Chris Ogden, CEO of RubiBlue, digs into the intricacies of compliance and looks at how this can become a part of the corporate culture.
Compliance has become an important part of the business conversation. It spans security, data, regulation, legislation, internal processes, information handling and so much more. It’s the platter that holds a thousand different details and each one has to be managed carefully to ensure that the business remains aligned with regulations, is protected from unplanned vulnerabilities, and is prepared for whatever the future may hold. This sounds dramatic. But the reality is that a security breach can cost the company millions and its reputation.
But first. What does compliance actually mean? Is it compliance with regulations such as the GDPR or POPIA? Or is it compliance with security mandates and strictures as outlined by a specific sector or industry body? Or is it compliance within internal mandates and processes as defined by stakeholders, regulations and industry bodies?
Today, compliance is most often used in conjunction with security. It is the terminology that defines a company’s cybersecurity policy, mandates and investments. It is also very closely aligned with stringent regulations mapped out in protection of personal information acts like POPIA and GDPR – and these are just two of more than 140 acts worldwide.
Compliance is also more than ticking boxes, slapping on some security protocols and hoping for the best. As McKinsey points out, security and compliance are becoming central to the core products and services offered by most organisations. This is because companies are now held responsible for how well their systems protect the data and information entrusted to them by their customers, and because cybercriminals are becoming incredibly smart, innovative and, unfortunately, successful.
The cost of a breach, according to the IBM’s Cost of a Data Breach Report 2021, is around $3.86 million and if this breach is then found to be in violation of PoPIA regulations, then you can add another R10 million on top of that. Then there’s the reputational damage that your business will enjoy as a result of a successful breach.
According to Bitdefender, nearly 70% of consumers don’t trust companies with their data and 56% believe that the business should play a more active part in protecting the data. Add to this tasty pile of nasty statistics is the fact that cyberattacks are getting worse.
The Allianz Risk Barometer has found that companies are more worried about ransomware attacks and data breaches than they are about natural disasters or the pandemic. Probably because, as another report released by Positive Technologies, found that 93% of company networks can be penetrated by a cybercriminal.
Companies need to put security plans in place today. Right now. The risk is too great to potentially leave holes in digital infrastructure that allow for cybercriminals to get in, wander around, and destroy your organisation’s reputation and hard work.
Here are some steps that you can take, right now, to put your business on a stronger foundation and protect against the digital threat:
* Identify your landscape and potential gaps – this means you need to focus on what your business looks like, right now, and what your business needs to address in order to remain secure. Hire a hacker and offer them an incentive to get into your system – they will try their best to penetrate your systems and you will get a ton of invaluable insights in return.
* Consistently focus on your security – this isn’t something you do once and then leave to moulder in a corner. Security has to be part of the wider business strategy and something that you do consistently. This includes ongoing training of employees to ensure they understand the impact of security and make informed digital choices.
* Update everything, all the time. Leading software manufacturers and device manufacturers release updates to their systems all the time. Use these updates, make it mandatory for everyone to install these updates, and don’t stop checking for updates. Some of the most devastating hacks in recent times have been because of a vulnerability in a poorly updated system.
* Have a task team. This team is focused on monitoring your threat landscape constantly and will also be responsible for notifying you, and your customers, if there has been a successful breach. It’s absolutely essential that you are upfront and transparent in the event of an attack and that you take ownership of addressing the situation from start to finish.
* Compliance is a set of rules. Create them, evolve them, adhere to them. Instead of seeing compliance as a tedious checklist that has to be obeyed, rather see it as a tool that helps your business stay secure and prepared, and ahead of the digital game.