You are here: Home / How much do you actually value transparency, privacy, and security for you, your business, and your clients?

How much do you actually value transparency, privacy, and security for you, your business, and your clients?

My response to a discussion on Alignable: "For small business owners : I have noticed and experienced uptick in legal issues and cybersecurity concerns with some of my clients. What do you small biz owners have in place to help and protect you legally and what do you have in place to not only help to prevent an attack on your company /clients / employees /devices but also to restore the identities and stop the bleeding? "

I'm going to focus on the Information Security (InfoSec) side of this for now. Fortunately I ​have decades of experience in Opensource and InfoSec, which has helped inform the development of my businesses, and that of my clients and employers, over the decades. Most importantly growing opensource and security-minded cultural adoption right from the beginning, while most others are forever struggling on a swampy foundation because they are trying to bolt on security after the fact and without cultural buy-in.

We mostly prefer to run more security operating systems such as hardened Linux distributions or OpenBSD.

No solution is ever perfect, and it requires a core culture of both openness (transparency) and respect for privacy and security mindedness with understanding of the many layers. In the Neuropsychology of Learning [1] [2] it is proven that differential (incremental iterative) learning is far more effective for long-term benefit and change than massed learning (pump and dump) approaches. 

As business owners we need to do this in a balanced way without sacrificing our core business focus or values (unless IT or InfoSec is your core business, then you have no excuse :) ). 

In addition to a long list of general security best practices, as a good starting foundation we mostly run well-audited opensource products and are careful about the repositories we pull from for updates and add-on applications. For our staff willing to take on a more security-focused role, I have a great reading list [3] that provides a good solid starting foundation, some of which are actually fun to read even for some non-techies if you like mysteries and "whodunits". 

We self-host our HIPAA and other high-sensitivity communications platforms, including video, audio, chat, file transactions, etc., so we are not risking all the well-known violations of privacy and security by Zoom (as enumerated by the FTC [4]), Google, Microsoft, Apple, Adobe, and many others.

​I used to perform many security audits, including SOX, PCI, SOC, HIPAA, etc. Unfortunately what I saw, and continue to see, especially in healthcare, is quite disturbing.

​Alas, this security-focused approach is not easy for other business owners without a similar background to repeat, so when asked, we refer them to opensource and InfoSec specialists that can help them out.

​What you'll notice from these approaches is a very different paradigm. This is often very difficult for people to accept, even more so these days; to make a paradigm shift that leads to a more inherently open and simultaneously more private and secure experience for you, your employees, and your clients. 

Unfortunately too many people keep going with the lowest common denominator when selecting products and services. They keep supporting and using the worst products (hardware, software, services, hosting, etc.), "stepping over dollars to pick up dimes" with low initial financial costs leading to exponentially higher total costs.

So you need to be honest and really ask yourself, how much do you really value privacy? ​Security? Transparency? The market is indicating, from consumers and business alike not much these days, and this compounds the problems further.

​If an organization or healthcare worker is  currently using any of the public conferencing services by Zoom, Google, Microsoft, Apple, or many of the cloud service providers for your HIPAA protected clients, you are blatantly disregarding their privacy and security.

Yes, the US government and others have put out temporary emergency HIPAA discretionary waivers [5] to use these services that previously were not allowed, due to COVID , but you are really hurting your business and your clients doing so. There are many fully compliant and hardened services available out there. Yes they cost more, but that is because they actually protect you and your clients.

Fortunately there is a growing body of people and organizations effectively raising awareness and provide effective solutions for those willing to experience substantial growth through paradigm shifted change.

​Hopefully these are some useful comments, examples, and suggestions to help people start thinking about working toward a simultaneously more open, private, and security conscious improved quality of life and approach to business.