ShareThisDear Professor Bruce:I keep hearing about the need for businesses to be compliant with government regulations regarding information security. Is this really necessary for a small business? If so, how do I best go about ensuring my business is compliant without breaking the bank? Who can I contact concerning government and industry regulations and what is required for my small business?A: It really does seem that we have segued from the "Information Age" into a new "Age of Regulation." Especially frustrating is the growing requirement that businesses comply with the seemingly endless supply of information security related regulations that the government is creating. Events like 9/11 and the collapse of Enron, Arthur Andersen, and WorldCom really kicked the regulatory machinery into high gear. Although the immediate impact of these events hit large corporations, the resulting regulatory fallout is making life difficult for businesses of all sizes.So, just how do these regulations affect small businesses? The bad news is that there is no single, simple answer to this question. It depends on the regulation in question. It depends on your business size. It depends on the nature of your business. It depends on your customers and the nature of their businesses (some of your customers are required to do business only with those companies that are compliant with a given regulation). The good news is that the requirements for compliance with many of these regulations have been pushed back for many small businesses compared to large businesses. According to Richard L. Berry, senior computer systems analyst of The Newberry Group, "It is almost inevitable that your business, in one way or another, is lawfully required to comply with at least some of these information security regulations. Determining the exact nature of your compliance obligation would, frankly, require a lot of analysis that is best done by experts in information security compliance."Fortunately, there are some simple (and relatively cheap) steps you can take that would lead you down the path to compliance. First, make a commitment to ensuring your business implements sound information security practices. Next, have a risk assessment performed (have an outside consultancy perform the work) to determine your current information security status and make sure there is a focus on identifying regulatory compliance issues. Finally, discuss the results of the risk assessment with some information security professionals who can help you devise a plan to both secure your business' valuable assets while, at the same time, bringing you into regulatory compliance.For further information, please visit www.thenewberrygroup.com.(Bruce Freeman is president of ProLine Communications, a marketing and public relations firm in Livingston, NJ and author of Birthing the Elephant (Ten Speed Press). E-mail questions to Bruce(at)SmallBusinessProf.com.)
Businesses must comply with security regulations
Submitted by SHNS on Wed, 06/11/2008 - 12:29
Paying taxes unites us. It also divides us. People can pay five and even six times more in state and local taxes than other folks in similar circumstances making similar incomes.
Who's got your number?
In one of the fastest-growing forms of identity theft, crooks are stealing tax refunds by swiping personal information and using it to trick the Internal Revenue Service.
