May 31

How to Do it Yourself: Classify and Encrypt Data

Protect Your Business Data with Classification and Encryption

Protecting your business data based on its sensitivity is crucial. This guide will walk you through classifying and encrypting data, ensuring it is protected both in transit and at rest, aligning with CIS Control 13.1 (Data Protection).

Step 1: Classify Your Data

Identify and categorize your data based on its sensitivity.

  1. Identify Data Types: Determine what types of data you handle (e.g., personal information, financial data).
  2. Assign Sensitivity Levels: Classify data into categories such as Public, Internal, Confidential, and Highly Confidential.
    • In Microsoft 365, you can use sensitivity labels to classify and protect your data.
    • Go to the Microsoft 365 Compliance Center and click on Information Protection in the left-hand menu.
    • Click on Labels and then Create a label to define sensitivity levels and configure protection settings.

Step 2: Encrypt Data at Rest

Protect stored data from unauthorized access.

  1. Microsoft 365 Encryption: Use Microsoft 365 tools to encrypt files and emails.
    • OneDrive: Store sensitive files in OneDrive and ensure encryption is enabled.
      • In OneDrive, right-click on a file or folder and select Classify and protect to apply a sensitivity label with encryption.
    • SharePoint: Use SharePoint's encryption features to protect documents.
      • In SharePoint, click on the three dots next to a file or folder and select Classify and protect to apply a sensitivity label with encryption.

Step 3: Encrypt Data in Transit

Ensure data is encrypted during transfer.

  1. Email Encryption: Use Microsoft 365 to encrypt emails.
    • Outlook: Enable email encryption in Outlook to protect email content.
      • In Outlook, create a new message and click on Encrypt in the Options tab to apply encryption to the email.
  2. HTTPS: Ensure all websites and online services use HTTPS for secure communication.
    • Configure your websites to use SSL/TLS certificates and enforce HTTPS connections.

Why Data Classification and Encryption Matter

Classifying and encrypting data helps protect sensitive information from unauthorized access and ensures compliance with regulatory requirements. By identifying the sensitivity of your data and applying appropriate encryption measures, you can significantly reduce the risk of data breaches and protect your business's reputation.

This step aligns with CIS Control 13.1: Data Protection, which focuses on ensuring that sensitive data is protected both in transit and at rest.

By following these steps, you can enhance the security of your data. Stay tuned for more tips on managing your business's cybersecurity risk effectively.

For more details on securing your business, check out our CyberGuardian Blueprint


Cybersecurity, Data Classification, Data Encryption, Data Protection

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch

0 of 350