10 Best Practices for Sensitive Data Text Messaging

Text Messaging Top 10 Best Practices

Text Messaging Best PracticesText Messaging 10 Best Practices – As more data is moved from one mobile device user to another more sensitive and confidential information is exposed to the potential of data leakage.  Janco Associates has found that the 10 best practices below help to minimize risk and meet mandated compliance requirements.

IT Infrastructure PoliciesInfrastructure Policy Sample
  • Use encryption – The text message must be communicated from the sending device, through the mobile provider or a software application to the recipient’s device in an encrypted manner.
  • Keep your encryption key private – The encrypted text message should not be decrypted and stored on the cellular or network provider’s systems in ways that can be accessed by unauthorized personnel.
  • End-to-end encryption should be followed – Both the sender(s) and the receiver(s) must fulfil the encryption requirements for the message in transit and at rest.
  • Monitor and report violations – Report all unencrypted text messages that are received or sent out that contain any sensitive and confidential information immediately to the Chief Security Officer (CSO) or CIO.
  • Clean up devices on retirement – Devices used to text sensitive and confidential information should be sanitized upon retirement of the device. They should be securely wiped when they are returned or an employee is terminated or quits.
  • Passwords are a must – The mobile device and/or secure texting application must be password protected; this feature must never be disabled and is subject to audit or spot check at any time.
  • Automatic lock down should be implemented – The mobile device must be configured to lock automatically after a period of inactivity (not to exceed 5 minutes).
  • Minimize information sent – All text messages containing sensitive and confidential information should be limited to the minimum information necessary for the permitted purpose. Multiple identifying factors (e.g., full name, date of birth, medical record number, social security number or condition specific information) should not be used.
  • Spell things out – Do not use shorthand or abbreviations.
  • Check your work – Review texts prior to sending to ensure accuracy. Beware of auto-correct functions.

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.

One thought on “10 Best Practices for Sensitive Data Text Messaging”

  1. Text messaging, be it with e-mail or instant messaging (IM) is a real concern to all of us in our company. This top 10 list is a great tool that I will see is distributed within our company. In addition we will look at the policy that Janco has written. GREAT JOB keep it up.

Comments are closed.