Updated: Jul 18, 2020
Many times, we are talking a lot about company governance. However, when information that is vital to our business, we seldom take action on protecting it.
Data exfiltration is a very common way to spill the company data, which eventually becomes a data breach reaching the medial. 60% of data breaches happen, because of a rogue insider. There is plenty of information available in these cases. Maybe one of the worst was among security company Trend Micro recently.
It is nice to trust employees. However, when it comes to confidential data, that can ruin the company's reputation, there are great ways to govern your information and protect it as you go. There is no need for complex end user manual labeling anymore unless it is wanted. It all can be automated. When it comes to trading secrets and such, it can be automatically encrypted by using the company's internal encryption keys, when even the company cloud provider cannot see the data as it is encrypted and the key holder to the data is your company.
Most systems allow you to create retention labels for your labeled information. This makes sure, that certain documents, emails, etc. don't go missing or deleted by a mistake. These can be classified as company confidential or top secret. There are multiple products, that provides Data Loss Prevention
While information security classification and protection will help your organisation to protect your documents from a breach and awkward data spilling, the governance will govern the retention time of your document, which means; how long the data is stored and where? This way, even your employees come and go, you can be certain that vital information is not lost.
Regarding the Finnish privacy laws, it is highly recommended, that the personnel will in any customer communication use the group mailboxes. If your company uses illegal litigation of mailbox or private Teams chat information, your organisation has violated the constitution rights in Finland. Hence, it is best to build the processes around, what is private and what is not and where to store all the data that is not private, such as customer communication.
If you are interested in hearing more about technology-neutral solutions regarding information protection, please do not hesitate to contact me! firstname.lastname@example.org