In Part II, I presented the first seven mind-sets of thinking like a spy, to establish what we do to protect private data (eliminate, destroy, secure, lock, evaluate, interrogate, and monitor). In this part, I introduce targeting strategies to demonstrate how to go about applying those mind-sets in the most efficient (time-related) and effective (quality-related) manner possible.
The most lasting safety changes emerge from building layers of security organically, beginning with the most important steps first, then customizing them to your particular requirements. By targeting the enemy in this way, you will reap the maximum return on your investment.
Rather than illustrating the principles of this chapter with another case study of corporate data breach, I'd like to share the steps my executive team and I took (and continue to build upon) to protect our data inside a new professional speaking and training business. Incorporating what we've learned over the past five years, this case study is an accurate representation of how we have accumulated, prioritized, and adapted our privacy processes to build a successful Culture of Privacy.
Our data breach was grounded in the human factor, a potential risk at so many businesses. Our problem was a people problem—in our case, one per-son. Doug, an insider ...