A Micro-Guide to User-driven Data Classification Solutions
The threat of a data breach is growing by the day. A recent report from Symantec revealed that, last year, the number of reported data breaches increased by 23% globally. It was a relatively “unsophisticated” cyberattack that exploited flaws in Visa’s systems and defrauded 9000 Tesco Bank customers of £2.5m in November 2016. Newcastle University researchers suggested that it was possible to run multiple bots at the same time on hundreds of payment sites “without triggering any alarms in the payment system”. Meanwhile, UK businesses seem worryingly unprepared to protect the personal data of their customers.
So what is the solution? Danny Maher, CTO at HANDD explains: “The importance of user-driven data classification software is to protect your business’s vital data assets, and it’s often considered as the foundation of a good data security strategy by data security professionals. But you need to choose the right software and that software needs to be implemented effectively, with user-driven data classification in mind”. Below, we consider the key points of sourcing and implementing a user-driven data classification solution successfully.
In terms of finding a solution, one of the biggest mistakes businesses make in the selection and tendering process is considering Data Classification as a second-line asset in the fight against data protection. A pawn in a game of chess, if you will. It is vital that your business realises the importance of this type of data protection and its pertinence to information security. If you view choosing and using a Data Classification solution as a mundane task and have a cavalier approach to classifying data, information security and organisational wellbeing could be severely compromised. As impartial specialists, HANDD Business Solutions offer fair and independent advice in this area.
Sourcing a Data Classification solution is only step one. Once a solution has been chosen it must be implemented successfully; this is step two. There are several ways you can ensure your staff are on-board and recognise the importance of classifying data – this is how the solution becomes “user-driven”. This includes staff training, making the Data Classification process straightforward, and ensuring it is recognised as a business tool. Staff education and changing mindsets is the key. After all, it is easy to consider the use of Data Classification software as purely a technology matter, and this can often diminish the importance of it in the eyes of your employees.
All employees need to understand the finer points of Data Classification. It’s unfortunately common for organisations to forget that Data Classification is not simply a ‘set it and forget it’ affair, and that a user-driven approach should be adopted. If you implement your policies without involving your staff or providing adequate training, it may still result in data being miss-classified and cause potentially serious consequence like a sever data breach (which is exactly what you are looking to avoid).
As an independent specialist in this area HANDD Business Solutions can help with the selection and implementation of a data classification solution, as well as staff training and post-installation support. Not only does this avoid errors in employees incorrectly classifying data because they don’t know how to use the solution, but it helps to start a culture of classifying data at every step.
From an implementation perspective it is easy to miss-label Data Classification software as merely a program that needs to be installed. However, it’s a business issue, and should be treated as such. Plans should not be decided by the IT department, as not only will this result in an adequate classification system, but business users will be reluctant to use it. This means that communication and human relations need to be improved between information security personnel and those in key business and decision-making positions.
The importance of using Data Classification software and designing an effective Data Classification system cannot be ignored. However, you will need to avoid all the mistakes mentioned above if you are to successfully protect your business. Make sure your employees know the importance of classifying data and that you have an adequate training plan to support this.
For more information on selecting and implementing a Data Classification solution successfully, contact us or call on +44 (0)845 643 4063.