Keeping sensitive information safe and secure from theft and vulnerability in today’s world is not as simple as locking it up in a safe place. Email has become the primary way in which to share information among colleagues, vendors, customers, etc. While the use of email to share information is on the rise, so is the risk that sensitive information could be leaked. So what precautions can your organization take to avoid the devastating impact of the leak of intellectual property and other sensitive information? Here are just a few suggestions to get you started in the right direction:
- Educate your users
Users need to understand the sensitivity of the data they are working with and what their role is in keeping it safe. Understand the level of sensitivity and the information you are handling, have rules in place for handling, and implement “technical controls” to ensure it has been handled properly.
Jonathan Gossels is the President of SystemExperts, a network security consulting firm specializing in IT security and compliance.
- Data Classification Policy
Organizations and users alike must understand what data should be protected and create a policy to classify data based on sensitivity. It is the organization’s responsibility to enforce this policy. For example:
Public: Poses little to no threat to the company if accessed. This information is controlled very little or not at all.
Confidential: Access is internal and should only be shared within the company or department that owns the data. If leaked, this could pose a moderate risk to the company.
Restricted: WARNING! Extremely sensitive data that could cause great harm to the organization if compromised. This information should not be shared unless absolutely necessary.
Chuck Davis, MSIA, CISSP-ISSAP is an Author, Professor and Senior Security Architect.
- Manage Vulnerabilities
Many of us visit a doctor once a year for a “preventative” checkup to ensure that things are in good working order. Like us, in order to maintain a healthy system it is essential to take preventative action in making sure our technology is up to date in order avoid potentially unwanted and costly results down the road.
By monitoring the corporate environment companies are better able to pinpoint vulnerabilities and take the necessary steps to seal the gaps. Be proactive and make sure that your systems are up to date and monitored regularly.