A company provides service to process transaction data for clients. The company deals with sensitive customer information of their clients. The improper release of the information poses a serious risk to the business of the company and their clients. The information security team in the company identifies threats coming from accidentally emailing the information to an unintended party. Which two action plans could the company implement to eliminate the risk? (Choose two.)
- Implement a policy prohibiting employees from including sensitive information in any emails to customers.
- Require employees to use a VPN connection when emailing customers.
- Implement a firewall to filter all emails sent to customers.
- Implement a technology to screen and block emails that contain sensitive information.
- Move the business operation to a private cloud and require clients to use the private cloud as well.
Explanation & Hint:
To eliminate the risk of emailing sensitive information by accident, the company can implement a policy prohibiting employees from including sensitive information in emails. In addition, the company can implement a technology that can scan and block emails when necessary. |