Beyond credit card numbers: How different types of data can impact your reputation

To effectively plan for a data breach, it’s important to understand the types of data you possess and the impact each would have on your reputation if it were to leak.

pile of credit cards financial tech
Thinkstock

Data classification is a critical early step in developing not only an effective cybersecurity program, but an effective incident response plan, as well. The classification of your breached data will dictate the type of response needed, which means any classifying procedures should include an analysis of how different types of data can impact your organization’s reputation.

Lots of data types can negatively impact your reputation. It’s not just about losing credit card numbers, although that tends to garner the biggest headlines. When you’re evaluating the potential impact of a breach, it’s important to understand the different ways other data types can act to harm your organization’s reputation.

Consumer data

This is the category most commonly thought of in the context of a data breach. Your company loses personal or financial information about your customers – credit card numbers, passwords, social security numbers, dates of birth, etc. We’ve all seen the headlines that follow this type of incident, and while the impact on a company’s reputation can vary greatly, depending on their handling of the situation, they all require a very external-facing response.

Customer/client data

If your business is primarily in the B2B space, you likely possess information about your customers/clients that is just as valuable – even if it makes for less sexy headlines. If you work in any type of contracted industry, you will have customer/client data on your systems. This could include anything from their proprietary business information, details related to a joint project, or technical data related to your use of their networks. In many cases, the value of breaching your network may simply be to gain backdoor entry to your client. Regardless of the specifics, if you aren’t able to protect the information they’ve entrusted to you, it’s hard to maintain a reputation as a reliable business partner.

Strategy documents

Every company has some form of internal strategic documents. This could be market research, competitor analysis, business development plans, financial forecasts or future transaction planning – all of the things that allow you to make smart business decisions based on your unique analysis about the future of your company and industry. Having any of this information leak out would not only provide your competition with insight into your plans, but the data, analysis and internal debates you’ve had along the way would be subject to scrutiny from across the industry. Internal deliberations and assessments are kept that way for a reason. You’ve carefully orchestrated an external-facing reputation, it’s hard to maintain that image when everyone gets to look behind the curtain.

Intellectual property

This gets to the very existence of your company. The proprietary products and processes you have created are always going to be valuable to someone on the outside. After all, trade secrets are, by definition, supposed to remain secret. Similar to your internal strategy documents, leaked intellectual property cuts away at your competitive advantage, but in this case, the potential damage extends beyond embarrassing internal deliberations. If other entities are going to have the ability to replicate your one-of-a-kind widget, breakthrough formula or cutting edge manufacturing process, you will need to bring a much stronger communications strategy to the table in order to preserve your reputation as an industry leader.

Personal emails

It’s not usually high on the list of valuable data your company owns, but just pause for a second to think about the emails you send. The ones that wouldn’t pass the “headline test” no matter how much context you try and provide. The ones to HR talking about personnel issues or performance reviews or pay raises. The ones reporting anything through the proper channels. The ones that aren’t work appropriate – or will seem that way when taken out of context. The reputation of your company isn’t just related to the work you perform. It’s related to the people who work there. If leaked information embarrasses individuals, it’s going to reflect poorly on your whole organization.

As the chief defenders of information security, it’s your job is to mastermind incident planning, response and recovery efforts. Having a broader understanding of the value of the data spread across your organization allows you to more appropriately classify your data and respond more effectively to situations that may seem small from a technical perspective, but could have major impacts on your company’s reputation in the long run.

This article is published as part of the IDG Contributor Network. Want to Join?

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!