Every document a fortress: Using security classification to protect sensitive information
Part three in a four-post series about information governance.
Security is a major part of good information governance. If the rules you follow to govern your information don’t address security, you could have big problems.
We don’t have to look far to see how bad things can get when private data gets into the wrong hands. Hacked or leaked information makes the front page practically every day. Bad behavior by bad actors gets a lot of attention, but accidental privacy breaches are enormously common—like when an Australian government functionary accidentally emailed the personal details of G20 leaders including Barack Obama and Angela Merkel to the wrong person.
For most of us, simple email mistakes are our biggest threat. According to CSO, 58% of employees have emailed a sensitive file to the wrong person. However, it’s important to think about more than just email. Working in the cloud also has its problems, simply by making more information available to more people. A study by Skyhigh found that nearly one fifth of all files uploaded to cloud-based file sharing and collaboration services contain sensitive data.
Security classification is a simple and highly effective way to mitigate these risks. It allows you to set the rules around who can access specific types of information within your organization. And it lets you tag particular types of content to ensure that only the right people can access it, in the appropriate ways.
Here’s an example. Imagine an international apparel company that spans the world. It has facilities, teams, vendors, distributors and partners across the globe. Tens of thousands of people send and receive information—including sensitive IP—every day, through many modes of communication: email, messaging apps, file-sharing links, project management platforms, etc. All it takes is one slip—a mistyped email address, an accidentally shared link, and this company could have an IP fiasco on its hands.
Rather than imposing onerous, hard-to-follow rules and restrictions on employees and vendors, an organization like this can use security classification to automatically lock down everything that needs to stay private. One simple classification, let’s say “Confidential,” can allow this company to keep sensitive data secure. If anything falls under this classification, it’s tagged. It can’t be shared. It’s safe. It’s easy as that.
To learn more about security classification and the other facets of information governance, check out our eBook, The Life-Changing Magic of Information Governance.