Secure Messaging Practices
Stop sensitive data from leaking through chat apps.
What You'll Learn
- Identify categories of information that should never be shared through workplace messaging platforms
- Use secure alternatives for sharing credentials, tokens, and other secrets when collaboration requires it
- Recognize when a messaging account may be compromised based on unusual requests or behavioral changes
- Apply channel visibility awareness by distinguishing between public, private, and external-facing channels
- Understand that corporate messaging content is subject to legal discovery, retention policies, and administrative review
Training Steps
-
A Routine Friday
Welcome to NorthStar Financial! You are Alice, a client services coordinator who handles account inquiries and client communications daily. It is Friday afternoon. Alice is wrapping up for the week when an email arrives from a satisfied client.
-
A Message from Marcus
Alice's phone buzzes with a Telegram notification from Marcus Webb, a colleague on the client services team.
-
Looking Up the Client File
Marcus seems to be in a rush. Alice pulls up Eleanor Patterson's client record on her desktop to find the account number he needs.
-
Sharing the Account Number
Eleanor's account number and other details are right there on the screen. Alice switches back to Telegram to send Marcus the information.
-
Just One More Detail
Marcus is asking for Eleanor's Social Security Number now. It feels like a lot to share over Telegram, but the portal is down and he needs to process this refund before the end of business.
-
What Went Wrong?
Take a moment to reflect on the conversation that took place on Friday.
-
A Monday Morning Shock
Alice arrives at work Monday morning to find a troubling email from Marcus Webb.
-
Connecting the Dots
Alice feels a wave of dread. She shared Eleanor Patterson's account number AND Social Security Number with someone pretending to be Marcus. That data is now in the hands of an attacker.
-
Calling IT Security
Alice picks up her phone immediately. She needs to report what happened so the security team can act before the attacker uses Eleanor's data.
-
Accessing the Security Portal
IT Security asks Alice to file a formal incident report through the Security Portal so the response team can begin investigating immediately.