One of the fundamental tasks associated with securing data that is easily ignored when taking on such an effort is classifying the documents, databases, or other storage locations that data is stored in. Without proper classification, it will be impossible to assemble policies that can help protect it.
Policies should reference data by a classification (top secret, HR access only, employee access only, public information, card holder data, personally identifiable information etc.) and then define how access should be handled based on the classification. Data should only be stored on servers / folders that are appropriate for its classification and nowhere else.
Look for more tips in upcoming blogs right here. If you need help with developing policies, call us at 636-557-7777 or email email@example.com.