Secure Messaging Practices

What You'll Learn

• Identify categories of information that should never be shared through workplace messaging platforms
• Use secure alternatives for sharing credentials, tokens, and other secrets when collaboration requires it
• Recognize when a messaging account may be compromised based on unusual requests or behavioral changes
• Apply channel visibility awareness by distinguishing between public, private, and external-facing channels
• Understand that corporate messaging content is subject to legal discovery, retention policies, and administrative review

Training Steps

1. A Routine Friday

   Welcome to NorthStar Financial! You are Alice, a client services coordinator who handles account inquiries and client communications daily. It is Friday afternoon. Alice is wrapping up for the week when an email arrives from a satisfied client.

2. A Message from Marcus

   Alice's phone buzzes with a Telegram notification from Marcus Webb, a colleague on the client services team.

3. Looking Up the Client File

   Marcus seems to be in a rush. Alice pulls up Eleanor Patterson's client record on her desktop to find the account number he needs.

4. Sharing the Account Number

   Eleanor's account number and other details are right there on the screen. Alice switches back to Telegram to send Marcus the information.

5. Just One More Detail

   Marcus is asking for Eleanor's Social Security Number now. It feels like a lot to share over Telegram, but the portal is down and he needs to process this refund before the end of business.

6. What Went Wrong?

   Take a moment to reflect on the conversation that took place on Friday.

7. A Monday Morning Shock

   Alice arrives at work Monday morning to find a troubling email from Marcus Webb.

8. Connecting the Dots

   Alice feels a wave of dread. She shared Eleanor Patterson's account number AND Social Security Number with someone pretending to be Marcus. That data is now in the hands of an attacker.

9. Calling IT Security

   Alice picks up her phone immediately. She needs to report what happened so the security team can act before the attacker uses Eleanor's data.

10. Accessing the Security Portal

    IT Security asks Alice to file a formal incident report through the Security Portal so the response team can begin investigating immediately.