Data security compliance has been coming after you for a while. It’s now picking up speed whether you like it or not. A couple of years ago the European Union issued GDPR to help protect citizens’ data rights. Companies that have any data from individuals who reside in the EU fall under this mandate, even if it’s just a simple online form. California, New York, and several other U.S. states have implemented similar consumer (including B2B buyers) data protections. Many think that the mandates don’t pertain to them because they aren’t big tech. If you have customers or prospects in any of those geographies and maintain data on them, you now must make efforts to protect their data or face significant fines. The U.S. government is also looking to push federal compliance out that will affect all companies.
The SMB data security compliance squeeze will be upon us sooner than we may think.
No one likes to be told what to do, especially from some invisible governmental entity. The reality is most companies are woefully neglecting IT security mandates like NIST, HIPAA, PCI, and others. Consumers have had enough and the government is responding.
Without [compliance], many organizations wouldn’t have security controls in place, and there would be no consistency of standards among the protocols being used… compliance has created a level playing field that all organizations are expected to meet when it comes to protecting sensitive data…evaluate compliance not as an expense, but as a money saver. Sure, managing compliance takes resources, but it’s nowhere near as expensive as the costs associated with a breach.
Paul Koziarz, President and General Manager of Regulatory Compliance at CSI
Too often companies choose to do nothing because putting a head in the sand is easier in the short term than implementing a solid data security framework that provides a straightforward path to compliance. I also hear more than I care to, “Cybersecurity is already too expensive, and obtaining data compliance would be even more expense on top of that.” The fact is that with the right plan and the right help, you can have a robust cybersecurity platform and be compliant for far less than you may think. Smart companies are using data protection to demonstrate trust whether online or off. One thing is for sure, the proactive investment is a fraction of the financial havoc wreaked on your organization in the event of a security break. And, that’s just the out-of-pocket remedial costs, not the impact that a breach will have on your business and reputation.
Make no mistake the squeeze is coming. For my money, it makes more sense to prepare now while you’re in control than later when the government is.
If you want some recommendations or advice, please contact me. I’ll be glad to give you the names of some of the tools our client’s leverage. Shoot me an email (jahlberg[at]waident.com) or give me a call (630-547-7011)
(NOTE: We do NOT share our tool names via our posts. Cybersecurity best practices recommend NOT to because doing so creates unneeded risks as hackers are always searching for vulnerabilities).