TL;DR – find out “what do you want to protect.” Fortunately, GDPR may help here as understanding what data you collect, process, and store is one of the fundamental requirements. Time for an information audit?…:
[…] The answer used to be simple: lock it down. But with today’s distributed workforce, that is not a realistic option.
To accommodate new, more flexible working patterns, a completely new approach to data security is needed. We know that prevention strategies alone are inadequate because high-value data is lost every day.
Instead of trying to prevent data from moving outside traditional security perimeters, organisations should focus on gaining visibility over their data lives; when and what data leaves their organisation; and who has access to it.
The newest generation of data protection strategies are based on how quickly organisations can detect and respond to threats.
Quick response to threats is especially important during situations when data is at high risk. In particular, businesses need visibility to their data during M&A, organisational changes, and employee departures, as well as when data is accidentally leaked.