Compliance 101

Compliance Horror Stories (& How to Avoid Them)

Are you a founder, CISO, or the unsuspecting victim tasked with leading compliance and regulation at your company? If so, you’ve likely experienced a restless night or two imagining the “worst-case scenarios.” We don’t blame you! Navigating the increasingly complex infosec world can send shivers down anyone’s spine.

It’s true. If you don’t get compliance right, it can lead to pretty horrifying outcomes, including lost deals and revenue, monster fines, or even jail time. But don’t be scared! As long as you go into your compliance journey with eyes wide open and the right combination of software and expertise, you can easily avoid these compliance nightmares and rest easy knowing your customer’s data (and your company’s reputation) is protected. 

Read on-–if you dare 👻–for some cautionary tales from companies whose compliance standards were lacking.

Nightmare #1: Disappearing Dollars

Don’t let your compliance past haunt your future deals. These days, data security and successful SOC 2 audits are table stakes for closing enterprise deals. According to Coalfire, 58% of companies now view compliance as a material barrier to entering new markets—that’s one spooky stat!

Additionally, “customers in the mid-market and startup space that want to be selling to enterprise customers are now turning around and demanding that [vendors] have it.” Explains Evan Powell of Reprise. “We view SOC 2, Type 2 not as a compliance thing that we have to do, but as a revenue and a customer enabler at Reprise.”

A Laika Account Executive recently shared that one of his customers decided not to go with a particular vendor because that vendor’s SOC 2 report from A-LIGN was too weak. Not only does having the report matter, report quality matters as well.

Investors will also look into the security and compliance measures you’ve taken when researching your company. If your organization isn’t in good standing, you might experience more difficulty securing funding and financing. 

Nightmare #2: Freakish Fines

If you sleep(walk) on compliance certifications or don’t receive a quality assessment, your company could face some horrific fines.

A UK-based biometrics firm, Clearview, was fined 20 million Euros for mishandling user data. Clearview was using AI to scrape facial images of individuals from all over the internet and then selling those images to facial recognition companies. These individuals hadn’t consented to having their images collected by Clearview, so this practice violates GDPR. This was the third time they’d been penalized for not complying with GDPR standards.

NYC-based vision insurance company EyeMed recently shelled out $4.5 million to regulators in New York due to a poor risk assessment. According to the New York DFS, “EyeMed suffered a breach in June 2020 thanks to a poor risk assessment and a failure to use multi-factor authentication (MFA) at a key point in EyeMed’s IT systems. Those failures allowed an attacker to access a shared EyeMed email mailbox which contained more than six years’ worth of customers’ data, including the data of minors.” 

Yikes! Data breaches can be quite the scare with massive fines attached to them which is why it is imperative to stay on top of company compliance certifications.

Nightmare #3: Creepy Crawly Lawsuits

Anyone actively conspiring to violate compliance regulations can even face jail time if caught. After all, these frameworks are in place for a reason—they protect your customers’ privacy and, in turn, your company’s integrity and reputation. 

Physician Frank Alario faces a penalty of up to a year in jail and a $50,000 fine for a recent HIPAA violation.  He planned to disclose sensitive patient information to a pharmaceutical sales representative for his financial gain—a major HIPAA ‘no-no’.

And in more mainstream news, a former Uber executive was recently handed a guilty verdict for attempting to cover up a security hack back in 2016. According to US Attorney Stephanie Hinds, “Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught.”

Starting to sweat? Don’t be scared! The good news is you can avoid these compliance nightmares and rest easy knowing your organization is protected.

Avoid These Nightmares by Getting Compliance Right (the First Time)

Lucky for you, your regulatory journey doesn’t have to feel like walking through a haunted house. Innovative solutions now exist that make it easier than ever to do the right thing regarding compliance. Getting compliance right (and getting it right the first time) not only helps you avoid the hairy situations mentioned above, but it can also save your company resources as well. Investing in the right solution saves you 40-50% in internal compliance resources requirements. So how do you know which one the ‘right’ solution is?

The key is to look for one that offers the right balance of automation and expert guidance.

Spoiler Alert: You can’t automate compliance away

The most important thing to remember is that compliance requires more than just a list of checkboxes, and it’s certainly not something that can be fully automated. While you can automate some aspects of the regulatory process, it’s also essential to have support from experts who understand the frameworks.

A good solution will allow you to:

  1. Leverage technology to streamline and automate workflows. 
  2. Receive ongoing support from expert compliance architects.
  3. Work with auditors who truly understand compliance frameworks.

Automating parts of the process and choosing the right partners to guide you through the process is the perfect formula for compliance success—and many nightmare-free nights of sleep to come.

Want to learn more about how the right solution can help you protect your company and your customers? Reach out and book a demo today.