One common question we get asked when we talk about Data Protection, is “what do I do first?”
Typically a set process can be followed, but as with anything each organisation has a different approach and requirement, we normally approach this as follows:
1. Identify Your Risks
2. Encrypt Laptops
3. Take control of removable media
4. Work out what’s important/sensitive
5. Implement DLP
These are based on typical customers. dataplex arrived at this list through engagements with end users and security vendors.
By looking at your business, and spending a few hours “Identifying Your Risks”, you are able to determine what low hanging fruit is available to tackle. One of your key things to address and often overlooked is executive support, if you get their backing your life becomes easier.
A good place to look initially is at what your peers are doing In these cases it’s often helpful to see what your peer companies are doing. Resources such as the Information Commissioner’s Office are great places to see what breaches are being reported, and from who.
Take the ICO for example – a brief look through recent reports shows:
• Pension Authority – Lost unencrypted CD
• School – Theft of Memory Stick
• NHS Trust – Unencrypted Laptop Stolen
• School – Theft of unencrypted PC
• Highland Council – Sensitive information sent to wrong address
• County Council – Theft of two unencrypted laptops and one unencrypted memory stick
• District Council – Theft of unencrypted laptop
• Insurance Company – Loss of unencrypted backup tape
• Insurance Company – Theft of 8 unencrypted laptops
• NHS Trust – Theft of unencrypted laptop
You can see, though we have education, medical, government, and insurance represented, there are a lot of “removable media” and “stolen unencrypted computer” notifications. Maybe they are good places to start looking at protection strategies?
So how are you tackling your data protection? Not sure? Then contact us to see how an independent advisory service can show you the way securing your IP.