Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office.
Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.”
Instead, he made the case that companies should think about their cybersecurity from a business perspective.
“What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward being… compliant,” Glockner said.
Glockner argued that companies shouldn’t stop at just achieving compliance. A truly effective and safe cybersecurity presence means going beyond government regulations; recognizing that though designed to keep most businesses safe, they don’t go nearly far enough to ensure protection.
Balancing Required and Needed
Of course telling people to meet compliance but still go further with their cybersecurity can be a complicated message. With all the pressure to meet regulations, it’s understandable that some companies might prioritize this over investing in taking their IT security a step further. After all, SEC fines can be substantial, costing anywhere from $75,000 to the whopping $1 million Morgan Stanley had to pay this past summer.
It raises an interesting question – why wouldn’t you trust these regulations? If the government is saying this is all you have to do, it would make sense that this is all that is required out of you. Unfortunately, this is simply not the case.
As we’ve previously mentioned, the threats toward your business are increasing at a rapid rate. Just in the past five years, the amount of malware has increased by five times. Regulations and the government simply can’t keep up with the ever growing and shifting tactics cyber criminals use to attack your business.
So although you need to keep an eye on compliance, it’s essential that you take steps to go beyond their suggestions.
To accomplish this, you’re going to need some help. This means working with an IT security firm to have not only compliance checkboxes marked, but also point out key areas of weakness.
For example, BAI Security’s Control Audits service verifies an organization’s existing controls against regulatory standards and best-practice guidelines. This service takes a look at your management and IT governance practices, IT operations overall, how you handle your electronic payment systems, manage 3rd party vendors and checks your business continuity and disaster recovery plan.
Furthermore, our IT Security Assessments provide a variety of options through which we can help you uncover breach risks and shore up your cyber security posture. Click on the link above for more information on the many services included in these assessments, we touch on everything from vulnerability and penetration testing, to endpoint compromise and network security best practices, among many others.
Regardless of where you seek out cybersecurity help, it’s crucial that you recognize there are a number of key areas you need to focus on. Sticking to regulations and meeting compliance will only get you so far. To really protect your business and safeguard your customer’s information, you need to go further. Be proactive and you’ll never have to worry about regulations again. You’ll already be exceeding them.