• Home
  • About
  • Contact

The Phat Startup

The Ultimate Lifestyle Blog for Entrepreneurs

  • Blog
  • Blogger Lifestyle
  • Money & Finance
  • Motivation
  • Personal Growth

Blogger Lifestyle

Ensuring Compliance With Policies

Cybersecurity compliance starts with creating controls. Most standards and regulations require you to set up procedures, policies, and protocols. Nonetheless, the most important thing is to ensure that all stakeholders comply with procedures and protocols.

Company policies are of great significance. They act as a written compliance guide. Often, compliance requirements and regulations require you to have written policies, which form the basis of your security controls. The conditions primarily exist to help senior management understand their job as well as execute their oversight roles effectively.

Nevertheless, written documents can only appraise intent. For instance, you may write an in-house policy that requires employees to establish and use strong passphrases. Similarly, you can set specific controls relating to the number of unique characters and letters. However, not everyone may understand where the path of good intentions leads them.

According to the 2018 Global Password Security Report, employees in most organizations do not create robust and secure passphrases. A whopping 50% of employees use similar passwords for their work and personal accounts, something that significantly compromises their data.

Why is Compliance Important?

According to the Healthcare Insurance Portability and Accountability Act (HIPAA), healthcare providers should protect both electronic PHI (ePHI) and protected health information (PHI). Even though HIPAA doesn’t propose prescriptive password requirement, HiTRUST and NIST Special Publication 800-63B highlight the need for password complexity controls.

HiTRUST aligns to NIST and requires middle-level healthcare companies to have passwords that are protected from unauthorized modification or disclosure during storage and transmission. The organizations are also required to create temporary passwords, which are unique and cannot be guessed by individuals who have an interest in their data.

To put this into perspective, a simple password like 12345 is guessable and therefore, having such can lead to non-compliance. As far as HIPAA is concerned, non-compliance attracts hefty fines. For instance, the minimum penalty for an accidental violation is $100 per violation. Repeat violations can attract maximum annual fines of up to $25,000.

Often, violations in the healthcare industry result from criminals obtaining passwords. Even so, weak access controls are regarded as willful neglect. In such cases, fines can be increased to at least $50,000 per violation and a maximum annual fine of $1.5 million. The hefty penalties that accompany non-compliance highlight the need to sensitize your employees about compliance.

Steps to Follow During Compliance

The first step towards compliance is ensuring that your organization’s employee handbook stipulates your compliance requirements. On its part, the c-suit needs to establish clear objectives, including conditions that govern the use of devices while at work.

The HR department also needs to be brought on board. HR is your most convenient gateway to employees. The department recruits new team members and therefore sets the tone of the compliance program that you put in place. For this reason, the HR department needs to ensure that your compliance policies and procedures are communicated to new employees as a core component of the onboarding process.

In partnership with the HR department, you should establish clear procedures relating to employee misconduct. You may have clear compliance policies, but nonetheless, employees could still ignore them. Without processes that govern employee noncompliance, your organization will be at risk. Therefore, you should outline steps that ought to be taken in case an employee ignores your cybersecurity policies.

For instance, password security problems could lead to verbal warnings. Nonetheless, if an employee shares a password with outsiders, a written notice will be more appropriate. Similarly, you should consider the number of policy violations that you can allow. Another crucial consideration in determining the penalty that employees will be charged if they fail to use malware or a firewall.

In as much as having compliance policies and training new team members will ensure that employees protect your company’s data, you should give your requirements teeth. This will go a long way in solidifying your commitment towards cybersecurity.

Training Staff to be Security-First Minded

It is advisable to come up with an ongoing training requirement bearing in mind the fact that cybersecurity changes daily. A done-and-dusted approach to employees’ cybersecurity training will not protect you let alone helping you maintain compliance. Probably, you will always update old policies or establish new ones. This means that employees need to review policies at least yearly or when you make any additions or changes.

Your ongoing training should factor in cybersecurity issues based on individual employees’ job descriptions. HR and marketing employees handle different information. This means that they also face different risks. Therefore, role-based training is required to secure your data.

Regardless of how good you are at overseeing your employees, your compliance efforts can be futile if you fail to document whatever you do. Recording everything will help you prove your oversight and enables you to handle any threats to your data environment more effectively.

Author Bio

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. You can learn more at ReciprocityLabs.com.

If you want to learn more about our blog, please click here


« Cookie Policy GDPR Requirments
What Attributes Make a Startup Business Special »

About The Phat Startup

The Phat Startup was created by Mike McOwen to create a space where entrepreneur lifestyle could be focused on. We tend to live a different lifestyle than most. Entrepreneurs tend to be interested in maximizing their life, not only their profit.

Connect With Me

  • Email
  • RSS
  • Twitter
  • YouTube

Twitter Feed

Mike McOwenFollow

Mike McOwen
PhatStartupsMike McOwen@PhatStartups·
29 Dec 2017

Why is content marketing so important? Find out here: http://thephatstartup.com/money-finance/why-your-business-needs-a-content-marketing-strategy-in-2018/

Reply on Twitter 946751505146707968Retweet on Twitter 9467515051467079681Like on Twitter 9467515051467079682Twitter 946751505146707968
PhatStartupsMike McOwen@PhatStartups·
9 Oct 2017

http://yescincinnati.com/

Reply on Twitter 917521630162759681Retweet on Twitter 917521630162759681Like on Twitter 9175216301627596811Twitter 917521630162759681
PhatStartupsMike McOwen@PhatStartups·
25 Sep 2017

Wow, interesting

Forbes@Forbes

Millennial men are more likely than women to default on student debt http://on.forbes.com/60148NudC

Reply on Twitter 912458136849698816Retweet on Twitter 912458136849698816Like on Twitter 9124581368496988162Twitter 912458136849698816
PhatStartupsMike McOwen@PhatStartups·
25 Sep 2017

I LOVE Toronto! Miss that place

GO Transit@GOtransit

Explore Toronto’s art scene with GO! Enjoy special late night service during Nuit Blanche on Sept 30. https://cards.twitter.com/cards/v2l8b/4ttwx

Reply on Twitter 912458028355670017Retweet on Twitter 912458028355670017Like on Twitter 912458028355670017Twitter 912458028355670017
Retweet on TwitterMike McOwen Retweeted
BuffaloSabresBuffalo Sabres@BuffaloSabres·
25 Sep 2017

Batter's up! ⚾️ Spending quality time with our friends at @MiracleLeagueWN.

4
Reply on Twitter 912457252057034754Retweet on Twitter 91245725205703475453Like on Twitter 912457252057034754318Twitter 912457252057034754
Load More...

Blog Ideas That Make Money

3 Tips For Doing Business Entertaining At Your Home

Overcoming Challenges: Strategies For Improving Startup Team Performance

How to Create a Retail Space You Are Proud Of

Search

Copyright © 2023 · The Phat Startup

Copyright © 2023 · Divine Theme on Genesis Framework · WordPress · Log in