Regulatory Compliance and Small Business
Learn
about the new regulatory environment and what you should do to
ensure that your small business is compliant.
A new regulatory
environment is affecting the business landscape, and
compliance standards such as Sarbanes Oxley (SOX) and HIPAA
require businesses to adhere to enforceable standards set by
the government. Many compliance standards require
accountability on the part of businesses, especially in the
areas of data integrity, security, and privacy. Small
businesses, especially in the financial and healthcare sectors
or those that handle contracts from businesses in these
sectors or from government agencies, are more likely to be
affected by a more stringent regulatory environment.
According to a
study sponsored by the Office of Advocacy in 2005 titled "The
Impact of Regulatory Costs on Small Firms," small businesses
with fewer than 20 employees spent $7,647 per employee to
adhere to federal regulations. In comparison to businesses
with over 500 employees that spent $5,282 per employee to
comply with the same regulations, small businesses spent
approximately 45% more than their larger business
counterparts. However, compliance is not only a necessary part
of doing business in today's world, it also ensures a more
secure business practice and can help enhance customer
confidence and attract new contracts and business.
Initially however,
policy compliance may appear to be a daunting task. Yet, it is
possible to deal with government regulations in a timely and
effective way once you understand that the aspect of
compliance that is often most relevant to small businesses is
protecting the information of your customers, employees,
clients, and others whom you conduct business with. Once you
understand how to create a secure infrastructure to protect
how you collect, store, and use data, you can meet the
required standards with greater ease.
Recommendations
Here are some steps you
can take to keep your business compliant:
Learn about
regulations: Staying informed about the regulatory climate
is the first step in the process. New regulations are created
every year, and understanding which ones affect your business
will help you create a strategy, a timeline for meeting the
regulations, as well what resources you already have so that
you will not replicate controls already in place.
Assess your
security controls: You probably have many security
controls in place for the sake of creating a secure business
environment. This will help you a great deal, since you may
only need to add a few extra measures to stay compliant with a
new law or regulation. Taking stock of the hardware, software,
and other IT devices you currently use will help you
understand what areas you need to add extra protection to.
Install security
measures: You should always have a minimum set of security
measures installed to protect your business' network and
resources, such as customer contact lists. You should invest
in a backup solution to serve as a security measure –
especially a disk-based backup system that allows you to
backup your files to an offsite location and retrieve them
easily and quickly. You will then have access to important
data if you experience data theft or loss and need to contact
customers or vendors. You should also install and use
antivirus software and firewall technologies. These security
solutions are necessary for a variety of regulations,
especially to comply with laws regarding customer data
privacy.
Upgrade and
update: Though you may have antivirus protection, backup
solutions, and other IT security safeguards, outdated versions
put your business at risk from the very threats you are trying
to avoid. Additionally, proving to government agencies and
other authorities that you have taken adequate measures to
protect confidential data may require you to disclose the
security measures you have taken. Keeping current is not only
one of the most important ways you can demonstrate regulatory
compliance, it is also a way to be sure that the measures you
have in place are effective. Check regularly for patches and
updates on antivirus and other software, and consider
upgrading to newer versions periodically to take advantage of
technology advances.
Install
compliance technology: There are different ways you can
deal with issues of compliance, depending on the nature of
your business. Some businesses, especially those in the
healthcare and financial sectors may need to take more
precautionary measures than others. If your business is in one
of these sectors, you may consider compliance software
technology that can be used to meet IT compliance and record
and report what controls your business uses. This can be
especially useful for businesses in industries that have
periodic audits of business security controls and processes.
Conclusion
Regulatory compliance is an important aspect of doing
business in today's world. By taking steps to meet government
regulations, you will also gain your clients' and customers'
trust. It will also help you maintain a secure computing
environment, saving time and resources in the future by
protecting your business from various threats. The security
measures you implement now will help keep your business
compliant and make it easier to meet new regulations that
arise.
from
Symantec
