5 Things Small Business Need to Know About Compliance


Raise your hand if your small business is controlled by various common data privacy regulations (HIPAA, PCI, SEC, etc.). There might be some giant smiles on faces of those not raising their hands—a sense of relief for having avoided the extra discipline and effort that compliance requires. Our advice to that relieved group: the best way to stay in compliance with the law—as well as enjoy many other benefits—is to have a compliance plan. Without a plan is like walking a high wire without a net.

Below are five things small business should know about compliance.

1. What is This “Compliance” Thing

To become a legit business, there are many regulations and laws that companies should comply with, including laws that ensure information security, privacy, workplace safety, legislation, and so on. In today’s regulatory environment, companies — especially small businesses — should pay special attention to privacy and security laws.

2. Do I Really Need a Compliance Plan if I am a Small Business

Short answer, yes! Small businesses are breached at a higher percentage than medium and large businesses. Not having a compliance plan makes your business an easy target for an attack. (Besides, if/when you are breached, your compliance plan may be requested by attorneys, regulators, or auditors, to assess for negligence.)

Small businesses are increasingly becoming a target for hackers. Not only are there plenty of small businesses to choose from, but they are easy-pickings for hackers.

3. Why Is Complying with Privacy and Security Laws Important

In their 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks target small businesses. These data breaches have lost companies millions of dollars and customer trust — two things that small businesses can’t afford to lose.

To counter the increasing number of data breaches and protect interests of businesses and customers, government and industry regulatory associations have created detailed laws and regulations for organizations to comply with.

4. Possible Consequences of Failure in Compliance

In general, failing to comply with compliance requirements has consequences, such as costing thousands of dollars in fines, lawsuits and investigations, damage to reputation, and close of business. In many cases, these can cause great damage to a business.

Every organization is required by law to have a compliance policy in place that provides a range of steps and measures to be followed. If these policies are not in place and in practice, regulators reserve the right to prosecute your business.

5. Things that Small Business Can Do to Ensure Compliance

Compliance is not just about having a policy in place – it needs to be a continuous journey, and the most direct route to this is to ACT — Assess. Comply. Train. Three basic things small business can do to ensure that it meets all standards and regulations.

  • First is Assess, by completing a Security Risk Assessment (SRA) to find vulnerabilities.
  • Using this data, you Comply by creating a Compliance Workbook. That way, you’re prepared for the worst, and can also have a detailed response and remediation plan in place.
  • Employees should be a business’s first line of defense. Train and educate employees for potential breaches and the importance of being on high alert.
  • Repeat the ACT process by performing annual risk assessments, updating your compliance plan regularly, and making sure your employees are always aware and educated.

But what are the chances that it could happen to you

Some small-business owners assume that the size of their company makes it an unlikely target for cyberattacks.

  • According to the National Cyber Security Alliance, 1 in 5 businesses have fallen victim to cybercrime.

Maybe we should stop and think about that for a second. That means there is a 20% chance of being hacked.

  • And a further 60% go out of business within 6 months after the initial attack, according to a report by PC World.

Hackers don’t target your business because of specific characteristics like size, value, industry, etc. They only need to look for one thing, and that is a vulnerability. Take the first step to compliance today with a free risk assessment to see if your practicing basic security protection requirements.