Bypassing the cost of compliance for the SME

Business Regulations and Compliance

Small to medium enterprises, micro enterprises and startups are as liable to the laws of regulatory compliance as the big companies and the costs are high.

By Henk Olivier, MD of Ozone Information Technology Distribution

The small business in South Africa is under unnecessary pressure. The red tape is extensive, complex and time consuming, especially around issues such as taxation, regulation and employment.

This is further complicated by the introduction of regulatory requirements such as the Protection of Personal Information Act (POPIA) in South Africa, the General Data Protection Regulation (GDPR) in Europe, and the rising complexities of similar legislations in the US and Australia.

It doesn’t matter how big or small the business – it has to be compliant with specific regulations or face fines that could cripple or destroy it, and its reputation. Of course, there are numerous security solutions, companies, packages and options that provide the small to medium enterprise (SME) with due diligence and protection, but these can often be far too expensive, especially for the fledgling SME or startup.

A recent analysis done by Michalsons pointed out that compliance costs have to take in numerous factors such as the hours spent by their workforce in achieving compliance, the need to hire new internal resources to manage it, and the solutions that have to be purchased to implement it.

Listed companies have been known to spend around $15-million to achieve compliance. Of course, this price isn’t reflective of what a startup or SME would pay, but it’s enough of a price tag to make anyone blanch considering that the steps taken by big business should be no different from those take by the SME – comply, ensure data security, invest into the right technology, be prepared.

The first instinct, especially in the current economic environment, is to just ignore the entire problem.

It’s difficult, messy and, as with anything to do with regulation, confusing and disorganised. But it isn’t the right instinct and not for the reasons you may think. In fact, compliance extends beyond making governments happy, it’s an investment into reputation and customer that stands the business in great stead both locally and internationally.

It’s a stamp of professionalism and a mark of awareness, and the recognition that these bills are only the sharp edge of the entire coin. Cybercrime is vicious, it’s changing in its attack vector and intent on an annual basis, and it doesn’t actually care what size company it destroys, as long as it gets what it wants.

Which makes the situation look 90% untenable for the business. Now what.

Behind the changing legislation and regulation adaptation there have been changes in the solutions designed to combat crime and support compliance. They have moved away from the highly complex, expensive, and time-consuming platforms that suck up budgets and the will to live.

The as-a-service model has evolved enough that costs have plummeted and accessibility has soared. To take the cliché a step further, this model is flying high-end solutions into SMEs and they are affordable, customisable, flexible and relevant. There are fewer square pegs being shoved into round holes and more options designed specifically with this market in mind.

In terms of understanding the requirements of regulation, it’s worth consulting a specialist that can identify the nooks and the crannies and educate the business about how the systems work and what they really mean.

Ultimately, regardless of the solution implemented, employee buy-in and understanding will always be crucial. Then, finding the solution that secures the business is a matter of finding the right fit.

From intelligent firewalls that can analyse data and deliver reports, such as Untangle, to customisable data storage solutions that flex with the business, to adaptable email and network security solutions – there are applications and services that can be interwoven to create comprehensive, enterprise-level security solutions without the $15-million price tag.

As seen on IT-Online