Question

A company has employees who write down passwords, which should be kept private, on sticky notes. Given this scenario, what should the IT security department implement to prevent this type of mishandling of confidential information

Answer 1

The IT security department should implement password management tools, two-factor authentication, and security awareness training for employees to securely manage passwords and confidential information.

Step-by-step explanation:

To prevent the mishandling of confidential information, such as writing down passwords on sticky notes, the IT security department should implement a set of strategies that enhance overall security and reduce reliance on unsafe practices. Firstly, password management tools can be used to store and generate complex passwords securely, eliminating the need for physical notes. Secondly, two-factor authentication provides an added layer of security, requiring employees to have a second form of verification beyond just the password. It is also critical to conduct regular security awareness training for employees to educate them on the risks of insecure practices and the importance of data protection policies. This training should cover best practices for password security, how to recognize phishing attempts, and the proper protocols for handling sensitive information.

Answer 2

Save the passwords to an encrypted database, saving the passwords as hash values to keep confidentiality.