Last night I received another one of those emails that are becoming all too familiar: “We had a security incident. Somehow, we exposed your name and credit card information. But don’t worry, because we’ve taken steps to make sure it doesn’t happen again.”
I’m tired of getting security breach notifications that say we care about your security, even though we didn’t yesterday. The reality is, that’s simply the way a lot of organizations approach their security. They give it lip service and they say they care — but when all is said and done, you’ll find them sending emails out to the clients they were supposed to protect.
My hope for 2023 is to see organizations stop putting lip service to security. I want to see them stop spouting platitudes regarding security at the upper levels and start putting their money where their mouths are.
Don’t Pay Lip Service to Security
In years past, companies could buy some good will by saying that they had a trusted vendor who assured the organization that they were secure. That won’t cut it in 2023. In fact, that kind of assurance is one reason so many organizations are having security issues and getting breached. Their service providers gave them a false sense of security, and now they’re paying for it.
Today’s service providers need to do more than protect their own data — they need to educate their clients to take appropriate steps for data security. Do your best to assist the customers you’re charged to protect. Help them to understand their own responsibilities and to take advantage of all of the opportunities you can provide them.
Assessors and Consultants should take a fresh look at their efforts with clients, as well. Is there an opportunity to raise your game in serving your clients? In the end, you aren’t just charged with protecting your client, but all of their stakeholders as well.
My hope is that we can continue to raise the bar across the board. And maybe one day we can stop these stupid emails from getting sent out.
That’s where my head goes when I look ahead in 2023. Everyone in the security and compliance arena has a responsibility to others — whether you’re subject to compliance, a service provider to compliant organizations, an Assessor, or a Consultant. And we all have opportunities to take our game to the next level.
Your New Year’s Resolution for 2023
New Year’s resolutions typically don’t hold a lot of water. We pledge to lose 20 pounds or to exercise five days a week, or to give up a bad habit. But only 9% of people actually keep their New Year’s resolutions. Almost a quarter give up within the first week.
Resolutions rarely work, because there’s usually no accountability. There are no meaningful consequences to breaking your diet or skipping the gym. But there are potentially devastating consequences to skipping out on your security and compliance commitments — and your stakeholders will hold you accountable for exposing their sensitive information.
This is 2023. Since 2011, Cybersecurity breach disclosures have increased by more than 600% — with no signs of slowing down. It’s time to stop merely believing that we have everything covered and instead take the necessary steps to implement truly mature security and compliance programs.
TCT’s resolution for 2023 is to do every effing thing we can to reduce the trend of security breach notifications. The more organizations we can help, the more of an impact we’ll have.
Don’t set your organization up to be the one sending the next security breach notification of 2023. Instead, resolve to do what it takes to have concrete validation of your security program. Make sure that what you believe you have in place actually is in place. Hold the responsible parties to your security program accountable by tracking your security / compliance at line item level with internal workflows to ensure you have things in place.
If you’re already past your initial run at compliance, set up a track on TCT Portal in Operational Mode to make sure you’re doing what you should be doing, when you need to do it.
Compliance Confidence in 2023
One of the reasons we created TCT Portal is because the compliance arena has a ton of moving parts. In many cases, you have 500-plus requirements that span ten different departments. There’s a myriad of things to do throughout the year, and to validate at least once per year.
Compliance management can be overwhelming, but it doesn’t have to be. No matter what your role in security and compliance may be, you can elevate your game with TCT Portal. We make compliance management simpler, more efficient, and more achievable.
And because we’ve priced TCT Portal affordably, there’s no reason to go through 2023 crossing your fingers and hoping you’re protected. Know it, with confidence.