One of the core areas to protect within a business is the data. Whether data belongs to the customer or the company, all information is classified under what is called a “data classification policy.” This policy allows management to determine the various data types present in an organization and what types of security controls are necessary to protect to prevent the risk of breach, theft, or fraud. Data can be classified as public, internal use only, confidential and secret, or proprietary. Any data falling under confidential or higher should be segmented or placed into areas which will make it extremely difficult for a hacker or a perpetrator to access it without proper credentials.