Data classification is a term that is not usually associated with the small business.┬á It tends to invoke thoughts of a lot of red tape and inconvenience that small businesses tend to avoid.┬á In reality, some essential elements of data classification can be put in place at a small business with much less cost and effort than you might think.
The first step is to know what you have.┬á Gather a cross-section of the company including persons from different departments and job roles.┬á Brainstorm about the types of data that the company has and create a list.┬á Next, group each of the data types into one of the following categories based on the data types sensitivity and availability.┬á Sensitivity is concerned with the impact disclosure of the data to unauthorized persons would have and availability is concerned with the impact of lack of access to the data.
- High sensitivity, high availability
- High sensitivity, low availability
- Low sensitivity, high availability
- Low sensitivity, low availability
Now that you have each data type in a category, label the categories and create a policy that outlines the data for each category and how it should be protected and then put together a plan to implement security controls that meet the requirements in the policy.