True Stories of Cyber Awareness: Data Privacy (09/19/2025)
The first question I ask when interviewing with a new company when they ask if I have any questions is how they will handle my personal information if they offer me the job.
I want to know the methods of transportation of my information within their network. I can guarantee not all contacts will be internal. There will be many external contacts where information will be shared. How will this information be shared?
Data will be uploaded via secure web forms and using basic email. Is that email being sent encrypted?
Once of my last employers were sending Personally Identifiable Information (PII) to 3rd party vendors unencrypted. How do I know? I was the engineer with permission from my manager to implement Data Loss Policies (DLP) to protect PII from being sent out of the organization unencrypted.
It was implemented by Thanksgiving and went smoothly until January when I got the email from HR. "I can't do my job and send information about our new employee; I keep getting a notice that my email is blocked from sending."
The alert messages were coming in too about the issue.
The documentation was created weeks ago and was readily available for all to read. Well, the queen of HR didn't care. The owner then chimed in to me about following proper internal change management which I did. It was my manager that didn't do the rest of the steps which was to alert upper management of the changes. Shit rolls downhill, right?
Well, if the queen read the documentation, then she would know the proper steps to send the information encrypted. It's only a few clicks to add encryption to an email.
Who knows who could have intercepted my information via unencrypted emails which is a violation of HIPAA and FTC safeguards which could lead to hefty fines and data breach consequences.
Want to know about the company? Check my resume and take a guess. It's the same company from my phishing article.
