“Keep this between us” and other classifications
by Geoff Blair
The recent data breach at Equifax was apparently the result of a failure to apply a software patch that was made available several months ago. I’m not writing this blog to continue piling on the situation and bash the information security team while they’re down. What I do want to focus on is the need for immediate action. In the world of data security, five months is an eternity.
What we believe here at TITUS (along with many others in the industry) is that most breaches can be avoided if we change how users – you, me, and all our colleagues – think about data. We need to adjust the user’s mindset and bring the thought of security into the daily routine.
Now, when I say “think about data”, I mean that we need to consider the value of it and identify what bucket it falls into. For example, is it restricted, internal or public? Maybe it’s personal data, or pricing details, or product designs and any of a thousand other possibilities depending on your role within your organization. The importance of identifying the sensitivity of information is that it allows us to know what needs to be protected.
Sensitive data can take many forms. Banks and manufacturing organizations are very different types of businesses, but they each have information that — if in the wrong hands — could have profoundly negative consequences. Once sensitive data has been identified, your entire data protection ecosystem can apply the appropriate policies to protect it. This action is immediate. Restricted data needs to be controlled – what if you emailed it outside the company? If it’s been identified upfront through a data classification solution, then organizations can warn or stop potential leaks before they happen.
You may think getting people to stop and consider data sensitivity is hard, but as humans we naturally stop and think at times when we’re about to share sensitive information with our family, friends and colleagues. Have you ever said, “Do me a favor and please keep this between us”? Before making that statement, you identified that what you’re about to say is very important and is not to be shared with others.
So, when you use classification within your organization, you’re taking immediate action to protect information by simply telling others “just keep this between us…”.