Under the weight of data security compliance pressures, a lot of companies—especially smaller ones that are short on specialized human resources—make the mistake of focusing on satisfying the compliance auditor rather than actually achieving better security. Although regulations have rightfully encouraged more focus on security, it is also true that being compliant doesn’t necessarily mean you are secure. Some of the most visible data breaches have occurred in situations where companies had passed their audits. So know what the regulations require of you, but focus more on putting real mechanisms in place to secure your most critical assets—and document security improvements. You’ll have fewer audit deficiencies, and you’ll resolve them more quickly. Often you can better utilize tools you already have, but if you’re unsure whether you have critical gaps, don’t be afraid to enlist the help of security consultants. Their years of expertise will help you get through the process faster.
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.