Adam Strange explains how data classifications solutions can be used to develop an effective security programme
Seldom does a week go by without a major data breach being reported and the subsequent damage of such a breach can be devastating. For example, just recently I read a news story in the Guardian reporting that survivors of institutional sexual and physical abuse in Northern Ireland have rejected compensation offered to them in response to a damaging leak that exposed more than 500 of their names. This is yet another example of mishandling of sensitive data and demonstrates the severe reputational and financial ramifications such misuse can have.
Today, data is prolific and good data governance is an ever-growing requirement, as is securing sensitive data. This is an everyday challenge that government organisations
In the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research, and the reputational harm can be incalculable, which is why it is so important to ensure that data is appropriately, handled, classified and stored. Likewise, according to the Verizon Data Breach Report, the public sector struggles with mis-delivery – sending sensitive information to the wrong recipients – and misconfiguration, when someone puts data in the cloud without the proper security measures in place. Of the breaches that do occur, just over half (51 percent) of data compromised in public sector data breaches documented by Verizon involved personal information.
These types of serious data breaches and incidents of cyber-disruption have a powerful effect on driving regulatory change and activity. It is therefore imperative that government organisations
“Multi-level data classif
ication solutions really help as they are able to attribute labelling according to the sensitivity of a document”
One way that they do this is through robust classification and protective markings,
Most public sector information (including personal information) obtained, generated, received, or held by or for a public sector organisation for an official purpose or supporting official activities, usually requires classification and some form of protective marking. This includes both hard and soft copy information, regardless of media or format. Paradoxically, not all public sector information does in fact require a protective mark, though, other security measures may still be required to protect the integrity and availability of this material. More recently, protective marking s
It is therefore essential that government organisations
Likewise, classification tools with the right blend of automated and user-applied classification support can significantly increase end-user awareness when handling data. Additionally, these solu
If you have a complex classification system it is important to ensure the correct level of classification is assigned to a document, but we recognise
Our structured Q&A asks the user a series of questions to help them classify the document correctly. For example, the user does not need to remember exactly what ‘Official Sensitive’ is as they are reminded when classifying the document. This is particularly useful when the system is first installed as it helps to teach users to select the correct level of classification. The result is enhanced user engagement and accountability, improved security awareness, and a reduction of data security risk across the organisation.
Regardless of any compliance obligations government organis
But if government organisations work with the right provider who can take the complexity out through flexible, fit-for-purpose software, with business-centric labelling that provides meaningful and easy choices for the user, then this will keep the organisation secure, compliant and in control.
Above all, we recognise how important it is that people are still a part of the process. How much organisations rely on automation to assist is down to individual preference or philosophy, but overall employees need to be a cybersecurity asset, rather than a liability.
This is where data classification solutions provi
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.