Can compliance prevent data breaches?

Compliance audits are not sufficient to prevent breaches, like the one experienced by Target

The recent security breach that affected millions of Target customers was not only a huge concern for individuals whose identity and financial information may have been compromised, but a black eye for the retailer as well. Other companies, like Verizon, have also faced data breaches in recent years, which indicates that even the largest businesses do not have sufficient safeguards in place to prevent data theft. 

In many cases, these large companies have compliance programs in place that they feel are sufficient. Vijay Basani of eIQnetworks uses the term “checkbox compliance” in a piece for usatoday.com. Basani points out that companies that merely go down a list of compliance rules, following them to the letter, are not doing enough. It’s a matter of managing risk, Basani says, and that is what companies need to keep in mind. 

He cites the separation of IT and business within most corporations. Each has its own tasks and priorities and in many cases, the two rarely meet to converse about the intersection of business and security. He also states that businesses tend to focus on the edges of IT infrastructure rather than the core. This attitude, he says, fosters a false sense of security, while the bad guys rub their palms in glee, knowing that they have a better chance to break through.

The key, Basani says, is to proactively identify common security issues and deal with them. This requires constant auditing assessment and monitoring in order to address any weaknesses before they become problems.

 

For more data security news, check out the following:

Your shareholders are concerned about cybersecurity

Best practices for compliance in an ever-changing regulatory landscape

Inside: Law department leadership, growing the IT relationship and data risk management as 2014 priorities

Technology: 5 reasons privacy isn’t as bad as you think

Contributing Author

author image

Rich Steeves

Richard P. Steeves is Managing Editor of InsideCounsel magazine, where he covers the intellectual property and compliance arenas. Rich earned a B.A. in English Literature...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.