The consequences of non-compliance can be devastating.
In 2023, businesses have more to fear than just the formal penalties issued by regulatory or legislative entities. With cybercrime rates at a seemingly all-time high, and even once-trusted cybersecurity companies proving susceptible to breaches, organizations are on high alert.
Failing to comply is more than just a compliance issue or an unchecked box. It can represent an unchecked vulnerability that may give way to a data breach that will have your brand name on consumers’ lips for all the wrong reasons.
That’s why we invited two compliance and security experts to speak on the future and state of compliance. Here’s a short recap of the conversation moderated by Gerald Kasulis, VP of business operations at Nord Security, with:
Deena Swatzie, SVP, Cyber Security Strategy and Digital Innovation at Truist,
Joy Bryan, GRC/Privacy Technology Analyst, RNSC Technologies, LLC.
Kasulis asked the panelists astute questions about the implications of adopting tech powered by AI, the current corporate climate, and how businesses can prioritize compliance on a shoestring budget.
Watch the webinar recording in full right now or keep reading to find out three takeaways that will help kickstart or support your compliance agenda this year.
Increasingly savvy consumers will hold businesses accountable
When data breaches happen, usually it’s the consumers who suffer. The consequences range in severity and kind, but whether major or minor, reputational or financial, a violation of one’s privacy through personal data exposure is never a welcome outcome.
As businesses become hyperaware of the likelihood of a data breach, consumers are equally tuned in.
Consumers are getting smarter in that [data privacy] space. They’re going to expect more, they’re going to hold companies accountable. And so that’s why your compliance needs to be in place.
– Joy Bryan
GRC/Privacy Technology Analyst at RNSC Technologies, LLC
Consumers are more likely than ever to want assurances that their personal data will be kept safe as concerns surrounding data privacy become more mainstream. They want to know how their information will be stored and what measures businesses are taking to protect it.
In today’s climate, trust is a linchpin of customer satisfaction. A recent survey revealed that 71% of consumers are unlikely to buy from a company that loses their trust — which is bad news for businesses that have suffered major breaches.
Meeting compliance standards and earning certifications can be a shorthand for establishing (or re-establishing) customers’ confidence: this ensures that businesses are following the agreed-upon best practices in a verifiable way.
At the end of the day, the buck stops with corporations who collect and store personal data. They will be held accountable for their (in)ability to protect the data they keep.
“Consider yourself as the consumer,” says Swatzie. She suggests that businesses should use the golden rule as a framework — treat consumer data as you would hope and expect yours to be treated.
Additional resources may not be the answer
Even when we talk about talent and the workforce, everyone’s immediate response is ‘we need more resources.’ You don’t always necessarily need more resources.
– Deena Swatzie
SVP, Cyber Security Strategy and Digital Innovation at Truist
Swatzie explained that it’s important to understand what exactly is required to meet compliance standards so that you can balance what you have with what you need. Here, collaboration between teams is key. Security and compliance initiatives will overlap.
Both experts agree that it’s best to start by looking at in-house tech and talent before making an investment. And on the occasion when you do require an additional resource, like software, be sure that you’re adopting tools that serve multiple functions.
I think that whatever platforms and technologies are implemented should have a collaborative feel — where you’re tackling multiple things at once.
– Joy Bryan
GRC/Privacy Technology Analyst at RNSC Technologies, LLC
NordPass Business, for instance, delivers so much more than password management. Get a powerful data breach scanner, password health metrics, a detailed activity log, company-wide advanced security settings, and multi-factor authentication.
On the topic of breaches, take solace in NordPass’ zero-knowledge architecture which ensures that only you hold the key to your business credentials and vault items. In the unlikely event of a breach at NordPass, your private information will remain encrypted and out of reach to cybercriminals.
New investments in tech solutions should add value to what many teams are likely to prioritize the most: workflow efficiency. Consider how and whether security and compliance tools speak to that need.
Get into the nitty gritty. Take the time to consider your existing and prospective tools’ full scope to avoid overinvesting in overlapping functions.
According to Swatzie, “Privacy is everybody’s responsibility. Security is everybody’s responsibility. Compliance is everyone’s responsibility.” For that reason, it’s important not to take buy-in for granted with a top-down approach.
Ask yourself: will my team be open to adopting this policy or software? Does it promote or detract from their respective top priorities?
The word of the day is “proactive”
If we had to summarize the experts’ advice in just two words: be proactive. Specifically, on the topic of lessons learned from a turbulent 2022:
I would hope that in terms of lessons learned, it allows businesses to be a little bit more proactive in their approach and in their strategies.
– Joy Bryan
GRC/Privacy Technology Analyst at RNSC Technologies, LLC
If your compliance and security strategy is only reactive, then it shows a lack of forward-thinking, meaning you’re likely to be continuously caught off guard and lagging behind. Swatzie suggests that compliance professionals and business leaders “put on their auditor hat.”
I’m used to being heavily regulated and audited so I’ve learned enough from the auditors to know exactly what they’re going to ask me before they ask me. So going back to what Joy said earlier, be as proactive as possible.
– Deena Swatzie
SVP, Cyber Security Strategy and Digital Innovation at Truist
Where possible, brace your business for what’s likely to come down the compliance pipeline by studying the standards themselves. With an intimate understanding of the “spirit of the law” you should be able to intuit what’s next and prepare accordingly.
That being said, it’s not a lack of motivation that leaves security and compliance professionals in a reactive position. When it comes to cyber incidents, board and senior leadership members sometimes struggle to see prevention as the cure — waiting until after an event has occurred to implement more stringent security measures.
To learn more about how to get buy-in from colleagues and management before the fact, read our guide on how to campaign internally for cybersecurity.
Summary
Facing increasingly savvy and appropriately demanding consumers, businesses should understand that they will be held accountable for breaches of personal data and plan accordingly.
But, that doesn’t necessarily mean rushing to acquire additional talent and technological resources. Invest wisely and make it count. In particular, security software should be multi-functional.
Finally, the key to success is in forward-thinking. Adopt a proactive strategy to avoid a constant scramble to respond after-the-fact.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
