Skip to main content

Why Apathy Around Security is More Expensive than Compliance

by Mark Polino
Director of Client Services, Fastpath, Integrated Business Group

Check I spent some time recently at an ISACA event in Scotland, just days after GDPR went live. The EuroCACS Conference is the premier conference for Audit/Assurance, COBIT, Compliance, Risk, Security, and Strategy/Governance professionals. With sessions covering everything from segregation of duties to GDPR to the dark web, a couple of points really stood out.

First, multiple presenters confirmed that despite increases in phishing, ransomware, and other types of external attacks, the majority of events happen internally. Ransomware makes great headlines, but common fraud and financial statement manipulation is still all too common. All of the core principles still apply. Companies need to manage system security, maintain segregation of duties, and perform appropriate security reviews, all in a risk-based framework.

Second, there is no magic solution to GDPR. Traditional governance, risk, and compliance (GRC) activities are critical components of maintaining control of data. In fact, use of a GRC solution was recommended as one piece of five tools needed for GDPR. Principles of good governance don't change, and good governance makes GDPR compliance possible. If a company doesn't have control of its financial data how can it reasonable expect to manage customer data within the environment of GDPR?

Finally, security is going to get harder not easier. There are simply more pieces to manage with internal access, external access, cloud applications, mobile everything, IOT devices, and more, all at various stages of maturity. Having a solid security core is simply not optional anymore. For example, using cloud vendors who can't provide a SOC 1 or SOC 2 report demonstrating their internal controls is simply not acceptable. These have become the minimum standards, not luxuries. Whether it's ...

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Mark Polino

Mark Polino is a Certified Public Accountant (CPA) and a former Microsoft MVP (2007-2018) for Business Solutions. He is the author or coauthor of 5 books related to Microsoft Dynamics GP.  Mark also maintains the Dynamics GP focused website He speaks and writes regularly about ERP related topics. Mark has been a controller and CFO for a division of a publicly traded company and he has  worked as a consultant implementing ERP solutions. Mark holds additional certifications including Certified Information Technology Professional (CITP), Certified in Financial Forensics (CFF) , Chartered Global Management Accountant (CGMA). Dynamics Credentialed Professional for Dynamics GP 2015 (Core Install and Core Financials), Xero Certified. He holds a bachelor's degree in accounting from the University of Central Florida and an MBA from Rollins College. Mark lives with his family in Florida.

More about Mark Polino