With Thanksgiving 2018 season upon us, this article will focus on 1 predominate question, “What is our VP of Compliance Thankful for This Year?”
Sometimes it’s easier to focus on what we don’t have, rather than what we do have. It’s important to take time out and remember all the things to be thankful for that many of us take for granted. This year, I am thankful for:
- Compliance as a Service (CaaS)
- Strong Passwords
- All 50 States Mandatory Breach Reporting
- Information Security Risk Analysis
- Bring Your Own Device Policies
- Penetration Testing
- Encrypted Electronic Communications
- Corporate Compliance Training
- Great Employees
- Unbeatable Clients
Compliance as a Service (CaaS)
IT projects fluctuate – both in calendar time and the resources needed. Therefore, bottleneck issues are common, and it is difficult to maintain a flexible setup with the available resources for both ongoing IT compliance tasks and for developing the business processes and IT services.
Compliance gaps can originate from many different causes. However, the increasing complexity in the IT system landscape and related IT processes has challenged the ability to be in compliance and have a consistent and standardized qualification and validation approach across an organization. It can be equally difficult for companies to keep up with IT best practices and IT related regulatory requirements and legislation.
Due to increasing regulatory demands, IT compliance has become more time and resource consuming, and the cost has become a significant part of the total IT expenses. Therefore, I am very thankful that Digital Edge has been able to streamline this process for our clients, creating an effective and fiscally responsible solution to your IT compliance needs!
Did you know that one of the top causes of a breach is a weak or easy to guess password? The news is constantly reporting of data breaches in various industries, including healthcare. A strong password is the easiest way to protect yourself and your organization from malicious attacks. A strong password is one that at a minimum:
- Is 8 characters in length
- Is difficult to guess
- A combination of alphabetic, mixed case, numeric and punctuation characters
I also suggest having a mandatory lock out for 30 minutes after 5 failed password attempts, changing passwords every 90 days, and to never repeat an old password.
All 50 States Mandatory Breach Reporting
All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.
Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc.); definitions of “personal information” (e.g., name combined with SSN, driver’s license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information). For a list of those laws, check out my other article here!
Information Security Risk Analysis
Information Security Risk Analysis should be conducted, at a minimum, on an annual basis. It is essential for companies to continue to review, correct or modify, and update security protections. While checklists are helpful for organizations, they are lacking in meeting the requirements for a systematic risk analysis. Think of security risk analysis as an action plan for protecting data privacy, and a process of identifying and examining potential threats and vulnerabilities to your companies most critical information. This is arguably the most important step an organization can take towards implementing safeguards that mitigate or lower risks. If you need help with your Risk Analysis process, please let us know. For more information on becoming a Risk Driven Information Technology Organization – click here!
Bring Your Own Device Policies
The use of mobile devices, cell phones, smartphones, and tablets has become commonplace within the workplace. Most companies would agree that there is a pressing need to support the Bring Your Own Device (BYOD) movement, but many are confronted with finding real-life BYOD solutions. A BYOD policy is an opportunity to maximize employee satisfaction and productivity, but care must be taken to create a secure environment for users of personal devices in the workplace. If you have any questions about creating a BYOD policy for your organization, please let us know.
Penetration Testing (Pen Testing) is an authorized exam that measures the security of an IT system by safely exploiting all its vulnerabilities; mostly to evaluate and expose any flaws within the system. It is important that organizations have pen tests because it exploits all the weaknesses in the system allowing companies to fix them before it’s too late. It helps prevent any future attacks and protects a company’s data.
Today’s increasingly sophisticated IT security attacks can take many forms and can have major consequences; some of which include businesses being robbed of confidential information and data, operations being compromised, and the systems that control crucial infrastructures can be disrupted. Overall, one security attack can destroy a business; therefore, it is very important for businesses to have their regular penetration tests.
Pen tests simulate a real attack against your infrastructure in a controlled environment, allowing our support team to evaluate your system’s capabilities to avert such an attack. They are carried out using the same techniques as an attacker, creating multiple scenarios in which a business might be exploited.
At the end of the test, they verify if your servers or applications will be able to resist hostile attacks; and if the vulnerabilities found can lead to further intrusion and exploitation.
Pen tests will allow you to understand your current security position and provide you with recommendations on how to improve your defense against vulnerabilities that can lead to intrusions, fraud and service interruptions. For more information on the benefits of a Digital Edge Pen Test, click here!
Encrypted Electronic Communications
Encrypted email is considered safe and provides adequate protection of information being sent and received electronically. Encrypted email has several benefits such as hiding the content from an eavesdropper, the use of a digital signature mechanism and the use of a secret private key to decrypt messages. Encryption is preferred when communicating electronically. For more information on how Digital Edge can assist you with implementing Email Encryption, contact us now! STACEY CONTACT US PAGE
Corporate Compliance Training
No matter what industry your organization is in, corporate compliance is an essential part of operations. What is corporate compliance? Simply put, corporate compliance is the process of making sure your company and employees follow the laws, regulations, standards, and ethical practices that apply to your organization.
Effective corporate compliance will cover both internal policies and rules and federal and state laws. Enforcing compliance in corporate policy will help your company prevent and detect violations of rules. This can save your organization from fines and lawsuits.
Corporate compliance also lays out expectations for employee behavior, helps your staff stay focused on your organization’s broader goals, and helps operations run smoothly.
For any organization, initial training and education on Corporate Compliance should be completed during the orientation process for new employees and all employees should complete annual refresher training thereafter. This process should be ongoing. Most organizations establish a corporate compliance program to help govern policies and compliance. For assistance establishing this program reach out today!
Every year, I am grateful for all Digital Edge’s employees, they are helpful, friendly, experienced and knowledgeable. They truly care about the work they do and are passionate about making a difference for our clients. From account changes to compliance questions, from delivering SLAs to unparalleled customer service, they are only a phone call or email away so don’t hesitate to reach out for any reason.
I don’t mean to brag but at Digital Edge, we have the greatest clients in the world. We have organizations of every specialty, size, and location. Each one challenges us and helps us improve ourselves, our products, our knowledge and our company every day. Most of all this year, I am thankful for the opportunity Digital Edge has to serve you and help make your company more successful. Please let us know if there is anything we can do to help.
With that being said, I hope you all have a happy and healthy Thanksgiving Season this year!