Perimeter
2/3/2012
09:14 AM
50%
50%

Compliance And 'The Little Guys'

Small and midsize businesses often let the cost of compliance obscure important benefits

Compliance is not cheap. We all know that. But as a percentage of a company’s gross revenue, the work necessary for compliance is more expensive for small and midsize businesses (SMBs) than the big boys. This is a key reason so many SMBs’ compliance efforts are woefully inadequate.

Many SMBs fail to properly consider the cost of compliance when building or updating their business models. There is a lot of opportunity for this oversight because it can happen with so many different people: the owners, upper management, technical leadership, and sometimes all of them. Regardless of the cause, this inadequate planning leaves funding for compliance lacking. In most cases, this funding shortage is directly related to the manpower needed for the ongoing tasks required for proper industry compliance.

There is still a lot “the little guys” in business can do toward compliance, the first being to embrace the benefits of compliance. Avoiding or ignoring compliance is not viable option, because it is not a safe answer for your business.

Regardless of your industry, and even if you are never audited, noncompliant technical and business operations are typically at much greater risk for complicated and expensive problems. A data breach or a flawed back-up process can cost money, time, and even reputations. Organizations with a reasonable compliance effort have inherently better-protected business processes and technology. A commitment to compliance efforts may be forced business discipline, but it’s an important and healthy discipline.

For those SMBs that have acknowledged and accepted that their compliance efforts are inadequate, here are five tips for better compliance when resources are limited:

1. Make a list. The Web is filled with clear, easy-to-read lists highlighting the important areas of every compliance regulation, rule, and law. Find the lists that apply to your business, and then match the issues or requirements to your business.

2. Prioritize the list. With limited resources, you cannot address every issue immediately. And trying to do everything at once can be a chaotic approach ending with many important elements never addressed properly.

3. Take it one step at a time. Start at the top of your prioritized list, address it methodically to get it under control, and repeat. As the old joke goes, “How do you eat an elephant? One bite at a time.”

4. As you work through your list, be sure that you are working to make compliance part of your ongoing business processes, not something that will be implemented later. If compliance tasks are seen as extra work, staff (and this may include you) will adopt an attitude of “I’ll do that later when I have time” toward compliance, and it will fail to become a priority.

5. Once you get to the bottom of the list, start back at the top, and work to refine each item further. Each pass through the list will get easier and will better help you understand your own business operations better. You’ll find that the process gets faster, more efficient, and eventually becomes a routine part of your standard business operations. This is a good thing.

Most SMBs will be reluctant to attempt to become and remain compliant, often because of the perceived cost. They must understand that a committed, realistic, well-planned approach can provide benefit to their businesses far beyond that of simple compliance. They will learn more about exactly how they do what they do, which almost always means they will find a way to do it better. And make more money doing it.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

CVE-2015-0915
Published: 2015-05-21
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.