Posted by: Anilpatrick
compliance, IT act, medium business, regulation
We started off the midsized Indian business’s compliance level debate many an eon back in terms of blog years. Over the weeks, many responses have trickled in, and the views have not been too favorable on the preparedness of Indian midsized businesses when it comes to compliance and security levels. This post collates some of them (as well as my views), so that you can take the call yourself.
- Software licenses: We in India don’t buy software, period. But now it might be a good idea to start buying those licenses, at least for the OS. If not, it’s time to take the free OS route, since options like Linux have matured in light years (especially on the GUI front) when it comes to usability for end users. Apps like OpenOffice are quite feature packed, and it’s easier for your users to master the slight learning curve than for the entire organization to sink in an anti-piracy raid.
- Lack of defined IT and information security policies: This issue by itself presents mindset and enforcement challenges associated with regulatory compliance for an SMB. It’s a herculean task to harness the habits of users running loose for so many years on work computers. Even if you manage it, think of the travails when the issue moves up the ladder and you have to convince the top management not to run their laptops using admin level access (or not share passwords with their teenage kids).
- Insufficient or non-existent IT controls: Antivirus solutions that haven’t been updated in weeks, unfettered USB drive use, cracked software, unpatched servers, you get the picture. Wifi security is yet another question mark.
- Malware ridden networks: Many SMBs ‘breed’ botnets and rootkits which are waiting to be misused by their perpetrators. Club these with fast Internet connections, and your LAN is probably being used to send spam or break into someone’s networks, even as we speak. Do your admins even know how to detect a rootkit? Or rather for that matter, how many admins bother?
- Inhouse admins going rogue: It’s quite common to find your own admins misusing their network privileges to download and run cracked software in SMBs due to lack of control over their activities (and this is based on personal experience).
I can ramble all day about what’s wrong with SMB networks and systems, but that’s beside the point. Compliance may not make you the most liked person in the organization, but well, someone has to do the dirty job!