Techblog
How can classifying documents and sensitive information aid protection?
For every small business, different documents and data have different levels of sensitivity. How do you create different safeguards to ensure your information is safe and accessible to the people who need it?
How a business goes about protecting the sensitive and private information of its customers, employees and partners can be a make-or-break issue in the modern digital age. The issue of sensitive information for most organisations falls under two main headings: personal and business sensitivity.
Sensitive personal information refers largely to employee privacy matters, including payroll, HR records and tax file numbers, which could potentially be used by criminals for identity theft. Sensitive business information includes undisclosed financial data, acquisition planning and consumer data. By using simple software to classify data and to provide protection in a mobile workplace, businesses can safeguard sensitive information.
Customer and Employee information
Businesses must not underestimate the importance of maintaining the confidentiality of both customers and employees’ personal and sensitive information. For employees, this includes payroll information, human resources and disciplinary files, health records and CPF/tax number information. For customers it includes address, credit card details or any personally identifiable information (PII) your business collects.
In June and July 2018 Singapore's largest healthcare group, SingHealth, was hacked. In the cyberattack, 1.5 million patients' non-medical personal data were stolen as well as 160,000 dispensed medicines’ records. Attacks like these were after personally identifiable information (PII) so they could carry out further phishing attacks.
Business information
Every business has its trade secrets, market intelligence and consumer insights that they hope could give them the edge over competitors. In addition to this, they will also their own financial data they do not want disclosed, such as projections; marketing plans; customer payment and credit card details.
Again, the failure to protect such information could have crippling implications for a business in the marketplace, including possible criminal charges, a battered brand and reputation, a loss of sales and customers and the disclosure of valuable intellectual property.
The cost of data breaches
The Ponemon Institute in the US, which conducts research to help organisations understand how to improve their data protection initiatives and to enhance their brand and reputation as a trusted enterprise, estimates that a single data breach by a major US corporation, where an individual’s name, social security number, medical and financial records or debit card is put at risk, could cost an organisation $7m. The Institute says the fallout from a major data breach is very damaging:
-
It can take up to 50 days to resolve the breach, which can also attract hefty fines from regulatory bodies and class actions from angry customers
-
A survey found 76% of customers said they would leave companies with high rates of data breaches
-
The cost of reissuing compromised credit cards can run into hundreds of millions of dollars.
Of course, for SMEs, the exposure will be far less in terms of scale, but they will still face the same proportionate costs and damage to their business.
Protecting data by classifying it – and spelling out who can do what with it
One of the best ways for a business to protect data and information is to implement policies to classify, label and protect data based on its sensitivity. These policies will also outline who can access the data and what they can do with it, such as allowing someone to see and edit files but not to print or forward, based on their classified sensitivity.
Azure Information Protection Premium (part of Office 365 Security and Compliance) helps business to protect sensitive data with document and data protection by allowing them to classify and embed labels and permissions to safeguard documents and emails, shared inside and outside the organisation, and to define access and action rights. Markers can also be added to content, like custom headers, footers and watermarks.
Classification is fully automatic with Azure, driven by users’ recommendations.
Keeping data secure – while it’s mobile
Microsoft Office 365 Security and Compliance solutions can help companies secure, protect and control their assets in an age of increasing workforce mobility, where corporate data is increasingly being accessed offsite and on any numbers of devices. Microsoft Office 365 provides real-time protection against advanced malicious cyberattacks; protects critical information; identifies and manages user access; manages personal and corporate-issued devices accessing company data; and prevents targeted cyberattacks.
Ease of use
Data classification and protection controls are integrated into Microsoft Office and common applications to secure the data you’re working on with one click. In-product notifications, such as recommended classification, help users make the right decisions.
Summary:
-
Protecting sensitive personal and business information will protect your company against a long list of damaging outcomes
-
These can include fines, lawsuits, loss of business and brand damage – enough to bring an SME to its knees
-
Azure helps to classify data based on its sensitivity in order to safeguard your company information
-
Once information is classified or labelled, policies can detail who can see it – and what they can do with it
-
Office 365 helps business protect its data in the mobile work environment by managing devices accessing company data