Login
Sign up
Course Content
Introduction to Cybersecurity & Remote Monitoring
0/3
Why cybersecurity matters
What is Sirix remote monitoring?
Shared responsibility model
Access control & authentication
0/4
Account security
Least privilege principle
Secure login practices
Knowledge check
Secure use of Sirix remote monitoring
0/3
Secure remote sessions
Handling sensitive data
Approved vs Prohibited uses
Threat awareness
0/4
Phishing & Social engineering
Malware & Ransomware risks
Insider threat risks
Knowledge check
Incident reporting & response
0/3
What is a security incident?
Reporting process
What NOT to do during an Incident
Compliance & Policy
0/3
Company security policy overview
Legal & regulatory requirements
Annual acknowledgement
Knowledge check & certification
0/1
Exam
Cybersecurity 101

🗂️
Lesson 3.2
Handling sensitive data
Treat customer and company information as need-to-know. Share the minimum, store it safely, and report mistakes fast.

Need-to-know
Minimize exposure
Report quickly
Always watching. Always protecting.

🔒
Protect
Store and share data only through approved, secure tools.
✂️
Minimize
Use the minimum data needed. Mask/redact whenever possible.
📣
Report
If data goes to the wrong place, report immediately.

🏷️
What counts as sensitive data?

Sensitive data is any information that could harm a customer, employee, or the company if it’s exposed, copied,
or accessed by the wrong person.

  • Customer details: names, contact info, addresses, site schedules.
  • Security information: alarm states, access procedures, site layouts, camera views.
  • Credentials: passwords, MFA codes, recovery codes, API keys.
  • Internal info: incident details, investigations, system configs, logs.

When in doubt, treat it as sensitive and ask your lead or Security/IT.

🧭
Three rules for handling sensitive data
1
Use approved channels only
Store and share data only in approved systems. Avoid personal email, personal drives, or “quick chats.”
2
Share the minimum
Only include what the recipient needs. Remove extra fields. Mask/redact where possible.
3
Verify before you send
Confirm recipients, attachments, and links. One wrong address can become an incident.

Do
  • Use approved storage (company drive/system) for sensitive files.
  • Redact or remove unnecessary details before sharing.
  • Lock your screen and close sensitive tabs when away.
  • Dispose of notes properly (shred bins / secure disposal where applicable).
Don’t
  • Don’t paste sensitive info into unapproved chat tools.
  • Don’t email sensitive data to personal accounts.
  • Don’t download sensitive files to personal devices.
  • Don’t take photos/screenshots unless you’re authorized and storing them correctly.

📋
Compliance and accountability

Sensitive data may be protected by customer contracts, privacy requirements, and security policies.
Access and sharing may be monitored to support investigations, audit readiness, and customer trust.

  • Access should be need-to-know and role-based.
  • Data should be stored and transferred using approved tools.
  • Unexpected exposure should be reported quickly for containment.

Good data handling protects customers, operations, and Sirix’s reputation.

💬
Quick scenario
A teammate asks you to “just send the customer site list” in a Facebook chat message so they can work faster.
The list includes site addresses and access notes.

What should you do?

  • Use an approved system to share (ticket, secured drive, or the official platform).
  • Share only what they need (minimum details required for the task).
  • If you’re unsure, pause and confirm the correct process with your lead or Security/IT.

Speed is good — but not at the cost of exposing customer data.

Key takeaway

Handle sensitive data with intention: use approved tools, share the minimum, verify before sending,
and report mistakes quickly. Protecting data protects customers, safety, and trust.

If something feels off, slow down — then verify or report.

Always watching. Always protecting.

Previous
Next