Lessons from the Field: Communication

I’ve been a consultant (I’m also counting my time as an in-house consultant) for more than 15 years. I’ve been providing my skills in simplifying tech for end-users and business stakeholders and learning many important skills along the way.

Here are the things that I wish someone has taught me a loooong time ago. Let’s start with the most important one. Communication.

Entering the world of consulting, it’s crucial to recognize that a significant part of your role revolves around communication. Whether it’s engaging with your boss, collaborating with colleagues, presenting to clients, liaising with vendors, or conducting interviews, effective communication is at the heart of it all.

So, let’s dive into the essentials of how to leverage communication in our consulting roles. Below, we’ll explore the foundational elements that builds an effective communication, setting the stage for a deeper understanding of this vital skill.

  • Message: This is all about figuring out the main point you want to share. It’s like deciding what the heart of your message is—what you really want to say.
  • Medium : Once you know what you want to say, the next step is figuring out how to share that message so everyone understands it. This is about choosing the best way to get your point across, making sure it’s clear to your audience. It’s like planning how to tell a story so everyone listens and gets it. This is where you think about how you send the message: Do you do it verbally, written down, in an email, a Teams call, or face to face etc. There’s also a hierarchy to this depending on the message (we’ll get to that soon)

Lesson: The 2 most important communication blocks.

Mastering the first 2 (Message and Medium) will get you ahead of the pack.

I’ve observed numerous new consultants struggle with nailing these two crucial aspects. Understanding the difference between sending an email and opting for a face-to-face meeting for critical project updates seems to be a fading skill in today’s landscape.


  • Words and Grammar: Now, think about the words you use and how you put them together. This part is about picking the right words and arranging them well so your message is clear and sounds professional. It’s like choosing the best ingredients for a recipe to make sure it tastes good.
  • Voice and Emotion: Here, you consider how your message sounds—not just the words, but the feeling behind them. This can make a big difference in how people react to your message. It’s about how you say something, using your voice tone and emotion to connect with people.
  • Marketing: The final step is about making sure your message doesn’t just get heard but also inspires people to act or think differently. This involves thinking about how to present your message so it stands out and convinces people. It’s like making sure your message sticks and moves people to do something.

Creating an Insider Risk Management Strategy: A Simplified Guide

When thinking about Insider Risk Management strategy, it’s easy to get lost in a maze of complex solutions and cutting-edge technologies. However, before we dive into program specifics, let’s take a step back.

Simplification is our guiding principle here, and it brings us to the core four elements essential for any successful strategy: People, Process, Technology, and Implementing the Action.

People: The Core of Insider Risk Management

Insider risk management starts with understanding that your people are both your biggest asset and potential risk. Training and awareness are crucial. Employees should be aware of the organization’s policies, the significance of data protection, and the consequences of non-compliance. Engage departments across the board—security, HR, legal—to foster a culture of accountability and transparency. Regular training ensures everyone is up-to-date on the latest protocols and threats.

Ask yourself the following:

  • How can we enhance our current training programs to better address the specific risks and policies relevant to our organization, ensuring all employees are not only aware but fully understand their role in data protection?
  • In what ways can we foster a stronger culture of accountability and transparency within our organization, encouraging open communication between departments such as security, HR, and legal?
  • What measures can we implement to regularly update and refresh our team’s knowledge on the latest data protection protocols and potential insider threats, keeping our defenses as current as possible?

Process: Streamlining Risk Management

The process involves setting up a clear, structured approach to identifying, investigating, and responding to insider threats. Begin with establishing clear policies using Microsoft Purview Insider Risk Management, which offers templates for common scenarios like data theft by departing users or unintentional data leaks. Regular audits and analytics help in preemptively identifying potential risks, while a defined triage process ensures timely response to alerts. Cases are managed systematically, from investigation to action, ensuring a thorough review and appropriate response to each incident.

Ask yourself the following:

  • How can we tailor Microsoft Purview Insider Risk Management templates to better reflect our organization’s specific risk scenarios and policies, ensuring a more targeted and effective approach?
  • What strategies can we implement to enhance our regular audit and analytics processes, enabling us to identify potential insider risks more proactively and accurately?
  • How can we improve our triage process for responding to alerts, ensuring that each case is addressed timely and efficiently, from investigation to action?

Technology: Leveraging Microsoft Purview for Enhanced Security

Technology underpins the entire insider risk management framework. Microsoft Purview Insider Risk Management provides a comprehensive suite of tools for monitoring, detection, and response. Use its analytics for a deep dive into user activities, identifying anomalies that could signal potential risks. The platform’s case management feature streamlines investigations, integrating data from various sources for a holistic view of each incident. Collaboration tools facilitate cross-departmental action, ensuring a unified response to insider threats.

Ask yourself the following:

  • In what ways can we optimize the use of the platform’s case management features to ensure a more efficient investigation process, integrating data from diverse sources for a comprehensive analysis of incidents?
  • What steps can we take to enhance collaboration across departments using the tools provided by Microsoft Purview, ensuring a coordinated and unified response to insider risks?

Implementing Your Strategy

  1. Audit and Analytics: Activate auditing to track activities within your organization. Use insider risk analytics to scan for potential risks even before setting up specific policies.
  2. Policy Setup: Choose from Microsoft Purview’s policy templates tailored to different risk scenarios. Customize these to align with your organization’s specific needs.
  3. Alert Management: Configure alerts to notify you of suspicious activities. Establish a process for reviewing, evaluating, and addressing these alerts efficiently.
  4. Investigation and Action: Investigate incidents with the aid of user activity reports and take decisive actions based on your findings. Collaborate with HR, legal, and security teams to ensure comprehensive case management.
  5. Continuous Review and Optimization: Regularly review your insider risk policies and processes. Update them as needed to adapt to evolving threats and organizational changes.

In essence, managing insider risks effectively requires a blend of proactive people engagement, streamlined processes, and advanced technology.

By leveraging Microsoft Purview Insider Risk Management and Communication Compliance, organizations can establish a robust framework that mitigates risks while fostering a culture of security and compliance.

For more detailed guidance on setting up and optimizing your insider risk management framework with Microsoft Purview, you can explore resources directly from Microsoft Learn and Microsoft Security playlist.

Additional resources:

Embrace Change, Secure Data: Navigating the UK’s Data Protection Evolution with Microsoft Purview

UK’s Data Protection Refresh

The UK is introducing a new law that plans to introduce a host of new updates to the existing UK Data Protetion bill. You can read details of the change here and here and from the UK government source themselves here.

The UK Data Protection and Digital Information Bill proposes a transformative approach to data protection, aiming to balance innovation with data security. The bill introduces easier data transfer processes, a risk-based approach to international transfers, and a streamlined accountability framework. This legislative evolution represents the UK’s commitment to fostering a secure yet flexible data-driven landscape post-Brexit.

To kickstart your journey towards embracing the changes, I encourage your organization to consider initiating with these key steps. This approach not only prepares you for the transition but also positions you to leverage change using proven tools that are purpose built for Security and Compliance.

Microsoft Purview: Your Data Protection Ally
Microsoft Purview is a comprehensive toolkit designed to help organizations navigate the complexities of the new data protection landscape. Here’s how:

  1. Simplified Data Transfers: With Microsoft Purview Information Protection, organizations can classify, label, and protect data, ensuring compliance with the bill’s simplified data transfer requirements.
  2. Streamlined Accountability in Action: Microsoft Priva adapts to the bill’s accountability revamp, offering privacy management solutions that align with the shift towards a “senior responsible individual” model.
  3. Legitimate Interests Simplified: The platform aids in discerning when and how to process data based on legitimate interests, reflecting the bill’s nuanced take on data processing rights.
  4. Embracing a Risk-Based Approach: Microsoft Purview Data Loss Prevention (DLP) fortifies organizations against data breaches, embodying the bill’s risk-based ethos for international data transfers.

The Takeaway: Future-Proof Your Data Practices
The UK’s legislative update signals a new era of data protection, where flexibility and security go hand in hand. Microsoft Purview stands out as a the go-to resource for organizations aiming to thrive in this changing regulatory environment. By leveraging Purview’s suite of solutions, businesses can ensure their data practices are not only compliant but also conducive to growth and innovation in the digital age.

Dive Deeper:
For those keen to explore the intricacies of the UK Data Protection and Digital Information Bill and Microsoft Purview’s capabilities further, insightful resources await at IAPP’s overview and Pinsent Masons’ detailed analysis here.