1. Coordination before sending
- Avoid uncoordinated shipments of devices or files.
- Confirm the channel, address, case name and urgency level before transmission.
- Limit information sent to what is necessary to open the case.
Secure intake
Device and data intake framework
When a case involves important data, intake should not become a new risk. The goal is to reduce unnecessary exposure from the very first contact, whether it involves a physical device, a file transfer or an incident description.
2. Intake and traceability
- Identify the case upon intake.
- Track the receipt of the device, package or communicated information.
- Limit initial handling to the strict minimum.
3. Minimal access
Access to data and devices must be limited to those who need it to qualify, process or follow up on the case. The principle of least privilege reduces the risk of unnecessary exposure.
4. Isolation before analysis
An unknown, unstable or potentially compromised device should not be treated as an ordinary office device. It must be assessed in a separate, cautious environment before any broader handling.
5. Accounts and administrative access
Sensitive operations must rely on separate, controlled accounts used only for the required tasks. Administrative access should not be used for routine office work.
6. Sensitive information transmission
- Do not send more data than necessary to open the case.
- Avoid improvised or unvalidated sharing.
- Use the agreed channel for information or files actually required.
7. Clarity with the client
The client must know when to send, what to send, to whom, and within what framework. Good cybersecurity at intake also starts with clear communication.
8. Recommended operational controls
- MFA on critical accounts and remote access.
- Minimal logging of receipts and access.
- Dedicated workstation or area for sensitive administrative tasks.
- Internal incident and disclosure management process.