Threat Intelligence Blog

Posted May 12, 2014

Small and medium businesses (SMB), particularly banks and credit unions, typically have to meet the same compliance guidelines for their industry as their larger peers, including those for social media. As one expert noted, there are some baseline compliance requirements that organizations must meet if their employees use social media at work, whether the company is regulated by FINRA, HIPAA, the SEC, or otherwise. In this post, we’ll discuss three of the hurdles that SMBs often face when trying to implement monitoring solutions for risk and compliance, and some suggestions for how to overcome them.

Three Hurdles for SMB: Budgets, Tools, Bodies

Lack of Budget

Non-compliance in general costs a lot. For example, JP Morgan Chase recently reached a $13 billion settlement with the Department Of Justice for allegedly issuing tainted mortgage securities, as well as a $100 million settlement with the Commodity Futures Trading Commission for another alleged bad deal.

Avoiding non-compliance costs a lot, too. To deal with the growing fines, global corporations are investing more in their compliance budgets. In a 2013 survey of 428 North American internal audit professionals from 26 industries, conducted by the Institute of Internal Auditors (IIA), 37 percent of Fortune 500 respondents indicated that their budgets would increase in 2014, and 32 percent anticipated the addition of more internal audit staff.

Even with increasing budgets and staff, chief compliance officers are struggling to mitigate compliance risks. Almost half of the responding chief compliance officers felt that they did not have sufficient resources to manage their compliance programs effectively.

Small to medium businesses don’t have big budgets in general, and don’t have special funds to allocate for compliance problems. SMBs’ total assets are light years away from the risk management budgets of Fortune 500 companies. But since non-compliance fines can be crippling, SMBs must take strategic steps to avoid them.

Lack of Tools

Most social media monitoring tools monitor brand reach and “buzz,” or how many people are talking about them on various platforms. Monitoring buzz is great for a marketing team that is measuring customer engagement, but does not help a risk and compliance team.

Popular social media monitoring tools cover platforms such as Twitter, Facebook, and YouTube, but do not cover the sites that are very important for risk and compliance concerns, such as PasteBin, DocStoc, and dozens of others. Cyveillance has found that in addition to being shared on social media, sensitive information that is either leaked from the inside or hacked into from the outside often gets shared on these document sharing sites.

Lack of coverage of those sites by buzz monitoring tools force risk and compliance teams to purchase separate tools and services. Piggybacking on the first obstacle of a limited budget, SMBs are faced with another: a lack of affordable tools to monitor for indications and warnings on social media.

Lack of People

While global organizations often have large compliance teams that can handle the wide array of risk, security, and compliance tasks, small to medium businesses often have small teams that may consist of a single person.

However, the security landscape is ever changing, and each day new risks and threats emerge in the wild. Having a small team responsible for many aspects of risk and compliance creates the third obstacle that SMBs face: how a small team can maintain situational awareness of what’s going on outside the virtual and actual four walls of their network and physical perimeter.

Ways to Overcome Obstacles

Use a Versatile Tool

Deploying a versatile tool that can be used by your security, risk and compliance team, and marketing team can eliminate the need to purchase multiple services. Additionally, a service that monitors social media can free up valuable time for your team to address other internal issues that only they can handle. Likewise, a service that updates your team on the security landscape across the world and other industries can free up their valuable time. Monitoring proactively allows organizations to be strategic with their compliance and risk plans and avoid costly non-compliance fines and social media fails.

Our Social Media Watch service was designed to help SMBs overcome the obstacles discussed above. It monitors for a broad range of security risks and online threats on social media and the web 24×7, provides human vetted alerts for any risks or threats identified, includes in-depth reports for any risks we uncover, and updates your team about global security risks on a daily basis.

Additional Posts

No Silver Bullets: Insuring Against Cyber Threats

by Tobias Losch, GLEG The information age has long outgrown its infancy, and the widespread ...

Three Ways Criminals Are Using Social Media: Phishing, Malware, and Physical Threats

In our previous post, we discussed some of the reasons why criminals like social media. In this ...