How to avoid the costs of non-compliant software

Governance Home IT Asset Management Management Risk & Audit Software

by | December 3, 2018

Building a business isn’t easy. Most business owners use some sort of mental checklist to stay on top of growth requirements and core priorities. But that checklist often runs thin on matters of license compliance, which, if overlooked, can cost a growing business hundreds of thousands of dollars. That’s particularly true of non-compliant software, which can expose any business to the risks of failing software audits or suffering cyber attacks that cripple their network.

As a business’s digital footprint grows, so too will the threat posed by non-compliant software against operational continuity. The good news is that with attention and proper due diligence, businesses can safeguard themselves from the risks of non-compliance and protect their current and future fortunes from costs to both the bottom line and their reputations.

Don’t wait for that audit to come

Software vendors have invested millions of dollars in creating and marketing their software, which gives them good reason to frequently audit businesses to ensure full compliance with their licences. Businesses caught with non-compliant software can face upwards of $100,000 in settlement fees — a truly substantial sum compared to the price of purchasing the necessary licences.

Compared to large corporations with huge IT teams, growing businesses may find themselves at greater risk because efforts to maintain compliance can quickly sap vital manpower and resources. The solution isn’t always as simple as going out and buying legitimate versions of existing software: vendors often sell their licences based on several restrictions, such as commercial use or number of users.

The need to constantly review lengthy agreements and renew licences can be a burden for fast-growing businesses, which can easily outgrow their licences before they even notice.

While self-audits remain the best way of ensuring constant compliance, fast-growing businesses do have some options to make the process simpler and less painful. IT can automate or at least semi-automate reviews of employee applications, helping them identify which installed software is licensed or can be removed to avoid any risks of non-compliance.

Working with legal and accounts, IT can also correlate existing licence agreements against the instances of software installed across the business to help them find potential gaps. Through consistent self-checks, businesses can begin uncovering any non-compliant software, and be in a better frame of mind to meet the demands of any vendor if need be.

Non-compliance equals vulnerability

The greater threat to businesses — financially and reputation-wise — comes from the cybersecurity vulnerabilities commonly associated with unlicensed or non-compliant software. Research commissioned by BSA | The Software Alliance suggests that more than 37% of computer systems worldwide have unlicensed software installed.

Unlicensed software is often out of date and vulnerable to cyber attacks, and one of these attacks can reportedly cause serious damage (PDF) to companies — more than $2.4 million in damages, or over $10,000 per computer, while taking more than 50 days to completely resolve.

The impact of ransomware on Australian SMEs can be incredibly damaging with 22% reporting a cessation of business operations immediately and 18% reporting lost revenue (PDF). Employees wanting to download illegal unlicensed software would often do so from pirate sites, installing packages laced with all manner of viruses, malware, worms, Trojans or ransomware that indiscriminately attack business systems regardless of their size.

Cyber attackers often attack growing businesses to obtain their customers’ personal details — or as a stepping stone to access the networks of larger partner businesses, which in turn risks damaging business relationships, frustrating customers and tarnishing reputations.

Business can mitigate this risk by simply requiring their IT department to implement system access levels throughout their networks. This solution, while seemingly basic, effectively stops employees from installing programs without the administration and knowledge of IT. Set-up of such systems isn’t complicated — it is a few hours’ work on most modern operating systems, and once established, requires little to no management oversight.

Businesses can take this further by mandating monthly update checks of all installed software, regardless of frequency of usage. This does two things: firstly, it ensures all compliant software is at its latest (and most secure) version; secondly, it allows IT to spring clean the network — removing software that’s non-compliant or rarely used, which slashes costs and eliminates backdoors to the network in the long term.

Bring it to the light

All in all, the true cost of non-compliance should be evident and pressing enough for rapidly expanding businesses to consider institutionalising their own software asset management (SAM) practices to better manage their licences and uncover non-compliant, unlicensed and illegal software.

They can do so by using the many SAM tools in the market, or work with third-party organisations, such as the BSA, who provide best practices and tools for growing businesses to get started on their road towards software compliance.

Ultimately, SAM should be considered a vital component of any business. Early implementation makes it cheaper and easier for businesses to monitor for software non-compliance, which becomes harder to detect as the organisation expands.

Businesses should start fast and start strong by taking advantage of guidelines from third-party experts, like the BSA, to initiate good compliance hygiene among their employees. Only then can growing businesses continue to reach for the stars — without fear of being pulled back down by the potentially staggering costs of non-compliance in their organisations.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!