After a year of high profile cyber-security breaches, the 2015 FTSE350 Cyber Governance Health Check found 89% of board members of Britain’s leading companies regarding cyber risks as ‘moderately or extremely important’ and over 58% expecting the risk to increase over the next year. Regulatory compliance for IT can be an expensive undertaking, but it will definitely cost less than the fines, time and lost revenue that comes with a cyber security breach.
Even if your company has an information security policy in place, they need to make sure all employees are following it – and they need to keep that policy up to date. Sony could have saved themselves a lot of money (and a huge public embarrassment) if their own IT director was as concerned about information securityas George Clooney was. One of the lawsuits filed by ex-Sony employees alleged that “despite weaknesses that it has known about for years, Sony made a ‘business decision to accept the risk’ of losses associated with being hacked”, a terrible decision which continues to cost them a lot of money.
Companies that follow the regulations set out by external organizations are more secure, more likely to survive any investigation and they get all the benefits of being compliant, including protecting their reputation. First though, you need to understand what your company’s specific IT weaknesses are, and what cyber threats are would affect your overall business strategy. If you try to meet regulations and policies without considering what needs to be applied for your circumstances it will end up costing more in the long term and of course working less effectively.
Many companies have to deal with an array of different policies and regulations regarding IT and data, which is challenging for any business especially if the IT staff changes or if the company outsources its IT systems and lacks a good understanding of tech issues. Some compliance rules need data to be kept for a specific period of time and then deleted – if there’s no permanent, long term IT staff it can be easy for time sensitive data storage situations to be forgotten.
The most important thing to make regulatory compliance work is evaluation and assessment. If you don’t understand where your company’s IT weaknesses are, it’ll be nearly impossible to implement the best practices. The 2015 FTSE Cyber Governance Health Check says over 90% of UK company board members think they have “a clear or acceptable understanding” of what their companies key information and data assets are – but 65% of them “rarely or never review” their data assets and information to “confirm the legal, ethical and security implications of retaining them”.
If you’re unsure whether your organization’s processes are compliant and your data is safe, contact Kind Consultancy and we’ll connect you to an expert to give your company a tech security health check. It’s not just ‘better’ to be safe than sorry, it’s also more profitable.
[This article originally appeared on Lynsey’s LinkedIn.]