Data classification is essential to knowing how to handle sensitive information and which data requires extra effort to protect. It is based on level of sensitivity and the impact it would have if that data were to be accessed, modified, transmitted, stored or deleted without authorization.
In general, data can be classified into one of four sensitivity levels: public, internal use, regulated and confidential or top secret. Public data requires the least amount of safeguards, while top secret data must have highest level of protection. Here’s a quick explanation of each one, followed by 10 steps to protecting data that every Human Firewall should follow.
Typically, public information is the marketing, PR and image-branding content that molds public perception. A website is public, as is social media. A lot of effort goes into determining what should be public, and then, just as importantly, what information should never be made public.
Internal Use Only
The second data classification covers things like NDAs (non-disclosure agreements), contracts, and business relationships. It can also include employee lists, pricing, some manufacturing processes, and other competitive advantages without giving away anything confidential. A disclosure of this data can be damaging, but not necessarily debilitating.
Regulated and PII
Regulated data such as health, financial and similar records deserve their own data classification. For example, a data breach of regulated or Personally Identifiable Information (PII) can trigger investigations, fines and create a public furor. It’s also possible that some of the Personally Identifiable Information overlaps with Internal Use Only.
Confidential and Top Secret
Some people refer to confidential and top-secret data as the Crown Jewels. Regardless of the name, when this data is breached or compromised, the fallout is often extreme, and can cost the company hundreds of millions of dollars, with each record averaging $200-$500 per name. In other words, this is the most important level of data classification and the one cybercriminals would love to penetrate.
10 Ways Human Firewalls Can Protect Data
- Report incidents immediately. If you notice that any sensitive information has been made public, either maliciously or accidentally, inform the appropriate party. Quick action mitigates further damage.
- Share less. Never post anything other than public information online without explicit permission. If you’re not sure, ask!
- Verify the source. Never give company or personal information to people on the phone or on the internet unless you’re 100 percent sure who they are and that they’re legit.
- BYOD policy. If you are allowed to bring your own device to work, avoid accessing sensitive company information with them unless you have explicit permission.
- Beware of file sharing services. As a general rule, confidential information should be kept away from various file sharing services like Dropbox unless approved by your company. And even then, consider encrypting and password protecting the data.
- Don’t access sensitive information on public WiFi. It’s way too easy for cybercriminals to compromise hotspots and public networks. If you must use them, be sure you have a VPN.
- Watch out for shoulder surfers. It may seem silly, but you never know who’s looking over your shoulder in a public setting.
- Get to know proper disposal. If you are throwing away sensitive documents, send them through a shredder first. If it’s an old computer or hard drive, be sure it completely wiped before recycling.
- Don’t click on sh*t. This is really the basics of being a Human Firewall. Don’t click on random links or attachments ever.
- Always follow policy. Companies have policies in place to protect the data of employees, partners, clients and customers. Breaking policy undermines those efforts!
Latest posts by Justin Bonnema (see all)
- Tis the Season… - November 16, 2017
- Security Awareness Program Planning Calendar - September 28, 2017
- Equifax: What To Do If You’re A Part Of The Data Breach - September 13, 2017