Data classification means assigning appropriate levels of security to all data and information in your company. It plays a vital role in your data management strategy and helps you to acquire better control over your unstructured data. Data classification is also the very basis for meeting compliance demands.
You are about to send a confidential email to your colleague Richard. While you’re preparing the email to be send off, you receive a phone call. Basically everything is ready, so you decide to quickly press ‘send’ before you dedicate your attention entirely to your phone. Unfortunately you didn’t notice that you selected the wrong Richard. The email ends up being delivered to your supplier Richard instead of your colleague…
This is just an example, but for most companies a very familiar and painful mistake. Learn how data classification can prevent this from happening.
How does data classification work?
Data classification involves a couple of steps:
- Making an inventory of all the data, documents and files in your organisation;
- Classifying the information according to their level of sensitivity (e.g. classified, sensitive or public);
- Last but not least, assigning appropriate levels of security to each class accordingly.
This is an important but time consuming activity, very worthwhile your time and energy. Based on this information you know exactly what necessary measures to take in order to minimize the risk of anything happening to your critical data.
Even though the above is of vital importance, awareness plays an equally important role, since data classification involves rules of conduct as well. Therefore, make sure that your employees are aware of the places and ways they are allowed to disclose sensitive information.
There are two basic requirement to a classification scheme: it should be simple enough that all your employees can execute it properly, but complicated enough to handle the requirements of a large variety of data. This is what it might look like:
- Classified data
This includes strictly confidential business and customer data that could put your organisation in financial, legal or regulatory jeopardy if it were to be leaked.
- Sensitive internal data
This includes data and documents that -if disclosed outside of your organisation- could mean a threat to your operations. Think about: supplier or customer contract information, sales performance data, marketing collateral etc..
- Public data
This includes any information data or documents that, if read by the public, would not damage your organisation’s brand, or pose a risk of financial, legal or regulatory predicaments. Examples would be: information on your website , press releases, adverts etc..
By implementing a data classification solution you’re diminishing the risk of data leakage and corresponding fines. Unfortunately, nowadays these risks are real. With effective data classification, you have superior visibility and control over where your data is and how it’s being used.
A good data classification policy also puts a level of responsibility into your employees’ hands; as a result they will become more aware when handling sensitive data. This reduces the likelihood of an insider breach significantly, which is one of the main causes of information leakage.
Furthermore, data classification has other economic consequences. It’s simply not sustainable to have all your data rated as top secret (in other words, giving them a high CIA rating) out of sheer precaution. Overqualification has financial consequences. You will need f.i. a heavier and more costly database and a more complicated security structure. Data classification is not only about classifying your data and creating awareness, but also about finding the right balance between the necessary security level and the costs involved.
With this solution your employees are actively involved in protecting your company data. Every time they share information, they have to stop and think what type of information they’re about to share and what kind of protection it requires. Data Classification from Boldon James creates awareness among your personnel.