Confidentialityis one of three critical data protections in cybersecurity. The other two are Integrity and Availability. (see links below for those Cybrary pages). Confidentiality seeks to ensure that information is not disclosed to users, processes, or devices unless they have been authorized to access the information. Confidentiality preserves authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Examples of confidential information that requires protection include a person’s Social Security Number, a Healthcare record, or a Human Resources personnel record.
What does this mean for an SMB?
Confidentiality is important when dealing with sensitive information in your business such as your personnel data, Intellectual property, or regulated data such as credit card or HIPAA data. Having an employee’s bank information or important business documents accessible by the wrong people in your SMB can lead to cyber incidents and damage to your reputation.
Keep your sensitive data confidentiality by following this advice:
Secure (lock) devices and physical paper documents;
Properly dispose of data, devices, and paper documents (shred);
Train your employees on how they should protect the confidentiality of the data they have access to while it is at rest (stored on systems, servers, and in email) and in motion (emailed, transferred etc).
Govern employees with an Information Handling Policy that outlines the lifecycle of your data, how it should be labeled, and how it is to be protected at rest and in motion within your business processes.
