The issue of data protection is part of the conversation about cybersecurity and hackers. And in most cases, it addresses the external threats the data may be vulnerable to. But according to a report from GetApp, the company data employees access can be just as vulnerable.
In its report, GetApp says 48% of employees have more access than they need to perform their job. Even more alarming, 12% of businesses report their employees have access to all company data. All it takes is one disgruntled employee to walk out the door with this information.
For small businesses with propriety technology, this can be catastrophic. And this is why it is critically important to have data classification levels and policies in place for your business.
So, Why Should You Have A Data Classification Policy?
On the blog for the report, GetApp says, “Banks don’t give every employee the keys to the vault.” This is a very simple and to the point explanation of why you shouldn’t provide total access to company data.
With the right policy in place, you can identify the types of data you have, who can access it, and secure the information.
Additionally, the policy can also help you organize and track critical business data. This is particularly important because 80% of companies don’t know where this data is located. Not only that, but they don’t know how it is moving across their network.
If you have a policy in place, you can assign an employee responsible for this aspect of your business data. And this person can ensure only authorized individuals get access. It not only protects the data but it makes it that much easier to quickly contain any data leak.
A policy also lowers costs by supporting the optimal use of your resources, increases employee awareness of data security, and it certifies regulatory compliances. But before you create your policy, you have to classify your data.
Data Classification Levels
In the report, GetApp says businesses classify their data across several categories. This includes public (29%), internal (30%), sensitive (25%), propriety (15%), confidential (33%), highly confidential (18%), and restricted (25%).
When it comes to the four most types of levels, public, internal, confidential and restricted, here are the types of data businesses identified.
Public data is information which is freely available to everyone. Press releases, published annual reports, information on websites and social media are examples. More importantly, this information doesn’t have any risk to the organization.
Internal data as the name implies for the inside of the organization. Project documents, internal emails, training materials, policy guidelines, and organizational charts are types of internal data. If this information leaks, it can lead to embarrassment and loss along with other unintended consequences.
Confidential data can include government identification numbers, customer information and employee pay stubs. If this type of information becomes public, it can harm a company in different ways. Besides the reputational damage of the company, regulatory violations can also involve hefty fines from the government.
Last but definitely not least is restricted information. This type of information has intellectual property, trade secrets, strategic business plans and undisclosed annual reports. Disclosing this information can result in permanent damage to a company, its customers, vendors and other parties.
Businesses of all sizes now generate data. And as consumers look for more personalized services from the companies they do business with, it means using sensitive information to deliver the service.
Therefore, businesses have to implement data-access strategies to minimize the risk of this information falling into the wrong hands.
GetApp recommends businesses to employ network segmentation; reduce privileged administrator accounts; restrict sharing; improve access controls.
The GetApp report is a timely and worthwhile read for anyone looking to safeguard their information. The company also has a free customizable data classification template, which you can download here.