Carrying out a Gap Analysis will help to determine whether your organisation has implemented data protection effectively. It will also allow us to show whether or not your organisation’s policies are being followed when data is processed.
Another name for a gap analysis is a data protection audit or health check.
Completing a gap analysis enables organisations to identify and control potential risks and avoid breaches. It also ensures that the organisation follows the UK GDPR and/or Data Protection Act 2018 (the Act). This can help organisations protect themselves against potential financial penalties and legal claims from those whose data has been breached. Non-compliance can also result in negative publicity, harming an organisation’s reputation. When an organisation complies with these requirements, it effectively identifies and controls risks. Therefore, it protects itself as much as possible in case of a data breach.
An audit will typically assess your organisation’s procedures, systems, records, and activities to:
Ensure the appropriate policies and procedures are in place
Verify that those policies and procedures are being followed
Test the adequacy controls in place
Detect breaches or potential breaches of compliance
Recommend any indicated changes in management, policy, and procedure.
Benefits of gap analysis
It’s an audit of data protection implementation in your organisation. For me, it is more of a health check with some great benefits for a business. A gap analysis can help your business:
Improving compliance: a gap analysis can help you to develop a plan to bring your business into compliance. This can help you to avoid costly fines and legal actions.
Reducing risk: A gap analysis can help you to identify where your business is vulnerable to data breaches or other security incidents. You can reduce the risk of a data breach and protect your business from the consequences of such an incident.
Enhancing security: A gap analysis can help you to identify areas where your security measures may be lacking. A plan can be created to improve your security posture and protect your business from cyber threats.
Building customer trust: With strong data protection measures and ensuring compliance with regulations, you can build trust with your customers. This can result in increased customer loyalty and positive word-of-mouth recommendations.
Avoiding reputational damage: A data breach can harm your business’s reputation. You can prevent the negative impact of a data breach on your brand image.
Streamlining processes: You to streamline your data protection processes by identifying areas where you may be duplicating efforts or using outdated technologies. By optimising your operations, you can save time and money while maintaining a high level of data protection.
Completing a gap analysis
Knowing how to go about it is essential if you’re convinced that a data protection gap analysis is the right step for your business. Here are a few steps you can take to ensure that your gap analysis is practical:
Could you define your scope? Decide which business areas you want to assess in your gap analysis. This could include policies, procedures, technologies, and practices related to data protection.
Identify your assets: Determine what types of sensitive data your business handles, where it’s stored, who has access to it, and how it’s processed.
Evaluate your current state: Assess your data protection measures and identify areas where you may be non-compliant with regulations or vulnerable to data breaches.
You can develop a plan: Based on your assessment, you can create a plan to address any gaps or vulnerabilities you’ve identified. This plan should prioritise the most critical issues and outline specific steps to improve your data protection measures.
Monitor and update: Regularly monitor and update your data protection measures to ensure they remain effective and compliant with regulations.
By following these steps, you’ll be well on your way to implementing a thorough and effective data protection gap analysis for your business. Remember, taking proactive steps to protect sensitive data is crucial in today’s digital landscape.
Summary
Overall, a data protection gap analysis is a proactive step that can help your business stay ahead of potential data breaches and ensure compliance with data protection regulations.
It also provides:
Recommendations on mitigating non-compliance risks.
Reducing the chance of damage and distress to individuals.
Minimising regulatory action against your organisation for a breach of the Act.
Overall, a data protection gap analysis is a proactive tool to help your business protect its sensitive data and comply with data protection regulations.
If you need help to get started on completing an analysis or would like to have a fresh set of one of our team complete it for you, please book a free discovery call here.
When it comes to the Microsoft 365 landscape, everyone has their go-to favourites. Many of us tend to stick with them. But do you know all the apps, including the ‘lesser-known’ ones?
They are familiar, easy to use and integrate perfectly with the other 365 apps we use. So why would we want to change how we work and organising tasks that work so well?
The answer might lie in the wide range of lesser-known 365 apps and features we haven’t yet tried. They might have the potential to make life even better! This is the third and final blog in the series. Click here to read apps for remote working or more that make a difference.
Here are just a few of them and the different aspects of your business they can help:
Customer Management
If you aren’t giving your customers the best experience possible, you risk losing them to a business.
Fortunately, a handy duo of Microsoft 365 apps can make a difference in your customer relationship management.
People
People is the address book that can be created and shared across the business. It can incorporate room bookings, external and internal contacts, and groups.
Bookings
If your business relies on appointments, then Bookings can be a lifeline. It is a web-based booking calendar that can be embedded into existing websites and shared via links or social media.
Bookings integrate with other 365 apps, such as Outlook, to send reminders and is even available as a feature within Teams. This allows users to create new calendars, assign staff and manage appointments in one convenient space.
Lists & Forms
Organisations are increasingly reaching out to customers and colleagues. Whether it be through a checklists or forms. This can be as part of the qualities that businesses strive for in a world.
Lists
Lists help us stay on track and get things done. Don’t be fooled by the name, it is not a to-do list, but rather a checklist. It is available as both a mobile and web-based app. This ensure users have everything they need at their fingertips, wherever they are.
Lists are intelligent and highly flexible and can easily be created and embedded into Teams channels with templates for every conceivable requirement. It does come with some templates which include issue tracker, employee onboarding, work progress tracker and even a content scheduler.
Forms
Forms are elegant and straightforward; it allows users to reach out to anyone on any device or browser for customer feedback, test knowledge, or evaluate learning.
The forms themselves can be highly customised, and integration with SharePoint lists and PowerApps can create incredibly rich and highly automated surveys, polls or quizzes with security and compliance built-in as standard.
File storage & Collaboration
OneDrive and SharePoint
As so many people work outside of their offices, the need to organise, store, and share files and access them on a range of devices has never been greater for many businesses that use OneDrive. This solution works well for many and comes with a range of benefits.
However, SharePoint is a cloud-based service for any sized business that takes file storage, secure access, and collaboration to another level. SharePoint allows users to create entire sites and provides access to vital company information safely and compliantly.
SharePoint is one of the leading Intranet solutions for business, one on which many of the top companies already rely upon.
Note Taking
Nearly everyone relies on notes at some time or another. What better way to jot down reminders, tasks for the day or important information we might need later? OneNote is, for many, the ideal way to organise notes, translate text and share them when needed, but there is another option with just as much potential.
Whiteboard
Sharing thoughts, ideas, and brainstorming are crucial aspects of a successful business; Whiteboard enables a simple, no-nonsense interface. It is ideal for mobile devices and tablets, allowing users to share sticky notes, drawings, images or pasted text with a simple link.
As with so many of the apps in the Microsoft 365 environment, Whiteboard’s strength is integration. For example, it can be invaluable as part of Teams, a benefit that other whiteboard-style apps don’t have.
Visio
It is one of those apps that doesn’t quite fit anywhere. Visio is a great app for creating visual maps, flowcharts, process maps, etc. This used to be an app outside of 365 and an additional cost, but it has been brought into the fold and is now part of the suite. Visio has lots of templates to get you started, or you can start from scratch.
Following on from our recent look at the sheer range of applications for business within the Microsoft 365 environment, we will continue by looking at some of the household names. The apps that everyone will be familiar with, along with one or two of the fascinating supporting cast. The little-known ones you might not know as well but which can help your business perform at its best.
Office staple apps
Word and Excel combined to form the backbone of most people’s needs when it comes to Microsoft Office. They are familiar, comfortable and intuitive to use. However, they can still surprise us occasionally.
Many users don’t realise that Word can be a powerhouse tool for collaboration. The Co-Authoring feature allows users to work on documents stored in SharePoint or Onedrive with anyone, anywhere. Simply by clicking on the share icon and adding the email addresses of the people they want to work with, users can collaborate on documents in real time.
Without a doubt, Excel is the ‘go-to’ app for anyone working with spreadsheets.
The ‘smart lookup’ function is just one of Microsoft 365 features. Right-clicking on word and selecting the smart lookup function launches Bing. Bing then searchs the internet for information on whatever is highlighted.
Communication apps
Microsoft 365 has a range of inter-connecting communication apps; Teams, Outlook and Yammer to name the essentials.
Outlook has everything we need to do business. Most things can be done from your inbox simply by selecting the drop-down menu in the Outlook inbox. From there, contacts can be added, appointments scheduled, and emails assigned to specific days just by dragging them onto the calendar icon.
Yammer is, for many, the ideal way to add private, secure social media to their business. Users can connect, engage and share thoughts and ideas across their business. Therefore, staying informed and creating a sense of community and sharing resources or simply saying thanks.
Think of it as similar to your business’ own private Twitter network.
Discovery
Delve is accessed through a browser. It’s a cloud-based platform ideal for remote working across an array of devices and forms a valuable hub for users and colleagues. Invaluable for files, collaboration or even enterprise networking.
Delve can fill the user’s space with things they might find helpful. It also allows users to search and choose their content. Delve keeps those things private by default, only sharing the desired content and resources.
Tracking user data and overseeing efficiency and productivity are vital parts of a successful team. MyAnalytics gives a detailed overview of the time spent performing different tasks, hours worked, and things such as attending meetings or working late.
Reports and dashboards give essential insights into business processes, team configurations and business productivity with a powerful automation tool helping to place focus right where it’s needed.
Presentations
Teaching, making compelling proposals and pitching ideas are all possible with PowerPoint, with rich presentations that look great with little need for expertise or specialised knowledge. Users even have the potential to add audio to slides, such as voiceovers, effects or soundtracks.
Sway is a niche app for many, but it allows users to create content-rich, visually appealing designs for reports, web pages and newsletters. Content can be dragged in from various sources, and users can even add forms, slideshows or image stacks for viewers to click through like a retro photo pile.
Sharing video content safely and securely for learning, presenting, and meetings is easy with Stream. It has the potential to become an organisation’s very own video hub. At a time when so many rely on remote solutions, Stream is one of the most useful.
To discover how you could utilise Microsoft better in your business, why not book a slot for a free discussion with me here?
Want a daily top tip? Sign up for my weekly data byte newsletter here.
With so much of the business world working remotely now and probably beyond the foreseeable future, some things have become more challenging.
One of the most obvious is the challenge companies have faced in ensuring their teams have all the hardware they need to work effectively from home. The second is ensuring they are up to speed on using the apps and services that make up the software side of things too.
Many of us are familiar with Microsoft 365 and aware of the benefits the right features can deliver. As a consultant and ex-virtual assistant, I am well used to collaborating with teams off-site. I have been using various tools within the 365 environment for a long time.
When it comes to productivity, security and user-friendliness, here are some of the best ‘once used, forever relied upon’ 365 applications that empower users to work safely and securely from home.
Microsoft 365 OneNote
OneNote is a personal information management application with all the functionality you need at your fingertips (or stylus). You can organise notes exactly how you need to, share them and sync them with other devices.
OneNote even has the valuable ability to translate text. The Translate feature has the potential to be incredibly useful for businesses in multilingual markets.
Microsoft 365 OneDrive
As compliance laws around data become more robust and the need for remote access grows, OneDrive delivers a secure, effective solution that works.
With an impressive amount of cloud-based storage available on 365, OneDrive provides users all the space they’ll ever need to store and share files and collaborate with the people they need to, even on mobile devices.
Files are synced in real-time, and thanks to features such as SSL encryption and Personal Vault. You can rest assured they are always safe. Users can set up password protection for shared files and folders and, if any account is compromised, there is a restore option to roll back the entire drive to any previous date within the last thirty days.
Microsoft 365 Teams
Teams have become a vital part of the 365 environments in a world where many are now working remotely. Much like its competitors, such as Zoom and Hangouts, it has gone from occasional use to essential business tools in recent times.
One-on-one conversations, group messages, video and audio calls are all vital features of Teams, along with game-changing integration into other 365 applications such as Word, Outlook and SharePoint.
Microsoft 365 Planner
Managing teams and projects can prove impossible when the team itself is spread far and wide. Planner delivers a centralised hub for every one of them; to share files safely, make plans, oversee progress and assign and organise tasks to other users.
The big selling point of Planner over similar task management apps is 365 integration. Microsoft 365 Planner has all the efficiency for which the 365 ecosystem is well known and works together with other 365 features like Outlook, SharePoint and Teams.
Its interface is intuitive and paired back but still shows all the information users need on projects completed and those in progress.
Microsoft 365 To Do
Task management and productivity are both significant parts of keeping professional and personal lives balanced and organised. Microsoft 365 To Do is a simple app designed to make both easier and merge them if needed.
Available for Windows, Mac, iOS and Android, To Do helps users monitor outstanding tasks and tick them off when needed. It’s also cloud-based and conveniently synched on any connected device.
To Do focuses on the individual user; tasks can be arranged into handy lists or grouped to be completed simultaneously. The useful ‘My Day’ function allows users to focus on essential tasks on any pre-determined day.
To Do also integrates seamlessly with Microsoft Planner to keep users up to date on tasks or events they are a part of. It can potentially organise personal and professional tasks in one incredibly convenient place.
If you are thinking about ways to empower your team to work safer and more efficiently off-site, or if you want to learn more about the right Microsoft 365 tools for you, why not book a slot for a free discussion with me here.
In the last couple of years, how we work has changed immensely. We now want to work in a more hybrid way or work from home more often. Virtual working is in high demand, which means data protection and privacy need to be a high priority.
There are some things that organisations need to implement for the safety of the business and their clients.
Working from Home
As working from home becomes increasingly common, it is essential to ensure that proper data protection measures are in place. Team members must take steps to secure confidential and sensitive information. This will include using secure networks and passwords, encrypting data, and limiting access to work devices. That means work devices should only be used for work purposes by the appropriate person. A work-issued machine should not be shared with others in the house.
Businesses should also provide clear policies on data protection and train their employees on best practices. Regularly backing up data and conducting security audits can also help mitigate data breach risks while working remotely.
Shared workspaces
Co-working offices have become increasingly popular over recent years way to working virtually. They offer individuals and small businesses the opportunity to work from a shared workspace. However, with this trend comes unique challenges related to data protection. Co-working spaces often involve using common areas, such as shared printers and wifi networks. This can potentially expose sensitive information to unauthorised parties.
This may account for the results of a survey by Veritas Technologies which stated that 74% of companies experienced data breaches at co-working spaces.
We are not saying co-working spaces are unsafe and should not be used. They are a great place to work. But, it is essential when working in a co-working space to implement additional data protection measures, such as encrypted networks. The easiest way to do this is to use a VPN on your device.
In fact, with VPNs, I would use one whenever using an external wifi source to protect your data and access from others.
In addition, users of co-working spaces need to be conscious of the work they are working on and what can be seen by others. You are in a public area, and someone could look at your screen over your shoulder.
Additionally, co-working space users need to be diligent in protecting their data, such as using strong passwords and avoiding public wifi networks. With proper measures, co-working spaces can protect their users’ data.
Bring your own device
In today’s digital age, Bring Your Own Device (BYOD) policies are becoming increasingly common in workplaces, which can pose a challenge to data protection.
As team members use their personal devices, it cannot be easy to ensure that sensitive information is not compromised. To address this issue, organisations can implement security measures such as encryption, multi-factor authentication, and remote wiping capabilities to protect data on personal devices. It is also important for team members to receive training on data security and for clear guidelines to be set regarding using personal devices for work purposes. By taking these steps, organisations can better protect their sensitive information and reduce the risk of data breaches.
There is a theme running through each of these sections: cyber security, which is not limited to the above.
Cyber security
As more people are working remotely, cyber security has become increasingly important. Working virtually can leave individuals vulnerable to cyber attacks. As a result, it is important to have secure connections and to use strong passwords to protect sensitive information.
The first thing that needs to be checked/verified is that the set password for the router has been amended, as has the login to the router. They may look like a unique password on the base of the equipment, but they still need changing.
Additionally, when working from home, caution should be given when clicking on links or downloading attachments from unfamiliar sources. Training should be sourced and provided to employees. If you work with freelancers or sub-contractors that access your systems, you must ensure they have completed training.
Where possible, resources and lessons learned should be shared to ensure their remote employees are aware of potential threats and are taking the necessary precautions to keep company information safe.
If you have any questions about supporting your business and team to work safely and compliantly virtually, or if you would like support applying for Cyber Essentials, why not book a free 30-minute call to see what we can do?
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.