Small Business Resources, Business Advice and Forms from AllBusiness.com
 

Is my small business required to comply with regulations that big businesses are subject to?

The Sarbanes-Oxley Act of 2002 focuses on enterprise and public companies, and the majority of small business do not have to heed the new rules. The exceptions are small businesses that expect to become acquired by a publicly held company and small businesses that provide products or services to large

corporations. In the latter case, the large corporations must work with their small business suppliers on compliance.

Even if you’re not on the SOX radar, you can still benefit from initiating your own version of the security requirements of SOX. A lot of SOX regulations make good security sense that can protect your company regardless of its SOX status.

  1. Determine who’s in charge of security. Even a small company can designate a “chief security officer” -- perhaps the most tech-savvy senior manager -- who will be responsible for reports and recommendations to be shared with management, investors, employees, consultants, and contractors.
  2. Create policies for the full scope of security. Policy statements and guidelines should influence the way you conduct your everyday business. Consider these questions as you develop your very own security policy:
    • Do our security policies, such as business conduct guidelines for Web usage, apply to everyone in our supply chain?
    • Do policies extend to contractors, suppliers, customers, and business partners?
    • Are all parties connecting into our network conforming to the same security policies?
  3. Will a natural disaster affect our security and IT assets? Take the time to write out a few worst-case scenarios and the response your IT manager should take. If you live in California, for example, build IT security into your earthquake plan. Make plans to have this available to the next person in charge if you’re away when disaster strikes.
  4. Be prepared for the unseen costs of a security breach. Discuss with your lawyer how damages to your company from a security breach can show up as a restatement. Some recompensable damages include:
    • Loss of electrical power
    • Cost of rebooting critical locations
    • Cost of labor to handle damage from blended malicious attacks
  5. Integrate Internet security with physical security. Include the chief security officer visibility in your company’s overall security planning. In the event of a physical security threat, such as a fire or impending flood, make sure the person responsible for the building understands the requirements of the IT manager.
  6. Don’t wait until you see a security problem. External consultants can help with Internet security planning and perform both internal audits to redefine cyber-security objectives. It’s hard to imagine, but many companies don’t even know they’ve had a security breach until long after they've been attacked.
  7. Raise security awareness through education, publicity, and training. Use pre-existing internal channels to increase preparedness, compliance, and overall education. Create an email alias that goes to a response team focused on business continuity in the event of a major security incident.
  8. Prioritize your company's IT assets and protect them. Scrutinize the essential business services that are critical to the company and the IT resources that support them. Areas will include electrical power, telecommunications, banking, transactions, and communications mobility.
    • What are the company’s core services?
    • Are they adequately protected?
    • Are they adequately secured in a legally compliant way?
  9. Work with legal counsel to address compliance and liability issues. Threats to an enterprise’s security are changing so quickly that it’s a challenge to stay secure and stay legally compliant. Go the extra mile and build in hardened layers of security at every connection edge of the IT network, especially if you are a small business that someday hopes to work with larger, publicly traded corporations.

In addition, make sure to read these articles:

  • Your Options in Payroll Software, Packages, and...
  • Find out about the features that come with QuickBooks, as well as the support you get from outsourced services.
  • The joys of mediation
  • Mediation is a valuable tool in your risk management arsenal, especially if you know how to optimize its use.
  • Metamor Announces Internet Security AuditService.
  • CHICAGO--(BUSINESS WIRE)--March 11, 1998--In Corporate America's rush to put everything from staff schedules to order processing on the Internet, companies have opened themselves up to ......
  • Northwest Airlines suspends security...
  • AIRLINE INDUSTRY INFORMATION-(C)1997-2001 M2 COMMUNICATIONS LTD Northwest Airlines has suspended two private security managers following a security breach that shut down Seattle-Tacoma International Airport on ......
  • ZIP flight delayed due to security breach.
  • AIRLINE INDUSTRY INFORMATION-(C)1997-2004 M2 COMMUNICATIONS LTD A flight operated by Canadian low-fare airline ZIP was delayed at Vancouver airport for about five hours last night ......
  • Coping with a major security breach?
  • In November 2005 a laptop belonging to an employee of the Boeing Corporation was stolen. Among the information on the machine was personal financial data ......
  • Delays at Louisville airport after...
  • AIRLINE INDUSTRY INFORMATION-(C)1997-2002 M2 COMMUNICATIONS LTD A security breach at Louisville International Airport caused early morning flight delays on Tuesday (19 February). The security breach, ......
  • Security Breach at C-Store Chain Leads to Debit...
  • Wesco Inc.'s compromised POS system leads to "thousands" of new cards issued in the area.
  • Security breach causes evacuation of...
  • AIRLINE INDUSTRY INFORMATION-(C)1997-2002 M2 COMMUNICATIONS LTD Officials at the Albuquerque International Sunport airport were forced to evacuate about 1,000 passengers yesterday (24 April) following a ......
  • ICSA, Inc. Enhances Internet Security Service...
  • RESTON, Va.--(BUSINESS WIRE)--July 28, 1999-- ICSA, Inc. today announced an enhancement to TruSecure(TM) extending coverage to include security vulnerabilities found inside the corporate network. TruSecure, ......
  • British utility in online security breach.
  • CORPORATE IT UPDATE-(C)1995-2000 M2 COMMUNICATIONS LTD A customer of the UK-based electricity and gas supplier Powergen has uncovered a major security breach on the utility's ......
  • Gator Launches Fix for Potential Security Issue;...
  • Business Editors/High-Tech Writers REDWOOD CITY, Calif.--(BUSINESS WIRE)--Feb. 22, 2002 The Gator Corporation launched a fix for a potential security vulnerability that was brought to the ......
  • NIC Says Rhode Island Security Breach Discovered...
  • PROVIDENCE, R.I. -- eGovernment provider NIC (Nasdaq:EGOV) today said that the security breach which allowed an unauthorized party to gain access to the state ......