May

NIST ID.AM-5

“Building Secure Network Architecture”

Data Classification

Not all data is created equal. Data Classification is the process of labeling information so that we know how to handle, share, and protect it according to its sensitivity.

Cautionary tale: The NYU Admissions Leak

A significant data exposure occurred at NYU when a database containing thousands of student records was accidentally set to “Public” on a cloud storage platform. The database was intended for internal use only, but because the creator didn’t check the default privacy settings or label the data correctly, the information became searchable on the open web.

The Lesson: 'Hidden' is not the same as 'Secure'. Without proper classification and labeling, sensitive data is only one click away from a massive public breach.

Network Security Best Practices

  • Public: Information that can be freely shared with anyone outside the company (e.g., marketing brochures, public job postings).

  • Internal: Data for company use only. While not “top secret,” it shouldn’t be shared externally (e.g., internal memos, company directory).

  • Confidential: Sensitive information that requires protection. This includes PII (Personally Identifiable Information) like Social Security numbers, home addresses, or private financial records.

  • Restricted: Highly sensitive “Need-to-Know” data, such as trade secrets, upcoming acquisition plans, or executive-level legal documents.

Handling Sensitive Info

  1. Label Before You Leap: Before saving a file to SharePoint or Google Drive, ask: “What happens if the whole world sees this?” If the answer is “nothing good,” label it Confidential.

  2. The Default Trap: Never assume a folder is private. Always verify the permissions list before dragging sensitive files into a shared space.

  3. Encryption is Key: When emailing Confidential data to an outside vendor, always use the company-approved email encryption tool.

May Checklist

  • Review Your Folders: Look at the “Shared with” list on your most-used cloud folders. If you see “Anyone with the link,” update it to specific individuals or “Internal Only.”

  • Clean the “Downloads” Folder: Delete or move sensitive reports from your local “Downloads” folder to a secure, classified location today.

Symbol Security

Ready to Implement This Month's Security Focus?

Deploy automated security awareness training with Symbol Security. Schedule simulations, track progress, and measure improvement across your organization.

Get Started Today View Full Calendar