Posts Tagged ‘IT compliance’

Maintaining Regulatory Compliance

Posted on: April 23rd, 2020 by jiml | No Comments

A part of doing business is complying with regulations. Regulations come from various places, primarily governments but also from industries. The major credit card providers teamed up to create the Payment Card Industry Data Security Standards (PCI DSS) as an example of an industry-led regulation. On the government side there are many. Most of you are familiar with HIPAA to protect health information, and each state has its own laws on the books to protect consumer data now that Alabama joined the ranks in 2018. There are a myriad of other regulations out there making it difficult for the average business to keep up.

What is the process for maintaining compliance? The first step is to have someone within your organization responsible for compliance. Some organizations are large enough or in an industry that supports a full-time compliance manager. Many organizations do not have the means or need for this. This is typical in the SMB market. Those SMBs should still appoint someone to take the lead. Think about partnering with an expert to help guide you through the compliance process. If your appointed person or team does not have the time to stay current with the regulations, this will be key.

Step two is to understand which regulations your organization needs to comply with. Are credit cards processed and therefore should PCI DSS be complied with? Does your organization do work with the Federal government and need to comply with NIST 800-171 or perhaps the European Union and need to comply with GDPR? Do you know your state PII (Personally Identifiable Information) statute? Knowing exactly what your regulatory requirements are is a must. Not knowing the law is not an excuse for non-compliance. (if it were, I would never get a speeding ticket!)

Now that you have identified the regulations your organization needs to comply with, the process for compliance is the same regardless of the regulation. Assess-Mitigate-Maintain.

Assess: Evaluate where you are currently versus the regulation requirements. (Think gap analysis)

Mitigate: Address the short-comings or gaps to meet the standards of the regulation.

Maintain: Develop a plan to maintain compliance going forward.

You cannot be complaint without documentation. Colden Company has programs in place to help businesses with PCI Compliance, HIPAA and we also have a program to meet the NIST Cyber Security Framework (CSF) and provide the necessary documentation. NIST CSF is an excellent framework to follow since many state PII regulations are loosely based on that framework. If your organization does business in several states, following the NIST CSF is a great place to start for compliance. It will meet most states regulations and show that your organization is taking steps to willfully comply.

Would you like to discuss your specific requirements? Give Colden Company a call at (888) 600-4560 or email us at info@coldencompany.com and let our team of experts put you on a path to compliance.

Keeping Up With Security

Posted on: February 24th, 2020 by jiml | No Comments

It is 2020. Wow.  It seems like just yesterday we were preparing for Y2K.  The cyber world is a very different place than it was twenty years ago.  In 2000, there were 361 million Internet users.  Today there are well over four billion. Some of those four billion are bad actors, creating viruses and malware. I bet your data security is not the same as it was twenty years ago.  What if we framed that differently and asked if your defenses are different than they were three or four years ago? Do you have the same answer?  The security threats have changed dramatically over that time, from sophisticated ransomware threats, to malware that mines for bitcoin for the bad guys. Your defenses have to keep up with the new threats.

Ransomware continues to be a real threat.  According to a recent study by Datto, there is a very large gap between how the threat of ransomware is perceived by businesses versus those working in the technology field. 89% of Managed Services Providers feel Ransomware is a significant threat to small and medium sized businesses, while only 28% of small and medium sized businesses perceive Ransomware as a significant threat. The folks that deal with security are much more concerned about it, perhaps the business world should take note and ensure they are protected against this threat.

Also changing is the need for compliance. Many states have recently expanded their laws regarding the protection of private data.  California, New York among others have updated their laws to provide better protection of private data ….and increased fines for businesses that do not take the proper precautions. As of 2018, all fifty states have something on the books for protecting personal identifiable information.  Do you know your state’s regulation?  Are you meeting the standards?  Are you aware of the fines?

In a changing world, staying current with the cyber world AND the regulations and compliance issues that affect your business are important.  Studies have repeatedly shown that businesses that keep up with technology outperform those that do not.  How do you stack up? Do you know? Here at Colden Company, we can provide an assessment of where your business stands and recommend measures to safeguard against today’s threats.

If you have any questions about this or want to get an early release of the browser, please feel free to reach out to us at (888) 600-4560 by phone, or info@coldencompany.com via email.