Cyber Security: No longer just for regulated businesses
We all understand the fundamentals of business and the importance of customer service or quality in operations or accuracy in accounting. They have all played a role in the sustainability of our firms. But now there’s a new player in this mix, the 21st Century version of these core competencies: cyber security.
Businesses that have had to follow existing regulations understand the need for security. The health care sector, for example, has HIPAA and the HITECH regulations to protect patient privacy in the age of digital patient records, while the credit card industry has PCI regulations intended to protect cardholder information. Up to now, cyber security regulations have been spotty, targeting only certain sectors of the economy. But that’s about to change with an onslaught of pending federal and state laws that not only address procedures on breach notifications, but also proscribes what you need to do to protect against data breaches. In short, if you’re not already operating under some form of regulation, you soon will be. In fact, you probably are already, know it or not.
But whether your business is highly regulated or not, businesses can all benefit from embracing best practices that also meet regulatory requirements. Here’s why.
You’re going to be directly impacted by new regulations.
While there are state-by-state laws regarding breach notifications, there are pending laws that will affect any business that has individuals’ information, including sales and marketing lists. It doesn’t matter why you have the information or what you do with it.
Regulations are going to address what you’re doing to protect sensitive information from unauthorized access by bad actors. And since the bad guys aren’t in the U.S., there’s very little we can do to them. So the laws aren’t about protecting you from the bad actors, but rather about protecting the individuals whose data you possess. In other words, the laws are about protecting other people from you when you have been breached!
Your B2B customers will impose their additional requirements on you.
If you’re a B2B company, your business customers are going to be asking you to follow the same set of rules or policies they have to follow or have set up for themselves. In effect, your customers are expecting you to be as secure as they intend to be.
Government is a proxy for your B2C customers. Your B2B customers will speak for themselves.
There are other existential threats directly to your business.
With security, there are threats that, while they do not put you in direct violation of regulations, represent existential threats to your business including loss of funds and literally being shut down because bad actors have frozen your IT assets until you pay the ransom.
Like any of the legacy core business practices, security should be treated as a virtue, improving the very sustainability of your business with the added benefit of legal compliance.
True protection begins with using cyber security as a fundamental piece of your entire risk management process. It requires commitment from the business leadership to address it, to make plans and policies around it and to talk to your work force about cyber security being everybody’s business. And while there are multiple cookbooks for security best practices, we encourage you to find an expert to ensure that your security needs are understood and your security program is meeting your business needs.