News

Acropolis July 2014 Newsletter

Read More

< MORE NEWS

Understanding How Security Compliance Impacts Your Business

Our ever-expanding online world requires constant vigilance to keep cyber criminals at bay. As new systems and software updates happen, hackers are hard at work searching for security flaws to break into networks and compromise data.

While this is nothing new, the increasing number of data breaches as of late has made security a hot topic of discussion and warrants concern for any individual or business that accesses, transmits or stores sensitive data over the Internet. The Heartbleed vulnerability that came about in early April is a perfect example of why it is critical to use strong passwords and protect your network.

Such incidents have caused the Security Exchange Commission (SEC) to ramp up regulatory requirements in 2014 which apply to the majority of companies that conduct business online. Lack of security compliance can be a costly oversight and detrimental to any business. In addition to losing valuable customers and jeopardizing one’s reputation, if audited and unable to prove compliance, a business could be subject to expensive fines and sanctions.

Some industries have more risk due to the sensitive information they deal with, and thus require tighter security regulations. Emerging privacy rules and compliance regulations have very specific requirements for what data needs to be stored, and where.

Financial Service Providers and Accounting Firms, for instance, are mandated by FINRA (Financial Industry Regulatory Authority) and SOX (Sarbanes-Oxley Act) to back up and secure any electronic communication with reasonable disaster recovery infrastructure. Healthcare providers that store or transmit e-health records are subject to HIPAA requirements and penalties. Any company that transmits credit card data over the internet must follow PCI requirements.  Regardless of the line of business, most customers, clients, patients are now educated on security and request proper documentation to ensure their private information is handled with care.

Security compliance is a major reason most businesses today are placing technology at the forefront of their business strategy. As a result, cloud services providers are taking steps to ensure their services coincide with clients’ and prospects’ unique needs. It’s simply not enough anymore to manage systems and ensure they run smoothly. When companies outsource IT and other business processes they seek a strategic partner whom they can trust; a partner whose security controls are rigorously tested so that data is protected and not exposed to undue risk.

With cybercrime being at an all-time high, the cloud may seem like a vulnerable place for your data.  However, most cloud service providers are measured against even tighter regulatory standards than their customers requiring their data centers to be more secure than most on-premise networks.

The SSAE 16 Type II (Statement on Standards for Attestation Engagements No. 16) is an audit performed on cloud service providers to ensure their data center, internal processes and operations meet the highest standards possible. The audit focuses on a wide range of core compliance standards including internal controls, security procedures and management practices as they relate to infrastructure and data security. For example, an essential part of IT Solutions’ network security efforts are controls that determine what employees have access to specific records. Implementing policies such as identity and access controls can provide big benefits to both compliance and security.

The SSAE 16 Type II extends its requirements to include written assertion from the data center’s management about the fair presentation of the system’s design, controls, and operational effectiveness. In the event of an audit, these documents can provide proof that your sensitive data is stored in a highly secure and regulated location.

Although, compliance regulations and security audits may seem like a real nuisance, they are designed to protect your company, your clients and your personal identity. You can’t stop cybercriminal activity but you can take every precaution possible to assure it does not happen to you. Emphasize due diligence when deciding who to do business with. And make sure proper processes and systems are in place to keep your data safe.

Are your network and data as safe as they can be? Don’t wait until it’s too late. Contact your VCIO or call us at 800-742-6316 to discuss your specific security and compliance needs.

Article originally appeared at ITSolutions-Inc.com.

< MORE NEWS