“THE COST OF NON-COMPLIANCE IS GREAT. IF YOU THINK COMPLIANCE IS EXPENSIVE, TRY NON-COMPLIANCE.” FORMER U.S. DEPUTY
-ATTORNEY GENERAL PAUL MCNULTY
In the technology industry, compliance has turned into a buzz word. It is regularly thrown around and I frequently wonder if the topic is understood. Compliance is not a one size fits all standard, it’s not even something that you can continue to replicate across multiple areas. Depending on your industry, department, and position the compliance standards can vary greatly. If your primary focus isn’t compliance it can be a difficult environment to navigate.
At New Avalon Technology we focus on compliance as a guideline to help improve IT Security. We understand that it is not something that happens overnight. Compliance and Security are things we need to work on regularly and be better than we were yesterday. There are multiple compliance standards to help businesses navigate expectations more easily. They set a framework based on best practices to protect the business and the clients they represent. These are just frameworks and can be difficult to navigate and they can fall under international law, national law, state law, industry regulations, business contracts, and cyber insurance policies.
According to Fred Voccola, CEO of Kaseya, 78% of small businesses are expecting to invest in compliance as a service. However, less than 10% of MSP’s even offer compliance as a service in their product offerings. We have been working closely with our business partners toward compliance standards for years. We understand that requirements can stack up and that a doctor’s office not only needs to protect patient health information based on HIPAA but also needs to ensure that their payment processing is secure for PCI standards. Compliance is not optional as the lack of ensuring these requirements are in place can be costly. These costs can come in forms of fines, reputation, ransoms to cybercriminals, or increased cost in IT to resolve the issue.
Managing compliance requirements internally without a dedicated person is similar to managing any part of your business that isn’t what you excel in. Compliance is an on-going effort where we are continually auditing your network and looking for ways to improve. We help direct the policies and procedures that you need in place to secure your IT and ensure your employees are an asset and not a risk. Our constant monitoring and reviewing your network will help protect and prepare you for audits, investigations, lawsuits, or cyber-attacks.
Often we think as a business we are invincible. Every objection you have about how it will never happen to you can be countered by real examples of businesses that have just been through what they thought would never happen. Think you’ll never be audited? In early 2020 a one-doctor medical practice in the US was issued a penalty for failing to conduct a risk assessment. Did you know that the average cost of downtime related to a ransomware attack is $46,800?
Regardless of your industry, there is a compliance standard that should be followed. It is an unrealistic expectation to manage this on your own. We have a team dedicated to the multiple parts required to ensure we are tackling compliance from all angles network security, compliance reports, policies, and procedures that document how things are done based on what you want and need. Let us help achieve your goals.