Perimeter

2/3/2012
09:14 AM
50%
50%

Compliance And 'The Little Guys'

Small and midsize businesses often let the cost of compliance obscure important benefits

Compliance is not cheap. We all know that. But as a percentage of a company’s gross revenue, the work necessary for compliance is more expensive for small and midsize businesses (SMBs) than the big boys. This is a key reason so many SMBs’ compliance efforts are woefully inadequate.

Many SMBs fail to properly consider the cost of compliance when building or updating their business models. There is a lot of opportunity for this oversight because it can happen with so many different people: the owners, upper management, technical leadership, and sometimes all of them. Regardless of the cause, this inadequate planning leaves funding for compliance lacking. In most cases, this funding shortage is directly related to the manpower needed for the ongoing tasks required for proper industry compliance.

There is still a lot “the little guys” in business can do toward compliance, the first being to embrace the benefits of compliance. Avoiding or ignoring compliance is not viable option, because it is not a safe answer for your business.

Regardless of your industry, and even if you are never audited, noncompliant technical and business operations are typically at much greater risk for complicated and expensive problems. A data breach or a flawed back-up process can cost money, time, and even reputations. Organizations with a reasonable compliance effort have inherently better-protected business processes and technology. A commitment to compliance efforts may be forced business discipline, but it’s an important and healthy discipline.

For those SMBs that have acknowledged and accepted that their compliance efforts are inadequate, here are five tips for better compliance when resources are limited:

1. Make a list. The Web is filled with clear, easy-to-read lists highlighting the important areas of every compliance regulation, rule, and law. Find the lists that apply to your business, and then match the issues or requirements to your business.

2. Prioritize the list. With limited resources, you cannot address every issue immediately. And trying to do everything at once can be a chaotic approach ending with many important elements never addressed properly.

3. Take it one step at a time. Start at the top of your prioritized list, address it methodically to get it under control, and repeat. As the old joke goes, “How do you eat an elephant? One bite at a time.”

4. As you work through your list, be sure that you are working to make compliance part of your ongoing business processes, not something that will be implemented later. If compliance tasks are seen as extra work, staff (and this may include you) will adopt an attitude of “I’ll do that later when I have time” toward compliance, and it will fail to become a priority.

5. Once you get to the bottom of the list, start back at the top, and work to refine each item further. Each pass through the list will get easier and will better help you understand your own business operations better. You’ll find that the process gets faster, more efficient, and eventually becomes a routine part of your standard business operations. This is a good thing.

Most SMBs will be reluctant to attempt to become and remain compliant, often because of the perceived cost. They must understand that a committed, realistic, well-planned approach can provide benefit to their businesses far beyond that of simple compliance. They will learn more about exactly how they do what they do, which almost always means they will find a way to do it better. And make more money doing it.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
Most Malware Arrives Via Email
Dark Reading Staff 10/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375
PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376
PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
CVE-2018-18377
PUBLISHED: 2018-10-16
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
CVE-2018-17534
PUBLISHED: 2018-10-15
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.