We’ve heard the phrase crown jewels a lot lately. We aren’t talking about royalty and alarmed glass enclosures, though. We’re talking about data classification — specifically, the most valuable data in the enterprise. This is the data that, if it falls into the wrong hands, could mean significant damage to a company, government, health care provider or educational institution.

Protect Critical Data

Organizations must prioritize the protection of crown jewels, but any organization worth its salt realizes that data classification will make abundantly clear that there are massive volumes of data that could still cause pain if lost, even though it might be a level or two below crown jewels. This pain could come financially, in terms of regulatory fines and paying for breach protection, and can cause terrible distress to an organization’s clients and customers, such as fraud resulting from stolen health care data or payment information.

The problem is that it can be hard to know such data exists and identify where it is. Even with a stringent governance and privacy policy, can you really say with confidence that there isn’t a team testing with production data or a new application that requires personally identifiable information to register?

It’s not really a strategy to say “if we don’t know it’s there, it doesn’t exist.” You might get lucky and auditors won’t find the violation, but there are those who are much more diligent in probing for your soft spots. That, of course, would be the relentless army of cybercriminals.

Learn more about securing the data that powers your business

The Steps to Classification

Of course, data breaches are part of the risk equation you calculate every day. You might have limited staff working on other high-priority tasks. But isn’t data discovery and classification partly the job of automation? Not always. Here are some considerations to keep in mind as you approach the data classification process:

  • Make a plan and use tools and automated processes to make the job easier. Don’t forget to look at structured data, files and documents.
  • Consider bringing in trusted services to help you create a plan and even do the initial classification work for you. They can also help you become self-sufficient moving forward by putting the correct automation in place.
  • Don’t forget to take the next step and protect valuable data using encryption, monitoring and rigorous authorization and authentication mechanisms. Monitor those entitlements, as well.
  • One more thing! Make sure the applications that access that data are not inadvertently opening the door using a very common attack method, SQL injection.

The important thing is to get started. You might be surprised what you find.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…