If an employee is privy to confidential information—which does indeed come with the territory when working with a credit union or a Credit Union Services Organization—there absolutely must be trust at all levels with the assurance that information will be protected. Often, colleagues will be aware of the employees that may be “in the loop” on sensitive topics. Knowing this, leading questions may be asked, which may be a temptation to reveal details.
As employees with access to confidential information, the challenge is to resist temptation. A trustworthy employee is upfront and simply states that particular information cannot be shared since it’s of a confidential nature. Although frustrated, the info seeker will more than likely be understanding of the transparent reply, and perhaps even follow that lead next time they are tempted to share or ask sensitive information. We lead by example in all realms; our personal level of integrity is of no exception.
Start with a confidentiality agreement
Fully understanding and practicing the art of confidentiality is simply a common courtesy or basic ethical standard of data protection for customers, clients, and employees. In many cases, there is a legal responsibility to prevent sensitive information from being leaked. Honoring a high level of confidence is important for building and maintaining a sense of trust between clients and employees.
Confidentiality begins with a confidentiality policy, which should be clearly stated in the employee’s handbook. The example below speaks directly to the point of addressing confidential information:
“The protection of confidential business information and trade secrets is vital to the interests and success of our business. Confidential information is defined as any and all business-related information disclosed to or known by you because of employment with the company that is not generally known to people outside the company.
An employee who improperly uses or discloses trade secrets or confidential business information will be subject to disciplinary action up to and including termination of employment and legal action, even if he or she does not actually benefit from the disclosed information.”
Many business firms have a formal confidentiality statement—also known as a non-disclosure agreement—in place. This agreement binds the parties to very specific pledges on the disclosure of information and are enforceable under the laws of the state where they are created.
Continue to educate
In addition to each employee becoming familiar with their employer’s business handbook and policy manuals, employees may consider seeking out education on discernment wisdom regarding the variety of situations in which they might unwittingly reveal confidential information. Confidential safe practices acknowledgement, such as understanding the markings of highly sensitive and confidential information well in advance, is of key importance, so there is absolutely no question as to the information’s value.
Education on sensitive information locations is essential, with the obvious consideration that confidential information is not to be stored at easily accessible spots for both hard copy documents as well as online data storage. Specific department education may include covering the variety of situations in which an employee might unwittingly reveal confidential information.
Be aware of social engineering
Working within an executive office, I am personally very aware of the tendency of bad actors to attempt to pull information. Often under the guise of asking about someone or expressing a concerned inquiry regarding a specific topic, a hidden opportunity presents itself to gossip or reveal or seek private information. As an employee, it is important to be aware of that phishing attempt and not fall into the trap.
The concept of social engineering has become quite popular as a means to gain information from an unsuspecting party. The natural tendency of most people is to be helpful. Those players who mean harm, use the psychology of our bent toward helpfulness, to attempt to gain access to confidential information, be it online, via phone, or in person. The helpful hero nature in each of us tempts us to share requested information. It is our responsibility to be keenly aware that not all people we encounter and engage with are good players. Let us not be fooled by social engineers prodding for sensitive information.
Always be on the lookout
Working in finance, we often deal with topics which attract those who are trained to seek confidential information, disguised as simply an interested party, or playing ignorant and unaware of how the system works. These smooth criminals have the potential to put others at risk, and the awareness of this potential when out and about may appear to be a seemingly innocent conversation yet prove downright dangerous.
The last example is an extreme case; however, it is just as important to gain situational awareness for all of us, be it for safety of our members or safety of our businesses. Once employees have acknowledged receipt of the handling of confidential information, there are then expectations that those who pledge to safeguard confidential information will do so. As with all areas of our lives, once we have been informed, we are then responsible for that information.