Check your results and learn what you can do
This summary of your results can help you start a conversation on privacy awareness and taking better care of the confidential files in your organization
Level 3 – Very confidential
You selected
What are the risks?
Documents and files of this type require your full attention and many countries punish careless handling of this data with high fines and penalties. Very confidential data could contain the most private information of your staff members, patients or clients and not securing them could cause severe damage to their life or personal freedom. Even in cases where personal data is not included, they may still have critical business information of significant value for the company and its future. A breach could cause you to lose partners or funding.
What can you do?
Carefully review who needs to have access to this information ("Need-to-Know Policy") and do everything you can to protect their integrity. Also, check if the service providers you use to store or share data comply with the legal requirements for these special documents. Don't leave unprotected copies of these files on your desk and access them only from secure access points. Ensure the whole lifecycle is protected – make sure you can wipe-out a device that gets stolen or revoke all access rights of a team member when they leave the organization. Read how Zero-Knowledge, DRM and fall-back plans can help you »
Level 2 – Restricted
You selected
What are the risks?
Most of the documents that fall into this category are only relevant for the daily operations of specific departments. Access can be limited to a smaller group of people who need it for their work. A breach may lead to negative publicity and loss of trust in your company which could affect the financial success of your business. Unwanted disclosure of personal information included in these documents can have a serious impact on the economic or personal well-being of your staff or clients.
What can you do?
Aside from the basic protection applied to information of internal use (encryption and protected logins), advanced measures are required to control and limit access to files deemed as Restricted. Make sure only the people who need it for work have access to it. Tiered permission controls can help you choose which teams can handle certain files and include additional protection such as IP blocking to restrict access from outside the organization (even with stolen login credentials). It’s recommended to systematically introduce best practices such as the “Principle of Least Privilege” and use business services that foster "Privacy by Design". It is strongly recommended to consult a data security officer to help define who in your organization needs access to what and what legal frameworks in your country need to be considered. Learn more about best practices and ways to restrict file access »
Level 1 – Internal use
You selected
What are the risks?
Information suitable for internal use normally can be disclosed to all members of the organization without any restrictions. However, public access to this type of information could affect your business plans or give competitors insights into your company’s processes. A breach of personal information may affect the social or economic status of the person. The expected damage is limited in both cases and usually, can be undone. Avoiding this is preferable.
What can you do?
Since anyone in your organization can have access to this type of data, all of them need secure connections to the internal platforms and communication channels. Encryption of data transfers and stored documents, as well as protecting login credentials with strong passwords and 2-step verification are the default security measures recommended for any business data. If you need to share documents of this type with external partners, you can use protected download links. Learn more about encryption, account protection and secure sharing »
Level 0 – Public
You selected
What are the risks?
Information that is already available in publications of your organization can be disclosed to any audience without restrictions. However, this is only valid from the perspective of confidentiality and does not imply that you can reuse or modify the information without the consent of the owner.
What can you do?
If you notice that previous publications contain information that this tool listed in a higher confidentially class, it is recommended to take action and remove the information. You may also want to reassess which of your public business information could be abused to gain more sensitive data via phishing attacks. Read more about best practices »
* Tresorit does not guarantee the accuracy of the list and assumes no liability for the erroneous inclusion, misidentification, or any other action related to the maintenance of the list. The results of the self-assessment tool are oriented on recommendations based on the German industry norm DIN 66399 and internal guidelines of the LSE. Please consult a local data protection professional to assess the specific data protection requirements of your country and industry. Sources: Berlin Commissioner for Data Security and Freedom of Information, TÜV Süd and Information Security Manager of the LSE.
Once you have submitted your responses, they will be stored anonymously in a secure database for reporting purposes only. We will neither link your responses to any meta data such as your IP address nor be able to identify individuals based on their responses.