Today’s WhatIs.com Word of the Day is Dodd-Frank Act .

Today’s WhatIs.com Word of the Day is database activity monitoring.

Today’s WhatIs.com Word of the Day is Chief Compliance Officer.

Today’s WhatIs.com Word of the Day is pharmaceutical detailing.

• Software licenses: We in India don’t buy software, period. But now it might be a good idea to start buying those licenses, at least for the OS. If not, it’s time to take the free OS route, since options like Linux have matured in light years (especially on the GUI front) when it comes to usability for end users. Apps like OpenOffice are quite feature packed, and it’s easier for your users to master the slight learning curve than for the entire organization to sink in an anti-piracy raid.
• Lack of defined IT and information security policies: This issue by itself presents mindset and enforcement challenges associated with regulatory compliance for an SMB. It’s a herculean task to harness the habits of users running loose for so many years on work computers. Even if you manage it, think of the travails when the issue moves up the ladder and you have to convince the top management not to run their laptops using admin level access (or not share passwords with their teenage kids).
• Insufficient or non-existent IT controls: Antivirus solutions that haven’t been updated in weeks, unfettered USB drive use, cracked software, unpatched servers, you get the picture.  Wifi security is yet another question mark.
• Malware ridden networks: Many SMBs ‘breed’ botnets and rootkits which are waiting to be misused by their perpetrators. Club these with fast Internet connections, and your LAN is probably being used to send spam or break into someone’s networks, even as we speak. Do your admins even know how to detect a rootkit? Or rather for that matter, how many admins bother?
• Inhouse admins going rogue: It’s quite common to find your own admins misusing their network privileges to download and run cracked software in SMBs due to lack of control over their activities (and this is based on personal experience).

I can ramble all day about what’s wrong with SMB networks and systems, but that’s beside the point. Compliance may not make you the most liked person in the organization, but well, someone has to do the dirty job!

With its immense potential for misuse (by the authorities, who else?), the Information Technology (Amendment) Act, 2008 presents a simple message for any Indian medium sized business that relies on IT — shape up or ship out (No wonder that the information security vendors, consultants and system integrators are already drooling in anticipation). Yet another compliance, but of significantly lesser impact to many Indian medium sized businesses, is the Payment Card Industry Data Security Standard (PCI DSS) if your organization works with credit or debit card payments. And these are just the tip of the iceberg.

The larger organizations have already mastered the art of compliance to a great extent, so it’s the medium sized business which is likely to be targeted by over enthusiastic IT Act enforcers. Don’t get me wrong, the Information Technology (Amendment) Act, 2008 does have its salient points. But the real danger lies in the Act’s enforcement, which is where your medium sized business needs to have its part clear. If nothing else, it will help you keep your side of affairs manageable.

At the risk of sounding alarmist, I feel that the need for compliance is real for medium sized businesses — especially organizations which have had absolutely no control over inhouse IT systems over the years. Before you break off into a tizzy over this callous statement, just consider the term “objectionable material” as defined by the Indian law. This subjective term can undergo mutilation as per the whims and fancies of the enforcer. For example, the accountant forwarding naughty pictures is sufficient to land your entire organization in hot water with non IT-savvy Police authorities. Or worse, imagine what might happen if the “moral upkeepers” of Indian society decide that they don’t like your organization for some reason or the other. We don’t want to give them more fodder in our hard disks, do we?

I might be going over the top, but many Indian medium businesses have enough skeletons when it comes to their cable closets. Just to drop a hint, software licensing issues itself should ring enough alarm bells. The sooner we give these ghosts a peaceful burial, the better it will be for all of us.