We’ve recently seen significant changes in compliance auditing. In the past, clients were able to “check the boxes.” Not so any more.
Chances are your organization is held to numerous federal standards. For instance, if you’re a payment card industry (PCI) company, you have protected health information (PHI) and personally identifiable information (PII) and are therefore affected by the Health Insurance Portability and Accountability Act (HIPAA). Similarly, many financial institutions are regulated by the National Credit Union Administration (NCUA), Federal Deposit Insurance Corporation (FDIC), Federal Financial Institutions Examination Council (FFIEC), and others.
In recent months, it seems compliance auditors have become increasingly keen on what it is they’re auditing, and they’re looking at specific tools like the Cybersecurity Awareness Tool provided by the FFIEC. Some organizations are unaware of the tools provided by the oversight entities granting them compliance, so as the auditors become increasing discerning, businesses are having a harder time gaining compliance.
All of this is extraordinarily important because cybersecurity events are increasing at a rapid rate, and businesses are experiencing significantly more devastating losses – losses they quantify in dollars and cents. It could be a loss of business, rising underwriter premiums, loss of clients or trust, and many other real consequences.
Being prepared and establishing a good compliance program will help you maintain a safe and secure business. Be proactive on defense to avoid being targeted as the low hanging fruit. Don’t sit back, try to blend in, and hope bad actors don’t notice you. When it comes to cybersecurity, hope is not a strategy.
If you have an upcoming audit and want to prepare, I’d like to walk you through some best practices to avoid potential pitfalls. If you have finished an audit and have some “fix-it” items to complete, let us know. We can help you work through the list and beef up your security posture at the same time.
Thank you for trusting us to help with your cybersecurity needs.
Contact us anytime, we’re always happy to help.