Show All

Aug 17, 2017 10:00:00 AM

Cyber SOC:  What Middle Market Board Members Should Know

The AICPA has issued a much-anticipated standard on cyber security. The new guidance, referred to as the “Cyber SOC,” creates a process that CPA’s can use to review and report on a company’s cyber security. In the past, organizations relied on various consultants, internal resources, and sometimes just plain luck, to identify and mitigate cyber risks. The Cyber SOC fundamentally changes how cyber threats are evaluated and managed. It allows for an independent, objective look at an organization’s processes, policies and controls around cyber risks. 

Continue reading >

Topics: Cybersecurity

Apr 20, 2017 10:00:00 AM

4 Evolving Cyber Disruptions That Should be Included in Your Strategic Planning

In today’s business environment, market disruptions are a persistent topic of strategic planning discussions. Automation, artificial intelligence and increased connectivity will continue to drive our growth strategies, but it is crucial that organizations consider cybersecurity evolution in the strategic plans. Below are 4 evolving areas that will drive your organization’s success or peril over the next 3-5 years.

Continue reading >

Topics: Strategy, Business Planning, Cybersecurity

Mar 9, 2017 11:00:00 AM

Protecting the Organization From Growing Cyber Threats

As we continue in our series, Top Middle Market CFO Challenges for 2017, the growing threat of cybercrime is becoming top of mind for today’s CFOs. Cyberattacks are on the rise. In 2016, the number of US data breaches increased 40%—an all-time record high according to the Identity Theft Resource Center.

It may be easy to assume that the responsibility for addressing cyber risks rests with your IT department, because after all, these appear to be mostly IT-related risks. However, what may be less obvious are the very significant financial risks involved with a cyber breach. This should be keeping most CFOs up at night. 

Continue reading >

Topics: Cybersecurity, CFO

Jan 26, 2017 10:30:00 AM

4 Reasons Why Hiring the Wrong Penetration Testing Firm Will Hurt

Watch the news—cybersecurity is the hot topic in the business world today. With all this attention, it’s no surprise that more service providers are adding cybersecurity to their service menu. Offense-oriented services, like penetration testing, can be a cost-effective way to identify vulnerabilities. Executives, senior management, and boards of directors are keen to find their own weaknesses, as they are the ones that will be held accountable in a breach.

Continue reading >

Topics: Cybersecurity, Penetration Tests, Data Security

Dec 8, 2016 10:00:00 AM

Building Your Cybersecurity Strategy for 2017

Developing a cybersecurity strategy can give your organization the foundation and mandate to develop good policies and procedures for improving resilience. As 2016 comes to an end and we begin looking into 2017, I want to reflect and provide a few observations of strategic cybersecurity mistakes we have seen this year resulting in major losses for many organizations.

Continue reading >

Topics: Cybersecurity, IT Risk, Cyberattack

Jul 28, 2016 10:30:00 AM

Energy Industry: Riddled with Challenges, Ripe for Transformation

All industries are experiencing disruption in today’s environment, but few are experiencing it to the degree the energy industry is, especially those in the electricity sector. The industry faces government regulations, security threats, demographic shifts, storage limitations, consumer demands, technological changes, shifts in public perception and supply chain transformations, just to name a few. At first glance, one might feel overwhelmed at the task at hand, adapting to the changes currently bombarding the industry, while simultaneously anticipating future opportunities so not to be disrupted by change but rather help drive it!

Continue reading >

Topics: Cybersecurity, Disruption, Energy

May 12, 2016 10:00:00 AM

CFOs Collaborate in the Big Easy

New Orleans provided a great venue for this year’s AICPA CFO Conference. CFOs from around the country arrived to expand their knowledge on topics from risk management to being an effective leader.  As someone in the accounting profession and not in that CFO, here are a few of my takeaways from the conference. 

Continue reading >

Topics: Revenue Recognition Standard, Cybersecurity

Apr 28, 2016 11:00:00 AM

3 Questions Manufacturers Should Ask

Recently, my team and I were discussing an audit recommendation with a client. We thought it was a no-brainer – our suggested change would make the audit process more efficient and put less of a burden on our client. We were certain the client would love our idea because it would mean fewer headaches for the company in the future.

Continue reading >

Topics: Cybersecurity, Supply Chain Management, Manufacturing

Feb 4, 2016 10:30:00 AM

3 Issues Your Board Should Monitor in 2016

If the recent financial crisis taught us anything, it taught us the value of a high-functioning board of directors. An educated, involved board can help steer an organization away from needless risk and into a balanced governance structure – the board handles oversight while management handles day-to-day operations.

Continue reading >

Topics: Board Members, Governance, Cybersecurity

Oct 29, 2015 11:00:00 AM

Don’t Get Spooked by Your Vendor’s Cybersecurity

It’s Halloween, and tiny goblins will be out for trick or treat on Saturday night. In this week’s blog, I thought I’d give you a few tips so you won’t be tricked by your vendor’s cybersecurity.

If you outsource any of your services or business functions, your vendor’s security becomes your security. Outsourced service providers include payroll processing companies, vendors pulling data to perform analytics, or anyone else who has access to your organization’s networks, applications or data. You might have the systems under your direct control locked down, but you may still be vulnerable to weaknesses in your business associate’s security. 

Continue reading >

Topics: Cybersecurity

Sep 10, 2015 11:00:00 AM

Incident Response Plans

I’m sure you’ve heard the saying, “Hope for the best, but expect the worst.” I’d like to offer the IT incident response version, “Hope for the best, but plan for the worst.”

Unfortunately, examples of the worst are all around us: patient data stolen from healthcare organizations, customer data stolen from large corporations, social security numbers stolen from the federal government, and even client details stolen from an adultery website. Hackers aren’t just looking for information they can sell; they want embarrassing data, corporate strategy, product research or other sensitive data. Any company using the internet is at risk.

Continue reading >

Topics: Preventative Controls, Cybersecurity

Sep 3, 2015 11:00:00 AM

Top 5 Ways to Secure Your Data

How secure is your business data?

If you’re like many CEOs and CFOs, you hope it’s safe, but you have other, more pressing issues to address. I’ve heard many business leaders explain the reasons hackers wouldn’t be interested in their data: they’re too small, they don’t handle medical records, they don’t process credit cards, or they don’t sell anything over the Internet.

Their reasons for neglecting data security may have been appropriate years ago, but they certainly aren’t applicable today. The theft of information from Ashley Madison, a site that helps people cheat on their spouses, proves that we don’t know what information a hacker might want next. It could be personal information or medical records, or it could be information that could embarrass their targets.

Continue reading >

Topics: Cybersecurity, Data Security