Many organizations deserve applause for their ability to transition workforces to WFH environments this past year with all the challenges. The pandemic brought many massive changes, such as completely reworking business operations, workflow, and communications systems.
Some things got overlooked amidst the chaos. While most organizations surely did not purposely forget their regulatory compliance requirements, some pieces may have fallen through the cracks, at least temporarily. Those oversights are entirely understandable in many cases. Massive transformations in the workplace, including situations where employees needed to use personal computers to log into work applications, put severe limits on compliance management and oversight.
COVID-19 didn’t put everything on hold. In fact, with less secure work systems and locations, the importance of regulations and compliance takes on even more urgency than before the pandemic.
Consumers are more aware than ever that their information might not be safe. Data security is a constant challenge between business compromises, social engineering, and sharing too much information on social media sites. After all, data breaches, cyberattacks, and unauthorized PII sharing seem to be in the news every day—adding to the urgency.
States also introduced more new privacy legislation in 2019 than in previous years, and that trend continued in 2020. California’s version of GDPR (CCPA) is just one example. That regulation gives consumers more control over how organizations can collect, store, and use their information. Of course, when one state passes a law, others are likely to follow with their own version of those rules.
The rapid move to WFH makes it harder for SMBs to meet those regulations. Keeping track of employees, devices, applications, and data flow are more difficult than ever before, even for experienced MSPs with access to many useful tools.
Imagine how challenging this is to businesses with fewer technical resources. Unfortunately, many organizations double down on the lack of quality support by giving employees a pass on rules that slow productivity or maybe too hard to follow when working remotely.
Here are four common missteps by businesses that compromise their ability to remain compliant (and create more headaches for MSPs):
1. Application Management
Many organizations have the bad habit of setting it and forgetting it when it comes to software. Take the Equifax breach as an example. Although the vulnerability was previously published and a patch was available, the organization failed to follow-through, resulting in one of the most recognizable attacks to date.
Few SMBs assign a dedicated staff member to address these concerns. Most fall short due to a lack of skilled IT pros and time to complete these tasks regularly. MSPs can ensure their clients have these bases covered. Completing patches and software updates as quickly as possible is a priority– a few hours could be the difference between a catastrophe and a successful workday.
2. Poor Data Management
Businesses collect more now data than ever before, from payment and contact information to email lists. Often overlooked is the chaos caused by not keeping these operations under control. Data backup and recovery tools, database management, and security are just a few of the things that need attention. This doesn’t even include adherence to industry rules and regulations.
It is up to managed service providers to guarantee that their clients have an in-depth plan to process, store, and validate data to maintain any laws they must follow. A disjointed collection of information is bound to cause problems.
3. Bring Your Own Device (BYOD)
The proliferation of remote workforces in a short timespan led to many companies adopting “Bring Your Own Device” policies. That development allowed employees to take shortcuts which helped create numerous security risks. BYOD made the workplace transition easier, but it certainly did not help organizations maintain compliance and cybersecurity standards.
Lack of data backup solutions, encryption, password controls, and secure internet connections added to the vulnerabilities. Even the most basic provisions such as firewalls may not have been present. MSPs need to help their clients implement strong BYOD policies to ensure that even personal devices are secure and important company data remains out of the hands of criminals. Family computers, tablets, and even mobile phones must have the same protections as any system employees use in the office.
Certain communication avenues will remain a staple of the workplace. Email is undoubtedly one of the most important examples. Though customers would like to think otherwise, sharing critical corporate information via email is not entirely secure—cybercriminals trick staff into sending data or funds to the wrong address and even intercept messages in transit. Losing information in this manner affects organizations’ reputations and can lead to costly fines for non-compliance.
Service providers must take the initiative and enact the proper security protections to avoid these issues. Email security, encryption, and awareness training are all important provisions to keep today’s workforce compliant.
Compliance as a Service
Regulations can be difficult for SMBs to comprehend, and relatively few business owners understand how to deal with all the varying compliance requirements. Chances are good that your clients are much too busy keeping themselves afloat in this difficult climate. The last thing they need is to manage multiple applications and continually enforce and review policies to safeguard company data. That important task can distract them from running a successful business.
This creates an excellent opportunity for MSPs to be the compliance department. A lack of in-house resources or dedicated employees doesn’t have to stop your customers from getting the protection they need. At the same time, you can boost recurring revenue streams, margins, and customer satisfaction.