How Organizations Are Failing at Compliance Management

Save-Your-Business-Time-by-Automating-Compliance-ActivitiesWhen life returns to “normal” will compliance still be important?  The simple answer is yes.  While COVID-19 has changed the way we work and interact with people, the regulatory requirements are here to stay.
Employees that were once required to come into the office every day will are now working from home, which brings about many opportunities and challenges to being compliant. Post COVID-19, many employees who have embraced the convince of working from home may not be eager to return to a corporate office environment.  Similarly, businesses may also see the benefit of a smaller office or no office space on the bottom line.  So how does this change compliance? Regulatory requirements are designed to ensure that organizations establish a solid cyber security program — and then monitor and update it on an ongoing basis. Compliance is not a one-time activity; it is an ongoing process.  Just like you always must work to maintain compliance with regulations, the regulations themselves will have to adapt and change to the situation.  Prior to COVID-19, the remote workforce was already on the increase.  It has since substantially increased.  In March, NIST released a draft revision of NIST 800-124, Rev 2 Guidelines for Managing the Security of Mobile Devices in the Enterprise. NIST also developed NIST 800-46 Rev. 2 Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. If you aren’t currently following any compliance standards for mobile devices or remote work, you should star here. Both these NIST guidelines are mapped to applicable NIST SP 800-53 security controls and Cybersecurity Framework Version 1.1 functions, categories, and subcategories so you can check your compliance with these controls and update them as necessary. NIST is just one of many compliance standards out there that your businesses could follow.  Other compliance and regulatory requirements may also include PIPEDA, GDPR, HIPAA or PCI.  For instance, if your business accepts payments by credit card, your business may also need to be PCI Compliant.  Since the outbreak of COVID-19, cybercriminals have ramped up their efforts to steal payment data. Researchers at RiskIQ have noticed a 20% increase in Magecart card skimming attacks on online retailers during this pandemic. With Ecommerce on the rise due to COVID-19, expect to see those numbers continue to climb.  Healthcare is another sector of increased risk since COVID-19.  We know that hackers have been targeting various health organizations all throughout this pandemic, even after claiming they wouldn’t.  HIPAA compliance becomes all that much more important, as important research done in response to COVID-19 is being affected by thee breaches. Even though COVID-19 has changed our lives in ways we couldn’t have imagined, the fact remains that businesses need to remain compliant.  Your business, no matter what sector, has certain obligations and responsibilities when it comes to securing data.  Contact Uzado today to help you ensure your businesses is continuing to meet its ongoing compliance obligations.

Leave a Comment

Your email address will not be published. Required fields are marked *