Perimeter
2/3/2012
09:14 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Compliance And 'The Little Guys'

Small and midsize businesses often let the cost of compliance obscure important benefits

Compliance is not cheap. We all know that. But as a percentage of a company’s gross revenue, the work necessary for compliance is more expensive for small and midsize businesses (SMBs) than the big boys. This is a key reason so many SMBs’ compliance efforts are woefully inadequate.

Many SMBs fail to properly consider the cost of compliance when building or updating their business models. There is a lot of opportunity for this oversight because it can happen with so many different people: the owners, upper management, technical leadership, and sometimes all of them. Regardless of the cause, this inadequate planning leaves funding for compliance lacking. In most cases, this funding shortage is directly related to the manpower needed for the ongoing tasks required for proper industry compliance.

There is still a lot “the little guys” in business can do toward compliance, the first being to embrace the benefits of compliance. Avoiding or ignoring compliance is not viable option, because it is not a safe answer for your business.

Regardless of your industry, and even if you are never audited, noncompliant technical and business operations are typically at much greater risk for complicated and expensive problems. A data breach or a flawed back-up process can cost money, time, and even reputations. Organizations with a reasonable compliance effort have inherently better-protected business processes and technology. A commitment to compliance efforts may be forced business discipline, but it’s an important and healthy discipline.

For those SMBs that have acknowledged and accepted that their compliance efforts are inadequate, here are five tips for better compliance when resources are limited:

1. Make a list. The Web is filled with clear, easy-to-read lists highlighting the important areas of every compliance regulation, rule, and law. Find the lists that apply to your business, and then match the issues or requirements to your business.

2. Prioritize the list. With limited resources, you cannot address every issue immediately. And trying to do everything at once can be a chaotic approach ending with many important elements never addressed properly.

3. Take it one step at a time. Start at the top of your prioritized list, address it methodically to get it under control, and repeat. As the old joke goes, “How do you eat an elephant? One bite at a time.”

4. As you work through your list, be sure that you are working to make compliance part of your ongoing business processes, not something that will be implemented later. If compliance tasks are seen as extra work, staff (and this may include you) will adopt an attitude of “I’ll do that later when I have time” toward compliance, and it will fail to become a priority.

5. Once you get to the bottom of the list, start back at the top, and work to refine each item further. Each pass through the list will get easier and will better help you understand your own business operations better. You’ll find that the process gets faster, more efficient, and eventually becomes a routine part of your standard business operations. This is a good thing.

Most SMBs will be reluctant to attempt to become and remain compliant, often because of the perceived cost. They must understand that a committed, realistic, well-planned approach can provide benefit to their businesses far beyond that of simple compliance. They will learn more about exactly how they do what they do, which almost always means they will find a way to do it better. And make more money doing it.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web