Back

Be Safe: Avoid Check Box Compliance

Businessman with cardboard box on his head saying think outside the box concept for brainstorming, creativity, innovation, strategy or individuality

How safe is your company’s data?  Are you following best practices or simply doing check box compliance?

It’s easy to fall into the trap – with increased security threats come increased security measures, and thus increased security bureaucracy to comb through. While checkbox compliance was originally created to help cover all the bases, today it’s a product of putting compliance over risk management, and an easy cop-out for feeling like you’ve secured your systems.

Looking outside the box

Let’s be clear – just because your security systems are checkbox compliant doesn’t mean you’re totally secure. Compliance standards are put forth to be a guiding principle, not an end-all be-all of safety. Like technology itself, security threats are evolving faster than security can keep up, which means in order to be fully secure, you need to be working towards improved safety every day.

Checkbox compliance isn’t necessarily a bad thing, it’s just that it tends to give a false sense of security to organizations who don’t understand they always need to be doing more. It’s a baseline requirement for security to build from, not rely on. In order to actually be secure, you’re going to need to put in some extra work.

It’s like comparing an ordinary house to Fort Knox – yes they both have walls and locks, but only one is secure enough to keep everyone out.

The price of checkbox compliance

Chances are your current security compliance includes working in-house or with a vendor to run a series of vulnerability scans to maintain PCI-DSS, HITECH or HIPAA compliance, and beyond a few conversations about potential high-level threats, the process is over. You pay your team or your vendor, and that’s the end of it.

Fast-forward a few months, years or even decades to when one of these checkbox systems fails. You realize you’ve been putting compliance over security, and without meaning to, you’ve let your security systems go out of date. Technically you’re still HIPAA or PCI-DSS compliant, but hackers have been working tirelessly to learn how to easily defeat those archaic system requirements. Your information is no longer secure, your company’s sensitive data is out floating amid the world-wide web, and your customers no longer trust you as a safe and reliable partner to work with.


That’s going to end up costing you, big time. But it didn’t have to.

Taking the steps now to avoid checkbox compliance and to begin to be proactive with your security is the first step in saving yourself a lot of frustration and money down the line.

Becoming more than “good enough”

At the end of the day, checkbox compliance could be risky and actually lazy. If you want to be truly secure, it’s going to more than being “good enough” by maintaining baseline compliance. It’s going to take some foresight.  

The best way to improve your security is by working work with an IT security partner who can help your organization move beyond the checkbox and prepare for the latest threats facing your data. Finding a trustworthy, local partner like NENS is the first step to improving network security beyond the baseline standards checkbox compliance insinuates is “good enough.”

Client Feedback

“We are about 60% more effective, since we contracted with NENS. The new IT structure helped our office work more efficiently and NENS was able to help make our performance faster. NENS was able to diagnose issues quickly and fix them in a timely manner.”

—Kristen Hammond
Read More