Imagine for a moment that the link to an unfinished strategy presentation is accidentally shared with a potential investor. Or that a list containing the names of clients and their personal security numbers is shared externally. Can you feel the panic? Are your palms getting sweaty?
Anxiety is usually experienced with good reason. Long gone is the era in which a company's biggest asset was the gold securely locked away in a basement safe. Today, data is the new gold, and for many companies, data lays the foundation of their core businesses.
We live in a digital age where corporate data no longer gathers dust in a mailbox before being permanently relegated to a desk drawer. Your company's data is now stored digitally and often the archives in your office basement have been replaced by a global data center.
Therefore, data protection is more important than ever before. But do you know which precautions you should take to ensure that your company's data does not end up in the wrong hands?
The consequences of unprotected data
In September 2017 the American credit bureau Equifax reported a breach of their data security.
Their "gold" - vast quantities of personal data entrusted to them by their clients - was stolen. The result? Personal data including highly confidential information of more than 147 million people was disseminated on the Internet.
The consequences? For the settlement of the data breach alone, Equifax had to pay $425 million, but the real damage, which is much harder to quantify, was to the company's reputation.
The value lies with access and availability
With data replacing gold, some obvious questions occur, the most important one being: How do you protect your data against unauthorized access, whether intentional or accidental?
As a company, you want to protect yourself against two overall risks:
1. That you lose access to your data. To put it bluntly, your data only has value as long as it is available to you. When a hacker succeeds in accessing your data and then prevents you from retrieving it, for example, by encrypting it using Cryptoware, your data loses all its value.
2. That your data gets published against your will. If your company loses control over who has access to your data, and if this results in your data getting leaked, then your company will suffer a massive loss of value - to the extent that it can have fatal financial consequences.
Store, process and share your data correctly
To guarantee that your data remains in safe hands, the first thing to do is to establish the value of your data, then determine how to store, process and share it correctly.
This is done through data classification.
Data classification is done by evaluating the importance of your various types of data, and how sensitive the information is in relation to publication and amendments.
Is it okay to share the intro presentation for new employees externally? And how secret is the information of the HR department?
Three ways to successful data protection
As soon as you have obtained an overview of the value of your company's different types of data, its time to determine how you protect all that data in the best possible way.
As a main rule, there are three ways to achieve successful data protection:
1. It has to be easy to protect your data. Therefore, when your staff work in different file formats, make sure that your company's data protection tools are only a click away.
2. The classification has to be decentralized. This means that individual employees can conduct classification or even that the process is automated, if possible. With some of the new data protection tools, it is possible to combine the processes so that the tool automatically asks the user to pay extra attention to data that may be particularly sensitive. For example, it could be number combinations which match a personal security number or a client's bank information.
3. It must be easy to get help. Data protection is a complex discipline and it is important that your employees are competent at processing the data in accordance with the guidelines you've set for the company. This can be achieved with simple instructions and video guides which illustrate how the different types of data should be processed. Furthermore, it is important that your employees always know who to contact if they need help.
Correctly managed data protection demands a change of culture in most companies. First of all, the value of your company's data and the shared responsibility to protect that data must be clear to everyone in the organization. Only by optimizing and strengthening your company's data protection system can you ensure that your data does not end up in the wrong hands.