Which is more important, compliance or security? Which comes first, or should come first, in a company’s considerations?
Security would seem to be the obvious, as well as the predominant answer. It’s what you use to encrypt and protect your data, after all. It’s as straightforward as that, and should be a major, if not the predominant, consideration in a company’s risk analyses and strategies.
Compliance, meanwhile, is like an ever growing plant. New regulations and standards are constantly coming out, always changing in order to tackle new issues that are perceived to merit new rules. Not to mention, any number of minute, seemingly insignificant actions can suddenly make your previous compliance null and void: Wow, look how hard you just worked to finally become compliant. That took an entire day of scrambling and unplugging wireless routers. I guess it’s finally time to plug them back in—Oh, crap, you just created a hotspot. Plug in your phone or personal laptop? That’s a new hole in your network. Send out an unencrypted email with someone’s personal information from, say, Salesforce? Oops, data breach.
There are so many easy ways like these to disrupt your compliant status. It doesn’t help that compliance itself is often so complicated that even those whose business it is to know about it can’t fully wrap their minds around it. In fact, this leads me to an often overlooked aspect of this whole subject that should really receive more attention: Education. Those potential violations-of-compliance that I mentioned before? I didn’t know about them myself until I was told—and it’s an ignorance that many, if not most employees share. Rather than focusing strictly on compliance, then, perhaps companies should put an emphasis on training employees so they become conscious of what constitutes a breach, or a negation of compliance, and how to avoid these dangerous bumps in the road.
Once that educating structure is in place, companies can tackle these two other facets without having to worry about an avoidable accident disrupting their efforts.
No comments:
Post a Comment