What does this mean for an SMB?
Confidentiality is important when dealing with sensitive information in your business such as your personnel data, Intellectual property, or regulated data such as credit card or HIPAA data. Having an employee’s bank information or important business documents accessible by the wrong people in your SMB can lead to cyber incidents and damage to your reputation.
Keep your sensitive data confidentiality by following this advice:
- Encrypt your sensitive files and information;
- Limit who has access to the data following both Least Privilege and Need to Know cybersecurity best practices.
- Secure (lock) devices and physical paper documents;
- Properly dispose of data, devices, and paper documents (shred);
- Train your employees on how they should protect the confidentiality of the data they have access to while it is at rest (stored on systems, servers, and in email) and in motion (emailed, transferred etc).
- Govern employees with an Information Handling Policy that outlines the lifecycle of your data, how it should be labeled, and how it is to be protected at rest and in motion within your business processes.