4 Ways to Avoid Security Vulnerability and Mandated Compliance Overload

October 10, 2019 • Published Categories PCI 101 Tags ,

Do you suffer from security vulnerability and mandated compliance overload? If so, you aren’t alone. Many organizations and their employees are stuck in a veritable non-stop barrage of daily updates when it comes to the latest security trends/concerns, breaches and new compliance mandates.

Buzzworthy topics like facial recognition, the privacy and use of your personal data, new security laws, ransomware, or the many, many other security vulnerabilities, hit the top of our daily news feeds. These concerns should absolutely be treated with a healthy dose of caution, and many of them need our immediate attention. However, the constant deluge is causing many organizations to put their implementation of long-standing security mandates and regulations on the proverbial back burner while they focus attention elsewhere.

At the risk of sounding entirely too nostalgic and over-the-top geeky, this trend reminds me of when I was a child. It seemed that every day, there was some new action figure and corresponding merchandise being marketed to me via television commercials, or on the back of a cereal box. On my 8th birthday, I asked my mother for the newest He-Man and ever villainous Skeletor action figures. I had also asked for the latest BraveStarr action figure from a close relative.

Much to my surprise, the universe somehow aligned, and I got everything that I had asked for. How on earth was a young boy to choose which toy he was going to play with? I mean, I am only human and had only two hands with which to wield these extraordinary figures. Like any child, I played with all of my toys on and off and shared them with friends to fight evil imaginary forces, but inevitably one toy became my preferred go to—spoiler alert!—it was He-Man. The rest of my action figures inevitably shifted aimlessly through the toy bin and received less and less attention.

I know, I know, it’s a cheesy analogy, and maybe even a bit self-deprecating, but I think compliance and security have their parallels with my childhood toys.

Overcome the struggle of security and compliance overload.

As a Senior Security Consultant, I have seen it time and time again. Entities struggle to keep up with just one security/privacy mandate, but when they add in two, three, or more, things are likely to begin to unravel quickly. It becomes more challenging to provide adequate attention to the things that we once cared about when we become overloaded with the hottest new trend, mandate, or even the latest scary webinar we just attended.

So, what can you do you to help mitigate this while still staying current and on top of your security and compliance? Here are a four tips that I like to give my clients:

  1. Remember that security and compliance aren’t intended to be a single, point-in-time event. If we allow these things to slip (sometimes even just a little), we run the risk of potentially devastating consequences.
  2. All compliance mandates are going to have milestones/activities (or their equivalent) that are required to be achieved at specific frequencies. They are designed this way to help you revisit your current security and compliance. Make sure that you keep the required events as a priority for your organization.
  3. More often than not, you just don’t have the time in the day to complete all the tasks you are required to complete, let alone the time to achieve and complete the tasks that you personally feel are needed.I recommend leveraging the assistance of security-minded and focused industry experts to help you identify that which is required for you, guide you through common pitfalls, and in many cases, help you reduce your burdens by utilizing their security services. With that said, be mindful that you cannot outsource all your compliance and security responsibility. When you properly leverage a third-party service provider, however, it can help to reduce many of the burdens that you are experiencing or simply help to fill a knowledge gap within your organization.
  4. Document each role in your organization and the associated duties as they pertain to security and compliance, and then audit against this at regular frequencies. I find that many organizations are surprised that significant requirements or risks have been overlooked because no one knew that they weren’t properly implemented, mitigated or regularly monitored.

Move forward with confidence.

Make no mistake, I think the concerns over many of the new security and privacy threats are genuine, and they should be treated with caution, but we also need to be cautious not to become complacent and bored with the sometimes dated security and privacy mandates/laws and vulnerabilities.

In truth, when I hear of some significant data breach, I don’t often think to blame the latest and greatest security vulnerability. Instead, it usually ends up being a simple, long-known vulnerability that has been exploited due to ignorance or negligence of an organization. Unfortunately, it’s usually both. Compliance overload? Maybe.

With all of the buzzworthy security and compliance topics vying for your attention, I want to remind you that just because you passed your latest scan, received a passing grade, or even self-attested to your compliance; you aren’t done just yet. Proper compliance and security are achievable, but they can’t be forgotten about or thrown into the bin to chase other more exciting topics.

Do you have an ongoing security and compliance program that allows you and your organization to move forward with confidence? If not, I invite you to have a discussion with a security and compliance expert. Click here to contact us.