Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

5/8/2012
09:13 AM
50%
50%

Screw Compliance, We're Trying to Survive

In tough times, compliance efforts may seem optional

I have a healthcare-related client for which we develop custom software and database programs. It is a relatively small company, but it has a growing national presence. Nice people.

The CEO is what I consider an accidental entrepreneur. She has a great work ethic, knows her industry, and has innovative services of great value to her clients. But she never prepared to run and grow a business. As with many leaders of small and midsize businesses, knowing how to do something can be very different from knowing how to run a business that does that thing.

As my team worked on software projects, we noticed a number of clear HIPAA compliance issues unrelated to our work. I suggested to the CEO that we could provide a HIPAA assessment and action plan to address issues in a cost-effective manner. She admitted the company had issues it needed to address, but she sighed and said she had to focus all of her resources on revenue generation. She wanted to address these issues, but said they would simply have to wait.

As an entrepreneur and investor in start-up companies, I get it: starting and growing a business can be a bit sloppy at times. I even consider this to be normal. Young companies often have too few staff doing too many different jobs. Too little is documented, and deferring expenses can be critical just to survive.

So what is such a struggling or growing company to do? I believe it starts with leadership. A business culture of proper, measured risk management leads to the foundation successful businesses can build on. Compliance cannot be treated as an add-on to work. It must be a normal fact of life, addressed in each new process and with each new employee. And it must be continually supported and reinforced.

This approach does not have to be expensive. In fact, when thoughtful leaders build their companies with a focus on the future, they ingrain their work processes and work culture with the tools that inherently reduce risk and naturally build compliant systems. In the long run, this is less expensive, too.

Even businesses (or departments) without such a foundation can implement a plan that methodically builds a new foundation. But it takes discipline, focus, and leadership. That leadership ideally comes from the CEO or COO, but it can also come from thoughtful leaders within departments who add business value through culture and execution.

Times are tough for many business organizations. But I contend that by using compliance requirements as a guide, even gradually, many businesses can become stronger and more valuable without breaking the bank (or themselves).

Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand risks within. He is the author of the book Nerd-to-English and you can find him on twitter at @NerdToEnglish.

Glenn works with business leaders who want to leverage technology and understand the often hidden risks awaiting them. The Founder and Sr. Consultant of Forte' Incorporated, Glenn and his team work with business leaders to support growth, increase profits, and address ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DWEBER460
50%
50%
DWEBER460,
User Rank: Apprentice
5/14/2012 | 7:21:37 PM
re: Screw Compliance, We're Trying to Survive
Your comments are spot on. Compliance definitely-begins with good leadership who encourage top of mind awareness. Also, when instituted properly, compliance should be-a small part of the day to day efforts of the organization and not a major undertaking when the epiphany occurs.- Unfortunately the latter is most often the case however. Xeneros proivides license and credential tracking services for the insurance and healthcare industries and our most successful service (not part of the original business)-is our compliance audit becuase so many companies have not taken the time to implement good license management practices.-
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...