Common Compliance Issues You Might Be Missing
Information security is on every business’s radar these days. Data drives so much of what we do. Looking to contain the risks, many sectors have established IT compliance regulations. Whether meeting a standard or not, don’t overlook these common areas of concern.
Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security.
Whether mandated or not, the goals remain similar:
- Improve security protocols
- Identify vulnerabilities
- Prevent breaches
- Reduce losses
- Increase access control
- Educate employees
- Maintain customer trust
Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these common issues can benefit companies in any industry sector.
Common Issues that Thwart Compliance
On average, companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO. Although, cost savings aren’t the only reason organizations are embracing BYOD. Letting people use personal mobile devices at work improves productivity and engages employees.
Yet allowing BYOD in the work environment can make the organization more vulnerable.
There is greater risk of:
- Spread of malicious applications or viruses
- Employees accessing business materials using unsecured Wi-Fi
- People who have left the company continuing to have access to proprietary systems
None of these are good from a compliance point of view.
A related common compliance concern is physical security. A business may do a brilliant job of securing its devices on-site. They have firewalls in place, patch security regularly, and ask employees to update passwords; however, what happens if a laptop, mobile phone, or USB drive is lost or stolen?
Additionally, there’s extra risk if a personal portable device is lost or stolen. These personal devices may not have the same access controls as business computers.
All devices accessing business systems and networks from off-site should use encryption. With remote monitoring and management, IT staff can control security configurations regardless of the end-user environment. Mobile device management allows your IT team to secure, locate, or erase any mobile device used for business.
Counting on Others for Compliance
Another area of concern is third-party connections. Your business may be top-of-the-class as far as the five core functions of cybersecurity – Identify, Protect, Detect, Respond, and Recover – are concerned, but what if your vendor’s security isn’t up to snuff.
Do you have business partners that are storing your sensitive data? Or does a supplier have access to personal customer or employee information? Third-party risk is a real thing – just ask Target. In 2013, cybercriminals stole data for 40 million debit and credit cards via the retailer’s HVAC company.
Cybercriminals could use a third party’s lax security to target you. Make sure that your vendors are taking cybersecurity as seriously as you do.
Even in your own business environment, cut the number of people who have access to sensitive data. Part of it’s trust, part of it’s vulnerability. Undoubtedly, you’ve hired people you think you can trust; however, the more people that have access, the more people that can be targeted by cybercriminals.
Here are some precautions you can take to ward off the insider cybersecurity threat:
- Educating employees about the importance of strong passwords, securing devices, and physical security
- Informing people about social engineering (e.g. phishing emails or fraudulent business communications)
- Limiting personnel access to data, network, or systems based on necessity
- Having a policy to revoke access permissions and reclaim devices from any employee leaving the company
Ensuring compliance takes technological know-how and awareness of the evolving threat landscape. This vigilance, communication, and education require time and effort.
We can help put the right policies and procedures.
STG IT Consulting Group would love to show you all we can offer as your Managed Service Provider.
Click here to schedule a free 15-minute meeting with Stan Kats, our Client Engagement Specialist and Senior Technologist.
We proudly serve the Los Angeles and West Hollywood area for all of your IT needs. We look forward to meeting with you!
Related Blog Posts:
Healthcare Providers Must Prepare for IT Disasters
Is Healthcare Compliance Enough?