Critical (or Confidential) Information at a Small to Medium-sized Business (SMB) is most easily understood to be regulated data such PCI, HIPAA, NPPI, CCPA, GDPR. Additionally, some unregulated data such as Intellectual Property, that needs special protection from disclosure and theft can also be considered Critical or Confidential Information. Protecting the Confidentiality, Integrity, and Availability of critical and confidential data is very important to the health, well-being, and success of your business.
Protection Requirements: It is best practice to shred paper, encrypt critical and confidential data at rest and in motion, follow the principle of least privilege with mandatory access controls enforced wherever possible. It is also important to codify your definitions of critical and confidential data within your business using examples for your employees in a policy known as an Information Handling Policy. CyberHoot users have access to a Policy Template for just this purpose.