Regulatory Compliance – Working with the ‘Enforcers’

It was whilst collecting my thoughts before a local radio interview that I realised that not all the information security news is bad.

Yes, not a day goes by without a story of breach here, a theft there, or a copyright infringement somewhere else. Ashby’s law might convince us not to get out of bed in the morning. So once put into perspective, the team became less afeared of switching on their kit, connecting their smartphone to the e-mail so that said e-mail exists in 3…possibly 4…places, creating a primary-data nightmare, and climbed down from the top of the filing cabinets. So little done, so much to do.

But don’t underestimate the effect of a little, and consider the gestalt of lots of littles being done by so much of us.

At the time of the last election, James Brokenshire (now Member of Parliament for Old Bexley and Sidcup and Minister for Crime and Security at the Home Office) identified 14 government agencies charged with issuing security policies and advice. Happily, collaboration of 4 has bridged policy, technical authority, focus on critical infrastructure and economic well-being.

Look at

Grab a baton from the top 10 and run with it. Take a bit of time; it will save you a lot of time for every attack you prevent or divert. Think about the 3 Cs…complacency, complexity, and compliance:

  • Complacency – you won’t get away with it. Be risk-aware! If they don’t want your data, they want your resources – your IP/e-mail address can make SPAM look Kosher!
  • Complexity – security architecture may be the domain of experts but you need to start somewhere. Light the proverbial candle rather than curse the sad reality of the darkness. There are lots of things you can do yourself. (Top 10 time above!)
  • Compliance – do this for business advantage not just to tick the box. Make use of the advice of regulators and independent support (think about what E RADAR does for you here).

Top tip

Regulators want compliance not fines. Work with them not against them. They are not the enemy of entrepreneurship. The real enemy is the e-criminal who wants the fruits of your innovation without the legitimate effort.