Follow a double check process
Ask employees to follow a 'double-check' process with customer communication. Every employee should check and check again all outgoing communication to the customer prior to sending. Verify that there is no confidential information going through.
Follow a simple data classification process
Mark email or documents as confidential when needed. This adds an additional layer of review.
Guard the customer data closely, even from the customer
Do not communicate customer login and password information via email to anyone including the customer. Customer staff or contractors may not be authorized to have the information/access level. Provide information based on the account setting only.
Be careful about what you sign and agree to with the customer
Do not sign any NDAs or security agreements without the approval of the Legal team
Change Customer system with caution
Some of our teams have actual access to customer systems to troubleshoot. Do not change settings or data on a customer system without communication in writing and (preferably) a backup
Encrypt hard drives
All Support and services staff should have encrypted hard drives whether they be USB sticks or laptop hard drives. Encryption reduces the risk of disclosure when the drive is lost.
Sign up for CIO Asia eNewsletters.