Perimeter
2/3/2012
09:14 AM
Connect Directly
RSS
E-Mail
50%
50%

Compliance And 'The Little Guys'

Small and midsize businesses often let the cost of compliance obscure important benefits

Compliance is not cheap. We all know that. But as a percentage of a company’s gross revenue, the work necessary for compliance is more expensive for small and midsize businesses (SMBs) than the big boys. This is a key reason so many SMBs’ compliance efforts are woefully inadequate.

Many SMBs fail to properly consider the cost of compliance when building or updating their business models. There is a lot of opportunity for this oversight because it can happen with so many different people: the owners, upper management, technical leadership, and sometimes all of them. Regardless of the cause, this inadequate planning leaves funding for compliance lacking. In most cases, this funding shortage is directly related to the manpower needed for the ongoing tasks required for proper industry compliance.

There is still a lot “the little guys” in business can do toward compliance, the first being to embrace the benefits of compliance. Avoiding or ignoring compliance is not viable option, because it is not a safe answer for your business.

Regardless of your industry, and even if you are never audited, noncompliant technical and business operations are typically at much greater risk for complicated and expensive problems. A data breach or a flawed back-up process can cost money, time, and even reputations. Organizations with a reasonable compliance effort have inherently better-protected business processes and technology. A commitment to compliance efforts may be forced business discipline, but it’s an important and healthy discipline.

For those SMBs that have acknowledged and accepted that their compliance efforts are inadequate, here are five tips for better compliance when resources are limited:

1. Make a list. The Web is filled with clear, easy-to-read lists highlighting the important areas of every compliance regulation, rule, and law. Find the lists that apply to your business, and then match the issues or requirements to your business.

2. Prioritize the list. With limited resources, you cannot address every issue immediately. And trying to do everything at once can be a chaotic approach ending with many important elements never addressed properly.

3. Take it one step at a time. Start at the top of your prioritized list, address it methodically to get it under control, and repeat. As the old joke goes, “How do you eat an elephant? One bite at a time.”

4. As you work through your list, be sure that you are working to make compliance part of your ongoing business processes, not something that will be implemented later. If compliance tasks are seen as extra work, staff (and this may include you) will adopt an attitude of “I’ll do that later when I have time” toward compliance, and it will fail to become a priority.

5. Once you get to the bottom of the list, start back at the top, and work to refine each item further. Each pass through the list will get easier and will better help you understand your own business operations better. You’ll find that the process gets faster, more efficient, and eventually becomes a routine part of your standard business operations. This is a good thing.

Most SMBs will be reluctant to attempt to become and remain compliant, often because of the perceived cost. They must understand that a committed, realistic, well-planned approach can provide benefit to their businesses far beyond that of simple compliance. They will learn more about exactly how they do what they do, which almost always means they will find a way to do it better. And make more money doing it.

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.