Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime discusses why small and medium business and not for profit organisations find compliance so difficult.
[Start of transcript]
Hi. My name is Roger and today I’d like to talk to you about why compliance is difficult for SME’s. We all have a compliance requirement. Whether it’s a taxation department requirement or you’re doing an audit to make sure your security is secure. But we all have a part of the business that relies on compliance. And it’s really very important that you have everything in place to tick all those boxes and give them back the forms and say yes, we are compliant.
The trouble is with compliance is, unless you look at it from the other end, if you look at it from protecting your business, not we have to tick the box, then your compliance makes a lot more sense. And by making a lot more sense you then are in a situation where you can go, well we need to follow up and has to do these things. That’s according to the components. But if we put all of these things in place our business functions better. We are more secure. We are in a different place than if we just put something in place and not worry about the compliance.
Now compliance is really important when it comes to protecting your business because at times that protection of your business is what will help you survive in the ensuing aftermath of a big attack. But also your compliance will include things like your back ups, your redundancies, your disaster recovery, your business continuity. And now really really important for business – don’t get me wrong when I’ll say that if you don’t do a backup of your data or you don’t do a backup of your configuration of your data then you are going to have a problem.
If you haven’t done a backup of your data and the house falls in, then how are you going to get all that information? How are you going to talk to your clients because you no longer have a reference? And that makes your life really really difficult. But it’s not a compliance problem. That is a business problem. The problem then comes back to compliance. Yes, you’ve got a backup. Yes, we’ve tested it. Yes, we’ve got an IP. We tested it once a month. We tested it once a week. Those couple of things are really important.
Thank you very much.
[End of transcript]