New Year, New DLP Strategy?
Happy 2023, Happy Lunar New Year, welcome to the year of the rabbit. To all readers I hope it’s a year that brings health and prosperity to you, your loved ones, your clients and your data!
Humans use events like a new calendar year to re-evaluate and reset, to set new goals or reinstate old ones. Even subconsciously we’re all starting again, turning to a new a page so to speak. So, as we enter the third year of the not-so-roaring twenty twenties I’m going to take the time to explain why Data Loss Prevention (DLP) and wider Data Protection should be the heading on the top of this proverbial new sheet of paper.
Quite frankly an organisation regardless of size in 2023 without any form of DLP must have a death wish, rocks in their head or trust their employees beyond comprehension.
Employees, technologies, and working practices are now so far removed from the traditional office environment (for so many reasons), that the opportunity for data loss is incomprehensible. As an IT administrator in the 90s our DLP programmes went as far as safeguarding floppy disk usage and the task was complete.
Any user now has a multitude of different egress routes for data, because exchanging data is a crucial part of our modern lives, but with everything there is normally a right way and a wrong way or a safe method and an unsafe one. After the introduction of the GDPR in 2018 and latterly the Data Protection Act following Brexit, organisations rushed to appoint Data Protection Officers (DPOs). These DPOs have the unfavourable responsibility of monitoring internal compliance and providing advice on Data Protection and DPIAs (Data Protection Impact Assessments) amongst other thankless tasks.
Well imagine trying to do that without an element of DLP. It’s akin to putting out the Great Fire of London with a single, very, very leaky bucket! There’s nothing to stop the problem, no safeguards in place, nothing whatsoever to stop data going to places it shouldn’t and even worse nothing to inform us that it’s happened either.
So, the poor DPO is blissfully unaware of the breaches being experienced, unaware of the vast chasm of risk they’ve no means of mitigating, and still are directly accountable on behalf of the company to the ICO.
Happy New Year indeed…
If you would like to discuss how HANDD can help your organisation with a DLP or a wider data protection project please contact us today at info@handd.co.uk or 08456 434 063.