We’ve seen people in America’s highest positions struggle with keeping classified documents in safe and secure locations recently.
Now, while your business may not have any documents in its possession that could contain keys to national security, it likely does have some documents and other materials that you don’t want just anyone seeing.
Some small businesses store printed classified documents that can contain intellectual, financial, and other types of sensitive information.
So, what should you do to protect your business’s classified documents?
How to Protect Classified Documents for Your Business
Here’s what some experts are saying about this potential issue. And what small businesses can do to protect this kind of important information.
Chris Novak, Global Director of Threat Research Advisory Center at Verizon, covered some of the potential results of not protecting this material properly.
“There are immediate consequences to customer churn, the future cost to acquire new customers, substantial litigation expenses, employee morale, and more,” he writes. “If the documents that were lost contain substantial trade secrets (i.e., supplier pricing models, merger/acquisition strategies, etc…), the business could even suffer irreparable financial harm.”
Novak suggests that small businesses can create a data flow diagram illustrating where the data is created. He also proposes data loss prevention technology and a data classification schema to corral printed classified documents.
“This will help small businesses track the movement of sensitive data as well as restrict its access to individuals with a justifiable need-to-know.”
Jon Morgan is the CEO of Venture Smarter and a business consultant. He agrees that access to classified documents needs to be limited but adds another few suggestions.
“Educate employees on the importance of security and provide them with the tools they need to protect your company’s data,” he says. “Another small business might use a physical lock and key system to protect hard copy documents in a file cabinet.”
Classified documents can include hard drives, images, maps, photographs, emails, and of course paper documents.
这 Federal Trade Commission has some important information for small businesses looking to keep classified and sensitive personal information safe. They suggest that a good plan is built on five key principles.
The first step is to take stock of the classified and/or sensitive information that you have on computers. They also suggest that you only keep what’s important for your business.
Physical security is a big part of the FTC plan. For example, they propose that you store files and other paper documents in a locked room. Controlling who has a key to get and the number of keys is also important.
If you need to ship any of this information using outside contractors or carriers, it needs to be encrypted. It’s also a good idea to use an online shipping service that will let you track the delivery of the information.
Tuomas Bergström Director of Engineering, Operations, and Security at ONEiO Cloud Corporation advises that small businesses should create clear policies that classify documents. These need to cover all the different distribution channels and mediums a business uses and be comprehensive.
“The policy needs to cover topics on how to classify the documents,” he writes. “And based on that, what are the rules for dissemination, protection, labeling, and storing them.”
These policies can handle several different groupings. For example, a confidential classification tag is usually reserved for contract negotiations, intellectual property, protected health data, and bank account numbers.
Some small businesses can go another level up and add a secret classification which can also be called highly confidential. These can include documents that are used in litigation, strategic planning, and mergers.
There’s also a business use-only option that you can consider when you’re putting together a policy. These are specifically designed to cover information used in routine day-to-day business matters. Company phone lists and policy manuals are examples.
本文， ”您的企业是否在保护其机密文件？” 首次发表于 小型企业趋势