Contents | Previous | 4.3 Action Mapping to Reduce Donors Affected by Leaks to Less than 1,000/Year | Next
- Find all files and databases where donor names are stored
- Find all files and databases where donor emails are stored
- Find all files and databases where donor phone numbers are stored
- Find all files and databases where donor addresses are stored
- Find all files and databases where credit card details of donors are stored
- Find all files and databases where bank details of donors are stored
- Find all files and databases where donation history of donors is stored.
- Where donor information is first stored when they provide it
- Who has access to donor information, and for what purpose
- Where donor information is stored for subsequent usage.
- Prevent access to sensitive donor information from everyone for 24 hours
- All the files and databases where donor information is stored
- Who needs access to donor information, when, and for what purpose
- How to prevent and authorize access to files and databases.
Given a purpose, state orally whether this is a legitimate reason and why. If the reason is not deemed legitimate, propose an alternative which does not require access to sensitive donor information.
- Criteria to evaluate legitimate reasons to access sensitive information
- List of alternatives, using anonymous or aggregate information.
Given an email received among other emails during a typical working day, with a link to a login page which requests user credentials, but is not stored on Horizon Intranet, the employee shall not input their credentials in the page.
- How to recognize that a Web page is stored on the Intranet
- Dangers of phishing.
Given an email received among other emails during a typical working day, with a link to download an executable file and instructions on how to run it on the computer, the employee shall not run the executable.
- What is an executable file
- How to answer prompts to allow an executable file to run in a way that prevents the executable from running.
Given an email received among other emails during a typical working day, with telltale signs of an urgent or disproportionate request made by an unknown contact or by a known contact in an unusual way, the employee shall forward the email to the IT department for analysis.
- Email of the IT deparment used to report suspicious emails
- Identify the claimed email address of the sender
- Awareness that the sender address can be spoofed
- Awareness that email of trusted contacts can be compromised (e.g. by a virus) to send emails pretending to originate from them
- Signs of a different voice (typography, syntax, level of language) used by a trusted source in a written email
- Signs of disproportionate requests or urgency
Given an email received among other emails during a typical working day, received from a trusted colleague, with an unusual request to provide sensitive information or financial details of donors, the employee shall call the colleague to confirm the request before complying.
- Identify requests that lead to disclose sensitive information about donors
- Identify requests that lead to disclose financial details of donors
Contents | Previous | 4.3 Action Mapping to Reduce Donors Affected by Leaks to Less than 1,000/Year | Next