Not everyone not currently working in your organization is going to be a bonafide visitor and more, not all of them will be employees. Even when people are validly at your organization, the need for awareness and caution does not stop.
It is easy to disclose information to competitors who could be visiting for valid reasons.
As such, you should always use caution when disclosing information in front of any visitor. If you see others not being cautious, it is best to note and report this behaviour.
- former employees of your company;
- Sales people and organization clients.
- refer any questions from the media (reporters) to the appropriate people in organization;
- when asked to complete a survey or questionnaire ask your supervisor first if it is all right;
If you receive phone calls from vendors or employment agencies, take the individual's name and number and pass this on to the appropriate people. Do not give these people a copy of organization telephone book. This would allow them to make calls which others in organization may not welcome.
When speaking on the telephone, you could easily be fooled into thinking you are talking to an individual with a real need for some facts. Be careful not to give out valuable information to the wrong person. Here are some points to remember:
Verify the identity of the caller. If you cannot do this by asking some key questions, obtain their phone number and tell them you will call back. Refer the matter to your supervisor or manager.
- verify the caller's need to know the requested information;
- be careful not to give out unnecessary information;
- Be aware of who is in the area that could overhear your conversation. Always remember, information security is not just about firewalls and software. It starts with people and ends with them as well.