There are two real noticeable ways of doing compliance, when it comes to business security.
The first is looking at the audit requirements and only doing what is required to meet that audit.
If you change a part of the compliance requirements you then fail the audit.
The second is to actually do the process correctly.
Making the system as secure as possible within the constraints of finances, time and capability.
Using a decent business security framework (mine or someone else’s) is the first step in building a secure environment for your technology, money, intellectual property, staff and clients.
The impact of a failed compliance audit can cause a number of issues for any size business. The biggest one is that your organisation is vulnerable to a cyber event.
The impact of a cyber event on the owners and managers of small business, on C level executives of larger organisations and on sitting board members can be be devistating in a number of ways.
Loss of revenue, falling stock prices, fines and legal suits to name a few. They can have a significant impact on business capability as well as at an individual level.
The right compliance audit can show that you have done everything that is possible to protect the organisation from cyber crime and still be compromised.
We are all playing catch up.
We are at the beck and call of the cyber criminal.
So protecting the organisation at a strategic and tactical focus stops the knee jerk reactions of the events that we all hear about in the news and on the internet.
This is why a framework is so important.
For instance, the newest version of a ransomware variant is targeting a zero day exploit that was patched a couple of weeks ago.
This would not have any significant impact on an organisation who has a software patching policy in place and active. The patch for that exploit would have been applied in the patching process. Reducing the risk of that vulnerability being exploited.
Another example is 2 factor authentication for VPN log in. Two factor authentication works on the principle of username and password and a third component.
The third component only comes into play if the first two are correct. The third component can be an SMS to a phone or a 6 digit number on a fob. Put in the information and you have access.
Increased security, auditable and easy to use. It also increases the security of your business.
For more information on compliance sign up for our business security intensive using the NIST framework at a location near you.