: ACCJ: Loose Lips Sink Companies

Image credit: Wikipedia: Loose_lips_sink_ships

This entry was posted in NU Policy, SecureNU Information. Bookmark the permalink. Both comments and trackbacks are currently closed.