Data Protection – Where to Start

One common question I get asked when I speak on Data Protection, is “what do I do first” – it’s interesting topic because although my presentation is exactly about what most people should do, and in what order, everyone and every organization is different and one size, absolutely does not fit all.
In my presentation I talk about “5 Steps to Data Protection Nirvana”:
1. Identify Your Risks
2. Encrypt Laptops
3. Take control of removable media
4. Work out what’s important/sensitive
5. Implement DLP
These are based on typical customers, typical needs, typical situations. My team and I arrived at this list through working in our roles over many years, and working with customers across the world, both small and large, the steps though are the most general case, and as step 1 indicates, I encourage everyone to consider their own personal environment when deciding how to attack the problem of data protection.
One example comes to mind – A pharmaceutical manufacturing company I worked with for 10 years or so – After hearing my speech they promptly mentioned that they didn’t actually have many laptops – less than 1% of their estate if I remember right. Their problem was CD’s and DVD’s were going missing. They had solved the lost laptop problem by simply (continue reading...)