Compliance and You
As a business owner, you have to look at the cost of every decision you make. Cutting corners may save a few dollars up front, but in the long run can have disastrous consequences. If you have an office space or warehouse, you need to get proper permits, do proper maintenance and be compliant to local laws or face steep fines. When hiring and dealing with employees, you have to follow rules, guidelines and laws set out or face fines and lawsuits. It is no different when dealing with the digital realm of your business. Lapsed security, improper record keeping, and inconsistent reporting can lead more than loss of revenue, it can lead to heavy fines and perhaps even criminal prosecution.
For companies such as financial services, banking, or medical companies, the data you are entrusted with is of utmost importance. Your customers give you access to their most vital information to utilize your services, and trust that it will remain safe, and if a breach does occur, they will be notified as quickly as possible. Breaches happen, how they are dealt
with can make the difference between understanding customers and heavy fines.
Equifax is one of the largest credit reporting agencies in the country, making their network ripe with information that could have dangerous consequences in the wrong hands. In 2017, they were breached, with over 150 million customer accounts being compromised. That wasn’t even the worst of their troubles. It was revealed that they were non-compliant in two areas. They knew about a vulnerability within their system and didn’t act on it, and also failed to alert their customers in a timely matter. The consequences? In 2019, they settled with the Federal Trade Commision to the tune of 700 million dollars.
Retail companies deal with hundreds to thousands of transactions a day. Part of their unspoken agreement with customers is that their credit card and personal data are secure. In the case of Home Depot, a breach cost them more than unhappy customers. In 2014, hackers used stolen credentials to get into Home Depot’s network. From there they stole over 50 million credit card numbers and email addresses. Due to their lack of compliance when dealing with their network and the breach, Home Depot was ordered to pay over 200 million dollars in restitutions and fines to it’s affected customers and financial institutions.
These are just a few examples of companies that have been hit with massive regulatory fines and fee’s for not maintaining proper security measures, not alerting customers in time, and other corner cutting measures. Most of these fines are levied by record, meaning the more records get breached, the more you pay. In fact, in the medical industry, the average cost per record is $439, meaning that even for smaller firms, the cost could be in the hundreds of thousands.
DIFFERENT TYPES OF COMPLIENCE
Now I’m sure in reading this and seeing these numbers, you understand the importance of compliance to your network, your business and your customers. However, identifying the areas that you need to maintain compliance in are not as easy to figure out.
HIPAA
For those of you in the Health and Human Services industry, you are familiar with this one. HIPAA stands for the Health Insurance Portability and Accessibility Act, and was established in 1996 as a way to protect consumers as the health care industry entered the digital age. With this was also the implementation of the HITECH or Health Information Technology for Economic and Clinical Health Act. Agencies are constantly auditing providers and there are mandatory minimum fines for those who fail to secure
data that could cripple your business. Not only is keeping up on your systems, security, and procedures the right thing to do for your business and customers,
it’s also the way to ensure you are on the right side of the law when it’s time for your audit.
PCI
Does your business handle credit cards? If so, you need to stay PCI compliant if you want to continue doing business with the major credit card providers and avoid fines. PCI fines are leveled monthly until your business is up to code and range form $5,000 to $100,000 dollars per month! PCI has twelve requirements that are separated into 6 groups. These groups are simply worded to avoid confusion as to what you need to do to maintain PCI compliance. They are:
1. Build and Maintain a Secure Network
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy
SOX
When it comes to your accounting and finances, SOX compliance is key to keeping out of the crosshairs of regulatory agencies. SOX refers to the Sarbanes Oxley Act of 2002, and was created to ensure that consumers were protected from improper reporting of financials and other accounting fraud. Much of SOX is about protection of digital data. As more companies move to the cloud, SOX compliance is increasingly more of a prevalent issue. Another facet of SOX is ensuring companies maintain financial transparency with the
public, ensure investors and customers are not mislead by hidden accounts and other shady accounting practices. This is not an area you want to be found non-compliant in, as not only could the fines be in the millions, but there is the potential to be incarcerated for being non-compliant.
HOW PARTNERING WITH AN MSP CAN HELP
Compliance and the laws surrounding it can be very tricky things. Just like tax codes and laws, these are living, everchanging codes that you do not want to be on the wrong side of. Having to personally stay on top of these codes and protocols can take time, cost money, and if you aren’t a tech expert, have a steep learning curve. This is where a strong partnership with a managed service provider, such as Delval Technology Solutions comes in. An MSP gives you an expert to aid you in approaching your compliance needs before they become compliance problems. They will train your staff, monitor your network and practices, and preform audits on your system similar to those done by the auditing agencies. They stay up to date and in the know on any changes to these laws and can implement necessary changes to your network to keep you up to date and compliant. An MSP can track tickets to keep a record of issues within the system to patch any needed holes and keep your data safe and your business up to date.
Remember, compliance requires diligence, oversight, and proper organization. While it may seem daunting, by keeping your network compliant and up to date, you can save yourself and your customers headache and heartache. Find a great partner like Delval Technology Solutions and make your network work for you, not against you, and never have to worry that your data is exposed.