Though it has taken a backseat in mainstream media, cyber security and data privacy is still a relevant topic to businesses. New laws are being passed regularly, and the effects have been been relatively unaddressed.
As of July 1st, 2020, California’s new data privacy laws have become enforceable. The California Consumer Privacy Act (CCPA) is only the start of a tremendous change in the United States. The laws were effective as of January 1st. But, according to Kati Paul from The Guardian, California’s Attorney General gave businesses a 6 month grace period to comply.
Unfortunately, many businesses don’t have the resources to understand these laws, let alone keep up and comply with them. The penalty for non-compliance is a fine between $2500-$7500 per violation. This can be a serious toll, especially when learning that the law applies even if your business is in another state.
The good news is, not every business must comply with the CCPA. However, there are other states coming out with similar laws of which qualification could be completely different.
There are many courses of action a business can take to prepare for these changes. There are already guidelines that can be followed such as those published by the National Institute of Standards & Technology, better known as NIST.
Understanding NIST guidelines can be difficult. The stress can be compounded when a customer or partner asks for a SOC Report, and you’ve never heard of one before. However, following these standards and generating SOC Reports can help in preparation to complying with the new laws. It can also help future proof a business model by preventing constant revisions to policy.
There are solutions to the problems presented by these new laws. The most typical response is to hire a full time IT team, ensuring that the team includes Data experts. This solution can be expensive to a company, especially when a company is large enough to need separation between IT and Information Security (IS).
There has been a recent emergence of a business model that is commonly referred to as “As-A-Service” and is provided by Managed Service Providers (MSP). This model allows a company to hire out their IT and IS, reserving resources for conducting business.
An MSP can provide a variety of services, and offer on-demand or near-on-demand support, depending on the issue. Many providers focus on a specific field, such as the medical profession and HIPAA. This allows them to focus on the standards that apply to their customers.
Sometimes, an MSP will team up with multiple vendors and even another MSP to provide a full service model. This is great for the consumer. It allows for a complex IT infrastructure, yet it keeps the overhead low.
If a full IT team was hired, not only would the salary of each employee be required, but so too would the software licenses for each tool that team uses. This can add up quickly, especially when a top notch, experienced team is desired.
A Managed IT solution is typically billed monthly or yearly, but it comes with the experience of the entire team behind the MSP. For small companies, IT can be managed often for less than the salary of a single experienced technician. For large companies, an on site IT team may still be necessary, but it frees the team to perform important on site duties.
Being proactive to improve the IT and security of your company is always suggested. Reactive IT is expensive, stressful, and messy.
If IT is becoming a worry, or it’s already a problem, contact SheppTech to see what solutions exist to fit your needs. For an overview of the services we offer, check out the A La Carte section of our Managed IT Services page.