March has been all about IT security and compliance inquiries – and it’s a good thing. This month alone, there’s been over 2 million documented cases of data breaches and cyber attacks – and that’s just the ones that have been reported!
It seems that cyber criminals have shifted their focus to ransomware and data breaches. Why? Well, the financial opportunity for hackers is enormous.
There’s a general lack of security precautions being implemented and enforced throughout companies, leaving a ton of personal information and corporate data vulnerable to attacks.
What’s most interesting is that I’ve had conversations about IT security and compliance with a wide range of professions – but surprisingly, not with the CEOs or Presidents of those organizations.
The people reaching out are CPAs, operations managers, private equity firms, insurance agencies, and IT departments.
CPAs are always looking out for their clients. One area they generally keep tabs on is risk potential. In turn, they ask companies like us to assess security for clients they think might be exposed.
Private equity firms and M&A (merger & acquisition) teams are assessing risk as part of due diligence to complete their transactions. Security is a major concern for them. Evaluating security helps them see and understand two things: 1) the priority the selling company has put on keeping data safe, and 2) the future investment they may need to make to stay secure.
Insurance companies and enforcement agencies now request compliance audits regularly. PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act) regulations affect millions of businesses, as well as you and me personally.
Any company that takes credit cards, especially online, must be PCI compliant. Failure to comply puts companies at risk for major fines, or worse – a data breach. A PCI compliance assessment is a small price to pay to uncover potential vulnerabilities and gain peace of mind.
It’s no secret that the healthcare industry has some of the most intense compliance regulations currently in place. Personal medical information must be protected with great diligence. The challenge with HIPAA compliance is that it’s a combination of administrative and IT best practices. Luckily, many of the requirements are easy – like enforcing complex passwords. Some simple changes can bring healthcare companies into compliance and can save them a ton of regulatory hassle.
Third-party security assessments for all types of businesses are also on the rise. The challenge of managing IT security has bubbled up to an unmanageable level for many small IT departments. IT departments work very hard every day – keeping users working, and the systems running is very demanding, and quite frankly, thankless. Digging into the depths of security protocols is time-consuming and technical, so it’s not enough to assume security basics are being taken care of by the IT department.
Security assessments can be performed in short order, and they don’t break the bank. If there’s exposure, most executives would rather know the risk than be surprised.
Security processes are no joke in the crazy-connected world we live in. So, don’t leave your security to chance.
Have a great April!
Marty
Related: Request a Cybersecurity Assessment