This week’s tip is especially for business and enterprise laptop users. All too often, organizations make assumptions. Assumptions are very dangerous.

One assumption made is that your users aren’t putting much sensitive data on their laptops. For example, “we use an SaaS application, so all the data is on the server, so I’m sure our laptops don’t have much sensitive data on them.” This is a classic wrong assumption, since it is very common for employees to either circumvent existing policies (usually because those policies, or the technologies themselves, are obtrusive) or to simply behave in unexpected ways. Using Microsoft Excel to do some numbers crunching outside of the SaaS web-hosted app is a classic example of data that is on the laptop after all.

Obviously users are likely to “lie” if directly confronted, but the basic idea here is to begin by talking to users and examining what really goes on. How this is done will certainly vary by the size of the organization and its culture. At one extreme might be “random seizures” of equipment for examination, and at the other extreme would be a small business owner simply visiting with staff about how to treat data.

It’s a start, and an important one. From there, more thorough policymaking can be done.