Lesson 1 - Confidentiality

You make decisions about the confidentiality of data that you collect. Being cybersecure means that the data that needs to be private stays private. Although this sounds logical and really elementary, the efforts to ensure data stays private and confidential need constant attention. Data doesn’t tend to stay private and confidential without efforts to control where that data is stored.

Dumpster diving is the practice of going through bins and dumpsters to find items of value. It’s extremely common to find hard drives, external drives and USB sticks which still have valuable data on them. After all, who hasn’t accidentally lost a USB with data on it? NordVPN (https://nordvpn.com/blog/dumpster-diving-attack/) have an excellent summary of how dumpster diving not only can expose private data, but can also result in a successful hack – all because data and documents thrown in a bin are still valuable.

Confidentiality can also be at risk when being sent from one place to another, being intercepted or received by an unintended person. A great example of this is using insecure web sites which can lead to data breaches via disclosure of confidential information. It is important to only use secure websites. Webcentral (https://webcentral.au/blog/https-vs-http-difference) explains the difference between insecure and secure websites with a little bit of tech talk. It’s worth mentioning that Confidentiality and Cryptography (yep, encryption super-squirrel stuff) go hand in hand, so most of the time when we talk about confidentiality, cryptography will be discussed.


Lesson takeaways

  • Be aware of where your data is stored (on paper, hard drives, USB sticks and external).
  • Double check data and make sure it's destroyed or wiped before binning it (shred paper documents and wipe USBs and hard drives). See https://www.cyber.gov.au/protect-yourself/securing-your-devices/how-secure-your-device/how-dispose-your-device-securely
  • Use encryption (Check our Cyber Kill Chain Backups lesson) and use encrypted communications to move data around.

Resources

Resource 1 - NordVPN

NordVPN describes Dumpster Diving and how it can assist hackers in their quest to breach business' systems.

Download
Open
Resource 2 - Webcentral Secure Websites

What is HTTPS (Secure Website Protocol) and why is it important to data confidentiality?

Download
Open
Mark lesson complete

Comments are closed.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}