Information Security
Corporate activities involve handling a wide range of information about the company's customers and business partners. Many of the data and documents used in business contain confidential and sensitive information. Such information must be handled with care because its leakage outside the company could lead to serious problems.
This article explains the definition of confidential information and countermeasures against information leaks.
Confidential Information
There are some types of confidential and sensitive information. We explore each of them below.
Definition
Sensitive information can specify and damage the organization or individuals if it is disclosed.It includes biometric or financial information, passports etc., which is so called personally identifiable information (PII). To protect this information, it will be indispensable for being encrypted in transit.
In business,sensitive information includes anything that could damage the organization.Not only customer data but also trade secrets, financial data and any plans that it possesses, etc., are all regarded as confidential. In other words, confidential information is what individuals or organizations do not want disclosed with other groups or individuals.
Examples
For enterprises, each department or division has different types of confidential information as follows.
They can be broadly classified into five categories: management information, financial and accounting information, R&D and technical information, human resources information, and marketing and public relations information.
【Types of Information】
| Type of information | Examples |
|---|---|
| Management | Business plans, inventory, M&A, etc. |
| Financial and Accounting | Budget and sales, financing, joint venture plans, etc. |
| R&D | Design drawings, study reports, project specifications, etc. |
| Personnel | Salary, promotion, transfer, etc. |
| Marketing and Public Relations | Sales history, sales promotion, customers, business partners, etc. |
As written above, each organization has a variety of confidential information. Not only employees but customers and business partners are all related and it must be treated properly and safely protected. It should be noted that data of order history and browsing history is classified as personal information and can be confidential information as well.
Non-Disclosure Agreement (NDA)
Definition
A Non-Disclosure Agreement (NDA) is one type of legal confidentiality agreement. According to Investopedia, it bends one or more parties to non-disclosure of confidential or proprietary information.
“A confidentiality agreement is often used in situations wherein sensitive corporate information or proprietary knowledge is not to be made available to the general public or to competitors.”
Some companies often require new employees to sign NDAs. This will result in a deterrent effect on preventing information leaks from employees, and protecting the company itself if they happen.
References: Non-Disclosure Agreement (NDA) Explained, With Pros and Cons by Investopedia
Types of Confidential Information
Sensitive information is classified as some categories. One is confidential information shared only with people in the organization. This means external parties such as business partners or customers are not allowed to know the content. Examples include meeting minutes and employment regulations. This information could lead to risks if leaked and must be protected.
Depending on its level of importance, confidential information is treated as "Top Secret," "Secret," or "Outside Confidential" in descending order of confidentiality. Certain information classified as "Top Secret" or "Secret" is considered to be more vulnerable to loss due to leakage, and can only be accessed by a limited number of people within the organization.
Therefore, some information with the higher level of confidentiality will not be shared even within the organization nor department.
Personal data
In the categories of sensitive information, personal data is also included and requires careful handling. Leakage of this kind of information may expose individuals to social risks such as discrimination or cause psychological damage.
Not only personal email address or phone numbers, this information includes an individual's political views, religious beliefs, race or ethnicity, and place of birth or legal domicile. Each organization requires careful handling of personal data to protect an individual's privacy.
In terms of NDA, personal data is not included since the agreement is subject to the organization.
Back to Contents
Business Risks
What risks are posed to a company if confidential and sensitive information is leaked? This section elaborates on business risks.
Loss of Trust
Widespread negative reputation from information leaks can lose trust in many ways. For business, the impact will spread to clients, customers, suppliers and future business partners and more. In this society, it will also be a threat that such reputation can trigger a false rumor circulating through social media, which will result in further reputational damage. These elements can cause financial damage as a consequence, which means information leaks impact company management itself.
Compensation for Damages
When it comes to another negative side of information leaks, it should be taken into account that an organization can be required to pay compensation for victims of them. There have been cases of large-scale personal information leaks in the past, in which companies have paid compensation to their customers for damages.
The more sensitive the information, the more serious the damage from a leak can be.
Data Breaches Threats and Countermeasures The majority of information leaks are caused by human error by employees. Improving internal information security education will help reduce the risk. In this issue, we introduce the risks that information leaks pose to companies, measures to prevent their occurrence, and the response flow in the event of an outbreak.Back to Contents
Countermeasures
To prevent information leaks, it plays an important role to strictly adhere to company rules on a daily basis and maintain an up-to-date secure environment. The following explain a couple of countermeasures.
Device Management
In terms of digital devices, they need to be well-managed including bringing in and using any media capable of storing confidential and sensitive information within the organization. For instance, carrying data on USB memory sticks or external hard disks carries the risk of loss or theft.
Likewise, employees’ personal devices should be strictly managed for business purposes.
It is also important to stipulate and clearly state rules restricting where company-owned devices can be taken out of the office and where they can be used. New management methods may be introduced to keep information assets safe, requiring employees to apply in advance when taking digital devices out of the office.
With the proliferation of teleworking, urgent countermeasures are required for stricter enforcement of these rules.
Software Security
Install security software on company-owned devices to protect sensitive data from computer viruses and unauthorized access. Periodic updates of software are also indispensable for data protection.
Keep your software up-to-date to protect data from new cybercrime tactics.
Security Awareness Training
Employee awareness plays an important role to keep your company's confidential and sensitive information safe. Appropriate handling of sensitive information and understanding the importance of information security will result in protecting data in your organization. As a countermeasure, HR professionals should take into consideration to implement security awareness training for every employee.
For training, elearning system will be a big help in that admin can track each employee progress.
Back to Contents
Summary
Along with the fast-changing digital society, each organization is facing challenges to protect confidential information. While installing security software is one of the effective methods, further countermeasures will be required to improve employees' awareness toward information security.
As written above, introducing an elearning system will contribute to track employees’ progress and assess their understanding.
Since employees’ awareness will result in protecting confidential information by human error, HR professionals need to take actions to improve their performance.learningBOX ONlearningBOX is one of the effective learning management systems. You can create your original quizzes, upload PDF or videos, and other varieties of content in one learning environment. Auto-scoring is available as default and you can track employees' learning progress easily.
will prevent impersonation and cheating,
There will be something you can do to improve your work environment.
▼You may also like:
Data Security Training with Elearning to Employees When conducting in-house information security training, we recommend the use of an e-learning system. In this issue, we will introduce how to select a service to conduct information security training via e-learning, as well as useful information for creating content. We hope you will find it useful.Back to Contents
- Information Security
Back to Article List
Latest Articles
