This infographic from ERS Ltd., who provide managed IT services, will help contextualize your company’s vulnerability to cyber attacks. The infographic begins with some statistics about cyber threats to your business. The most notable one is that 52 percent of employees do not adhere to company policy regarding data security. If this is true, your company may be leaking data, and you should do everything in your power to educate both new and longtime employees about your security compliance policies.

The graphic concludes by addressing the very important question of, “What can be done to prevent an attack?” and makes threes important suggestions:

• Have a recovery plan – Incredibly, 75 percent of businesses do not have one in place.
• Prevent attacks – Businesses with a managed service plan in place mitigate downtime by 64 percent.
• Practice good management – According to a 2012 Verizon report, 97 percent of data breaches are preventable.

Check out the rest of the infographic in detail, and in the comment section, let us know how you prevent cyber attacks on your business.

The post Ecommerce Eye Candy – Cyber Threats to Your Business appeared first on cleverbridge.

Many companies are so focused on developing products and running their business that they ignore the growing need for a compliance management strategy.

According to the Verizon 2012 Data Breach Investigation Report, 92% of data breaches were discovered by third parties. This statistic tells me that most businesses only focus on compliance management when customers or partners tell them about a breach that has already occurred, or even worse, they see themselves on the news. By that time, however, it is already too late.

According to the same report, 97% of those attacks were easily avoidable. But if you’ve ever had to prepare for a compliance inspection, you know how easily it turns into a frantic scramble. So let me repeat: 97% of those attacks were easily avoidable. It’s not rocket science, it’s just sound business. Compliance directives encourage companies to act responsibly towards their customers, employees and business partners; to consider their environment and shareholders.

Consequences of a Compliance Violation

Remember the reason your customers, business partners and employees hand over their personal information and/or confidential business data to your organization. It’s because they trust you.

If their data is stolen because you don’t have the proper security measurements in place, then it’s you who must face the potential consequences. These consequences include hefty fines and penalties. And don’t forget the legal costs, the loss of reputation and the loss of your stakeholders’ trust and loyalty. Ultimately, you may face the possibility of losing your business. So, while the upfront costs of compliance might seem too much for your business at first, consider the ultimate costs if you don’t comply.

Requirements of an Effective Compliance Program

There are a number of compliance and legal issues of which you need to be aware (e.g, Foreign Trade Act, Payment Card Industry Data Security Standard (PCI DSS), SOX, Data Privacy, IT Compliance, Competition Protection Act, etc.). Although it appears to require a lot of work to create an effective compliance program, it doesn’t cost a fortune. You just need to keep the following seven points in mind as you build your compliance strategy.

1. Establish…

…a tone from the top that supports compliance. Management participation is a crucial aspect of a compliance program. A strong commitment from upper management is necessary for your organization to effectively develop and implement a working compliance program.

2. Evaluate…

…compliance directives and risks based on the products, services, markets and countries with which you organization interacts. Before starting a program, it is necessary to conduct a compliance risk inventory and assessment. This way, you can examine the risks your business could potentially face. Ask yourself questions like, “What troubles hit other companies in my industry?”  “Where did my company almost fail?”

3. Study…

…industry standards. Examine best practices as well as public comments and discussions about the compliance directives and risks you have already identified. You don’t have to start from scratch because most compliance directives are widely discussed and are available to the public.

4. Authorize…

…external sources like consultants, lawyers, regulators, insurance companies or service providers. Use external sources like those just mentioned as a resource for guidance and for answering compliance questions. You can also use them for transferring the risk or part of the responsibility to a third party.

5. Train…

…employees. Compliance training is essential not only to maximize employee compliance with laws and rules but to also minimize the risk of fines, litigation and adverse publicity due to non-compliance.

6. Involve…

…compliance staff (e.g. compliance manager, security officers, data protection officers and legal) in the development  process of new products and services to fully address the risks associated with these products and offerings.

7. Ensure…

…the effectiveness of the program. Support an effective compliance audit function that identifies new or changing compliance issues. The audit should have the frequency and intensity commensurate with the organization’s complexity and size.

Keystone

By acting diligently and creating complete transparency within your organization or business, you invariably discover and resolve many hidden risks, saving you and your organization from easily avoidable losses.

Daniela Hagen is the Compliance Manager at cleverbridge, AG

To learn more about how cleverbridge handles information security, check out this resource.

The post Seven Keys to a Successful Compliance Management Strategy appeared first on cleverbridge.