Cybersecurity Can Enhance IT Compliance In Regulated Industries

ImageQuest2019 was a bad year for businesses that collect Personally Identifiable Information (PII), says Milton Bartley of Nashville cybersecurity service ImageQuest. But companies today have the power to protect their customers’ information. And by prioritizing information security, businesses in regulated industries have a better chance of remaining compliant.

NASHVILLE, TENNESSEE, January 31, 2020 — Data breaches ran rampant in 2019. Marriott, WhitePages, Facebook, Burger King, and Capital One are just a handful of the dozens of companies to experience data breaches with far-reaching effects. These information security incidents triggered anger, distrust, and backlash from the public as well as lawmakers. As a result, new data privacy laws are taking effect in 2020 in California and New York. Potentially other states will follow suit.

According to Bartley, who founded the Nashville-based cybersecurity service in 2007, businesses can get ahead of the law and remain compliant with current standards by focusing on data protection. In layman’s terms, he strongly suggests that business owners get their act together when it comes to information security.

Skipping Cybersecurity Not An Option

Cybersecurity is the act of protecting one’s data from intruders. Businesses have many options when it comes to keeping their data safe, from hiring a managed IT service to establishing an incident response plan. Failure to implement cybersecurity strategies is not an option for companies that collect or even handle sensitive data.

Unfortunately, simply being compliant with regulations is not enough. Bartley explains that checking boxes on a data security plan does not guarantee practical results. As an example: You own a business required to comply with industry regulations regarding data security. You follow all the guidelines, which might include limiting access to both digital and physical documents. Only your highest-ranking employees can get into your customers’ databases. Your IT department has drafted an extensive plan to meet requirements.

Then, without warning, your files are breached. As it turns out, one of these trusted employees responded to an email from what appeared to be company management urgently requesting information about payroll to meet a deadline. They responded with what was asked, only the person on the other end of the email wasn’t the CEO or the CFO, but a hacker that cleverly drafted an email to look official. Now your systems are compromised. Malware is invading your servers like a fast-spreading disease, extracting your data and putting it into the hands of a faceless criminal, likely overseas.

Compliant Is Not Always Secure, But Secure Is Almost Always Compliant

As one of Nashville’s most experienced managed IT and cybersecurity service providers, Milton Bartley understands firsthand the difference between compliant and secure. He explains that the two terms are not interchangeable, and a company that is compliant is not necessarily secure. The reverse, however, is often true – a company that prioritizes information security is virtually always compliant with industry standards.

Using the same example as above, Bartley explains that, although your company was technically compliant, other actions could have prevented the security breach. Employee training is one of these.

A Nashville business that had utilized training provided by an experienced cybersecurity service would have taught their employees never to respond to emails with sensitive information. Instead of simply pulling out a cybersecurity training video, the company in this scenario put forth the extra effort to reinforce this information. When coupled with periodic reminders, training works to instill positive data handling habits.

In this case, a well-trained employee would’ve known right off the bat that none of their higher-ups would request sensitive data via email.

Bartley underscores the importance of training in a story shared about one of ImageQuest’s cybersecurity service clients. He explains that a Nashville business allows employees to work from home. Once, an alert employee received a telephone call from an individual claiming to be an AppleCare support specialist. The employee was told that their Apple ID was compromised. Because this employee had been given proper cybersecurity training – by a live expert – they ended the call as soon as their password was requested. The company’s data was safe.

Employees Are The Weak Link

According to Bartley, employees are both a company’s strongest and weakest links in the fight against digital crimes. The FBI reports that human actions – specifically opening a phishing email attachment – is the number one cause of corporate data breaches. Bartley goes on to explain, however, that no amount of training will prevent every mistake. Nonetheless, he says that combining employee training with a partnership with a cybersecurity service can prevent most Nashville businesses from becoming a successful target.

To summarize, a cybersecurity service can help businesses implement procedures to reduce the chances of a data breach. Combined with IT practices and having a reliable and well-practiced incident response strategy, businesses can be both secure and compliant with industry regulations. And the sooner, the better.

Milton Bartley is the President, CEO, and co-founder of ImageQuest. The Nashville-based cybersecurity service firm offers managed IT services and IT compliance consulting for companies throughout the United States.