Achieve Security, Not Just Compliance
Under the weight of data security compliance pressures, a lot of companies—especially smaller ones that are short on specialized human resources—make the mistake of focusing on satisfying the compliance auditor rather than actually achieving better security. Although regulations have rightfully encouraged more focus on security, it is also true that being compliant doesn’t necessarily mean you are secure. Some of the most visible data breaches have occurred in situations where companies had passed their audits. So know what the regulations require of you, but focus more on putting real mechanisms in place to secure your most critical assets—and document security improvements. You’ll have fewer audit deficiencies, and you’ll resolve them more quickly. Often you can better utilize tools you already have, but if you’re unsure whether you have critical gaps, don’t be afraid to enlist the help of security consultants. Their years of expertise will help you get through the process faster.
Alison Andrews CEO Vigilant New York