About Us   |   Advertise

48% of Small Business Employees Have Access to Too Much Company Data

Published: Aug 15, 2019 Last Updated: Jun 4, 2021 by Michael Guta In Technology Trends 2
73
Share on Facebook
Share on Flipboard
Share on LinkedIn
Share on Pinterest
Share on BizSugar
Email this Article
Why Should You Have A Data Classification Policy?

The issue of data protection is part of the conversation about cybersecurity and hackers. And in most cases, it addresses the external threats the data may be vulnerable to. But according to a report from GetApp, the company data employees access can be just as vulnerable.

In its report, GetApp says 48% of employees have more access than they need to perform their job. Even more alarming, 12% of businesses report their employees have access to all company data. All it takes is one disgruntled employee to walk out the door with this information.

For small businesses with propriety technology, this can be catastrophic. And this is why it is critically important to have data classification levels and policies in place for your business.

So, Why Should You Have A Data Classification Policy?

On the blog for the report, GetApp says, “Banks don’t give every employee the keys to the vault.” This is a very simple and to the point explanation of why you shouldn’t provide total access to company data.

With the right policy in place, you can identify the types of data you have, who can access it, and secure the information.

Additionally, the policy can also help you organize and track critical business data. This is particularly important because 80% of companies don’t know where this data is located. Not only that, but they don’t know how it is moving across their network.

If you have a policy in place, you can assign an employee responsible for this aspect of your business data. And this person can ensure only authorized individuals get access. It not only protects the data but it makes it that much easier to quickly contain any data leak.

A policy also lowers costs by supporting the optimal use of your resources, increases employee awareness of data security, and it certifies regulatory compliances. But before you create your policy, you have to classify your data.

Data Classification Levels

In the report, GetApp says businesses classify their data across several categories. This includes public (29%), internal (30%), sensitive (25%), propriety (15%), confidential (33%), highly confidential (18%), and restricted (25%).

Why Should You Have A Data Classification Policy?

When it comes to the four most types of levels, public, internal, confidential and restricted, here are the types of data businesses identified.

Public data is information which is freely available to everyone. Press releases, published annual reports, information on websites and social media are examples. More importantly, this information doesn’t have any risk to the organization.

Internal data as the name implies for the inside of the organization. Project documents, internal emails, training materials, policy guidelines, and organizational charts are types of internal data. If this information leaks, it can lead to embarrassment and loss along with other unintended consequences.

Confidential data can include government identification numbers, customer information and employee pay stubs. If this type of information becomes public, it can harm a company in different ways. Besides the reputational damage of the company, regulatory violations can also involve hefty fines from the government.

Last but definitely not least is restricted information. This type of information has intellectual property, trade secrets, strategic business plans and undisclosed annual reports. Disclosing this information can result in permanent damage to a company, its customers, vendors and other parties.

More Data

Businesses of all sizes now generate data. And as consumers look for more personalized services from the companies they do business with, it means using sensitive information to deliver the service.

Therefore, businesses have to implement data-access strategies to minimize the risk of this information falling into the wrong hands.

GetApp recommends businesses to employ network segmentation; reduce privileged administrator accounts; restrict sharing; improve access controls.

The GetApp report is a timely and worthwhile read for anyone looking to safeguard their information. The company also has a free customizable data classification template, which you can download here.

Image: Depositphotos.com

2 Comments ▼
Michael Guta
Michael Guta Michael Guta is the Assistant Editor at Small Business Trends and currently manages its East African editorial team. Michael brings with him many years of content experience in the digital ecosystem covering a wide range of industries. He holds a B.S. in Information Communication Technology, with an emphasis in Technology Management.
2 Reactions
  1. Robert Brady
    August 15, 2019 at 11:42 am

    This is only going to get more problematic. Businesses are producing and storing data at incredible rates, much of it sensitive or personally-identifying.

  2. Michael Guta
    August 15, 2019 at 11:45 am

    Hi Robert,
    You are right. A lot of data out there.

© Copyright 2003 - 2022, Small Business Trends LLC. All rights reserved.
"Small Business Trends" is a registered trademark.

Free eBook: Google Reviews 101


No, Thank You