Keys to Help Your Clients with Security and Compliance

Your company should have a security and compliance officer, for one.

January 30, 2020

4 Min Read
Encryption Key
Shutterstock

By Todd R. Weiss

For businesses today, running their everyday operations, selling goods and services and dealing with customers can often be the easy parts of their responsibilities. The much more complicated and worrisome part arguably is keeping their operations secure from malicious attackers around the clock and complying with all the varied regulatory rules and hurdles from governmental and industry agencies involved with banking, finance, health, food and a myriad of other areas.

That’s where the upcoming presentation, “How Security and Compliance Could Save Your Client,”  March 10, part of the security conference track at the Channel Partners Conference & Expo, can help provide useful insights for channel partners who provide security and compliance services to business customers.

Duchnowski-Jason_Otava.jpg

Otava’s Jason Duchnowski

In his presentation, Jason Duchnowski, channel chief of Otava, will talk about how regulations and standards, from HIPAA to PCI to ISO 27001, combined with cyberthreats from ransomware to phishing, can combine to make the heads of business leaders spin. He’ll also describe how having trusted IT partners who can help their clients effectively fight cyberthreats and maintain compliance with all the pertinent regulations and standards can be a huge boon for businesses so they can focus on their core operations. Duchnowski will describe how the consequences of successful data security breaches can also severely impact service providers as well. The presentation will stress how regulatory compliance is a skill set that every channel partner must have in today’s security and regulatory landscape, but also show how that doesn’t need to be intimidating for partners. Using his tips and clear approach, Duchnowski will walk attendees through compliance basics and give them a plan of action for how to get ahead of regulatory hurdles.

In this Q&A with Channel Partners, Duchnowski gives a sneak peek into his upcoming security and compliance presentation at the conference.

Channel Partners: Security breaches seemingly are everywhere nowadays — so what clear compliance steps and strategies can businesses take to fight them?

Jason Duchnowski: Breaches are seemingly everywhere today because the likelihood of experiencing a data breach continues to rise each year. Studies have shown that companies now have nearly a 30% chance of experiencing a data breach within a two-year time period. Statistically, businesses should prepare for the inevitability that they will be breached, so how you fight a data breach is more of a defensive strategy. There are three major aspects that should be considered when protecting the business from data breaches: First, buy sufficient insurance to cover breach incidents; second, be aware of the factors that increase or decrease both the per record cost and total breach cost; and third, implement a strategy that shortens the breach life cycle.

CP: If a business already is taking action, what are some of the steps they must absolutely ensure that they are implementing from the start?

JD: Create an incident response team that follows an incident response plan. Test the plan regularly. Technologies that should be highly considered include encryption, security automation and business continuity.

CP: How can regulatory compliance be made less intimidating?

JD: Involve an outside firm for help if your company does not have the expertise. In either instance, a company security and compliance officer should be appointed. This individual is the focal point for internal security concerns as well as …

… the facilitator of outside help. An environment audit and penetration test are good ways to understand what risks and vulnerabilities may exist. From there, a prioritized list of actions should be made and addressed.

CP: What are some strategies for businesses to use to get ahead of their regulatory compliance requirements so they can better protect their business and customer data from breaches?

JD: Compliance failures are only a portion of the picture when discussing protecting customer data from breaches. Extensive cloud migrations create nearly as much risk as compliance failures do. Again, in conjunction with compliance audits, outside firms can help companies understand incoming compliance changes, how to best prepare for them, and risk exposure if the business chooses not to adhere to the regulations.

CP: What other advice do you have to make these processes easier, more reliable and more efficient for businesses?

JD: Efficiency is gained primarily by repetition and reinforcement that security is a company priority. Regular training for all employees, and consistent messaging from the executive and security teams throughout the organization are all important. Security should be considered table stakes for doing business. Human error accounts for roughly one-quarter of all data breaches, so the more educated the company and its employees are about data breaches, the lower the risk for a breach to be the result of human error.

Read more about:

Agents
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like