Before you decide how you want to protect your data, you need to understand the data you have, where it resides, and who can and should access it. One of the worst mistakes you can make when creating a data management program is treating all of your organization’s data the same. It’s important to classify your data based on its function and importance to your firm, so that you can use this information to tailor your protection methods. By categorizing data assets by their level of importance, you can determine where to allocate your time and resources (investing more into protecting the most important assets), which is more cost effective and also ensures that this data is secured in the case that you are hacked. As you begin organizing and assigning a value to your data, ask yourself these questions:
- How confidential is this data? Decide which qualities (such as whether it is personally identifiable information) will determine whether the data is kept public or private.
- Who or what does the data pertain to? Data can come in many different forms, and can impact different groups of people such as your clients and employees.
- What is the business value of the data?
- What are the potential consequences if the data was stolen? How would a breach affect your business, employees, and clients?
- Who currently has access to this data, who should have access, and why do these individuals need to access the data?
- Where does the data reside? Are there multiple copies of the data?
Once you have a complete understanding of your firm’s data, you will be ready to begin implementing the appropriate technologies and policies to protect it.