Your company is contracted to perform IT services for a local government agency. During routine maintenance, you discover unencrypted files containing sensitive employee data, including social security numbers, on a public file server. What is the BEST course of action to take in accordance with standard IT operational procedures?
Move the documents to a more secured location on the network that you think is safe.
Encrypt the files yourself in order to protect the sensitive data.
Ignore the unencrypted files as it is not part of the task assigned to you.
Check if TLS or SSL is enabled before alerting anyone to the issue.
Report the discovery of unencrypted personal data immediately to your supervisor or management.
When you come across unencrypted sensitive data such as personal government-issued information, the priority is to ensure its protection according to legal and company data handling policies. The correct course of action is to inform your supervisor or the appropriate management personnel immediately so that the incident can be managed correctly, steps can be taken to secure the data, and necessary compliance procedures are followed. It is important not to ignore the discovery, as this could lead to potential data breaches. Encrypting the files without authorization may go beyond the scope of your responsibilities and could potentially alter or damage the files, so it is not advisable. Moving the documents without reporting it does not address the potential breach protocol and underlying security issue, making this option incorrect as well.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What should I do after reporting the unencrypted files to my supervisor?
Open an interactive chat with Bash
What are the potential risks of ignoring unencrypted sensitive data?
Open an interactive chat with Bash
Why is it not advisable to encrypt files without authorization?