What is the most important information in your company? Is it your 5 year strategic plan? How about your next product design? It could be the process you use to create your amazing cupcakes. Maybe it’s your price list.
You have confidential files that are the lifeblood of your business. Some are extremely important and should only be seen by a select few. Others are critical to the next phase of your business, but may be shared with a very large audience.
Many of your files may not be confidential at all. Think about the memo that talks about the next medical insurance enrollment period or a flyer you print for your next customer event. These may be important for business, but they are not the types of information that causes problems if distributed far and wide.
If you categorize your files, you can probably place them into three groups.
– Strictly confidential
– Internal use only
Strictly confidential documents are those that if they got into the wrong hands could bring your business to its knees. They might get into the hands of your competitors or other unauthorized users who could wreak havoc. Your Intellectual Property is the best example of this. If you are working on the next product or service and your competitor gets a hold of your process or design, they could undermine your business. You could have immediate competition that could undercut any competitive edge you might have. Other examples of strictly confidential documents are executive compensation packages, financial data, customer lists, personally identifiable information (PII) and information about pending litigation.
Internal use only are those documents that are important to your business, but wouldn’t cause a catastrophe if they were in the wrong hands. These may be policy manuals, interoffice correspondence or information that will eventually become public, such as a new brochure. Some of this information may be categorized as strictly confidential at some point in its life, depending on the type of information. For example, if there is a memo that talks about pending belt tightening or layoffs, this may cause a major financial impact if released to the public too soon. Click here to learn about data security.
Public documents are those that have minimal if any impact on your business. These could be general correspondence to customers and partners. It might be personal documents related to work, such as an announcement of a company party or marketing materials that need as wide a distribution as possible.
Each document category requires a different level of protection.
- You want to automatically protect strictly confidential files as you create them. These require the highest level of protection. The best way to protect and control these files is by automatically encrypting them and applying a security policy that limits access and controls user permissions when the document is used. This ensures that only authorized internal users can access the information.
- Internal use only files require a medium level of protection and could be protected with more user discretion. Allowing a user to manually encrypt a file and apply a security policy to it protects information that is important, but doesn’t restrict access to everything automatically.
- Public files do not require encryption or security policies, since they are intended for a wide audience.
You don’t need to encrypt and apply security policy to everything. Start with your most important documents to ensure that your business is safe from insider threats and outsiders who intend harm.
Photo credit Elliott Brown