Can you afford not to comply?
Compliance in a new era...
Whether it is POPIA, GDPR, BDDK or NYDFS that you are needing to comply with is dependent on which country your organisation is located in and what international business operations you have. In today’s digital borderless environment, organisations are expected to comply with both international and local regulatory bodies, and those that don’t, face the consequences of these regulations and can be given fines of up to $22 million in damages or 4% of their global revenue.
“As well as the financial impact, non-compliance can cause even more costly devastation, whereby customers lose confidence in the company or brand, as we experienced locally in recent events,” says Theo Bensch, NTSIKA ICT Holdings Chief Executive, local distributor for Authlogics.
So how do you ensure your organisation is compliant?
When implementing a corporate security policy, there are some common best practices that CEOs and CISOs can apply to ensure more security and reduce the risk of being negatively affected by data protection legislation.
1. Which local and international regulations apply to you?
If your organisation deals with individuals' personal information, or you work in financial, government or military industries, then the local legislation regulations will apply to you.
2. How do you apply the legislation?
Understand all the aspects of the determined legislation and establish who is responsible for applying this within your organisation. Be aware of any requirements to encrypt certain data and how decryption keys should be stored.
3. Put the basics in place first
Are your devices password protected? Do you have strong anti-virus installed? Are your security policies up to date? Make sure your password policies comply with the latest NIST regulations and your end-users are using non-compromised passwords.
4. Improve the existing security
Regulatory bodies expect proof that your organisation complies with adhering to all regulations as well as preventing possible security breaches. Password management with the addition of multi-factor authentication strengthens and verifies the management of these expectations.
5. Validate and verify your set-up
Data protection legislation requires companies to show they use a framework to continuously monitor compliance rather than a single audit process. Therefore, it is imperative that you can verify password compliance and the usage of multi-factor authentication, as a secure password is a foundation on which all other security initiatives are built.
Authlogics has been recognised at this year's AI Cyber Security Awards and awarded “Best Password Compliance Specialist” for the second year running for providing “a unique solution which helps transition from a weak and vulnerable password to a secure and always compliant one”.
“We have designed our Authlogics solutions to comply with best practices with a key focus on adhering to NIST compliance for password security and user authentication. Authlogics has numerous tools and solutions to assist our customers to achieve the necessary ongoing compliance with legislative frameworks. This is achieved with our password security management and multi-factor authentication solutions, both of which are prescribed requirements for secure and compliant environments,” adds Steven Hope, Authlogics CEO.
Password security management
Authlogics has specifically designed solutions to meet and exceed NIST SP 800-63B guidelines for password compliance.The Authlogics Password Policy Manager product can be deployed in minutes on corporate network servers and enforces a compliant password policy as soon as a user changes their Windows password, without requiring any desktop software.
This technology co-ordinates the provision and management of identity information to allow users to log in securely from desktops, mobile, cloud, and third-party applications. It provides a consistent and fully featured layer of security wherever users log in. A self-service portal allows users to set passwords that comply with the latest security guidelines and lets users add and remove multi-factor devices as needed. Each action is logged in detail and can be reported on for audit and compliance purposes.
Find out if you comply
Private and public sector organisations around the world are benefiting from Authlogics solutions, to ensure online accounts are operated with compliant passwords that have not been breached while providing a clearly defined path to a password-less future. Replacing passwords has already proven to increase employee productivity, reduce help desk costs, save time and secure critical company apps, devices and data.
Discover the Authlogics Password Breach Database, which provides a comprehensive and well-maintained dictionary of unacceptable and compromised passwords in the cloud for real-time lookups to see if you comply.