SlideShare a Scribd company logo

Enhance Your Organization's Cybersecurity Strategy

MHM (Mayer Hoffman McCann P.C.)
MHM (Mayer Hoffman McCann P.C.)

Data breaches affect all organizations, from small not-for-profit organizations to large commercial retailers. Should your organization fall victim to a cyber attack, the results could be devastating. The average cost of a data breach in 2014 was $3.5 million. Furthermore, threats to cybersecurity appear to be increasing both in quantity and in severity. Data breaches doubled from 2012 to 2013, and from 2013 to 2014, the average cost of data breaches went up by more than 15 percent. Your traditional approach to risk management may involve information security measures such as processes to protect your physical data from unauthorized access, use or dissemination. Nevertheless, the current environment demands a risk approach that also protects your organization’s electronic data and processes. Smartphones, computers and their networks need protection from unauthorized access and disruption, too. Cybercriminals frequently use these sources as points of entry into your organization, which could have devastating financial, legal and reputational consequences. Approaching information technology and cybersecurity as a function of your internal controls can help protect your organization’s key information. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)’s 2013 internal controls framework provides a good foundation for how to monitor and mitigate your largest threats to cybersecurity. Data breaches will cause you to examine your control environment, cyber risks, control activities, internal and external communication strategies and your monitoring strategies. If you have a robust cyber risk management incorporated into your internal controls, your organization can be much more efficient in responding to and recovering from a security incident.

Economy & Finance
1 of 4
Download to read offline
INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Threats to cybersecurity are increasing both in quantity and in severity. From 2012 to 2013, Data breaches doubled and from 2013 to 2014, the average cost of data breaches went up by more than 15 percent. The average cost of a data breach in 2014 was $3.5 million. Enhance Your Organization’s Cybersecurity Strategy Data breaches affect all organizations, from small not-for- profit organizations to large commercial retailers. Should your organization fall victim to a cyber attack, the results could be devastating. Your traditional approach to risk management may involve information security measures such as processes to protect your physical data from unauthorized access, use or dissemination. Nevertheless, the current environment demands a risk approach that also protects your organization’s electronic data and processes. Smartphones, computers and their networks need protection from unauthorized access and disruption, too. Cybercriminals frequently use these sources as points of entry into your organization, which could have devastating financial, legal and reputational consequences. Approaching information technology and cybersecurity as a function of your internal controls can help protect your organization’s key information. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)’s 2013 internal controls framework provides a good foundation for how to monitor and mitigate your largest threats to cybersecurity. Data breaches will cause you to examine your control environment, cyber risks, control activities, internal and external communication strategies and your monitoring strategies. If you have a robust cyber risk management incorporated into your internal controls, your organization can be much more efficient in responding to and recovering from a security incident.
INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Control Environment Everyone in your organization plays a role in minimizing your organization’s cybersecurity risk, and it’s up to your organization’s management and cybersecurity team to communicate what that entails. Common sources of data loss offer a good indication of the types of policies and practices that should be part of your risk management culture. Misplaced or stolen electronic devices rank as the primary cause of data loss. Recommended practices for how to treat company equipment could reduce the number of these incidents within your organization. For example, you might want to require employees to take home or lock up any electronic devices at the end of the workday. Hackers perpetuate roughly 18 percent of security incidents. They gain access to your organization’s networks through programs that trace the key strokes on your computer or through malware inserted into your system via vulnerable software or third-party plug-ins. Your staff should be on guard for suspicious emails or other unusual requests for information, as they might be cybersecurity breaches in disguise. Risk Assessment A cyber risk assessment helps prioritize your approach to cybersecurity. The first step is to consider your organization’s unique risk profile. Your industry and the kinds of information your organization collects are key predictors of which areas of your operations will be most at risk. Retailers have shown to be targets of hacks involving customers’ credit card information. Health care institutions are highly vulnerable to having their medical records compromised. Consider the value of the information your organization collects, both for the hacker and for your organization. On average, health care records involved in a data breach cost companies $316 per record. Compromised financial information cost companies $236 per record. Value doesn’t exclusively mean records’ monetary price, either. Information that if compromised would have a significant effect on your company’s operations should command a larger share of your security resources. Part of the risk assessment may include an information technology audit. The multifaceted approach to your existing protocol helps identify the areas of vulnerability and risk. A network security assessment can turn up vulnerabilities in your external and internal networks and review firewall, intrusion prevention and network access control systems and policies and assess wireless networks to provide you a clearer picture of where your risks may lie. Network penetration testing should also be included in your information technology assessment, as this can give you a sense of how easily security incidents can be detected in your current operating environment. Testing can also give you an idea of the potential magnitude a cybersecurity breach would have on your organization. Control Activities Internal controls are essential to the effective operation of all organizations. They are the activities or procedures designed to provide reasonable assurance to management that operations are “going according to Healthcare $316 Services $223 Industrial $204 Financial $236 Cost per compromised customer record1 Lost or stolen laptopsor other e-deviceswere the most frequent cause of data loss (20.7%), followed by hackers (18.6%)3
INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity plan.” Without adequate internal controls, management has little assurance that its goals and objectives will be achieved. Properly designed and functioning controls reduce the likelihood that significant errors or fraud will occur and remain undetected. Internal controls help ensure that departments are performing as expected. Control activities are the policies and procedures designed by management to protect the organization’s objectives and goals from internal or external risks. Some common and important cyber risk control activities are logical security, change management, mobile devices and wireless, backups, monitoring of third party providers and cloud services. Logical security controls help make sure that one person does not have too much power or influence over your organization’s cybersecurity. Consider segregating duties on your cyber risk team. Frequent password changes, limiting the system administrator function and logging and/or reviewing system administrator changes made in the financial accounting systems are recommended practices. Change management controls can regulate updates and other modifications that go into production. Your organization should implement procedures that notify management of changes and allow management to approve any modifications prior to the work being done. Then, your organization should test the update using someone other than the developer. If satisfied that the modification works appropriately, there should be an approval process before the change goes into the production environment. Mobile device and wireless access need controls to protect them from unauthorized access. Best practices include encrypting mobile devices and removable data, issuing unique user IDs and complex passwords and automatically wiping devices that are lost or stolen. The remote wiping of devices is especially important because as mentioned earlier, missing devices are the most common source of organizational data loss. Controls should also be in place to protect your data back up. Your organization needs to know what is backed up and where it is being stored, be it a data center, third party provider or cloud provider. Back-up controls to implement include real-time notification and resolution of back-up failures, off-site back up and replication and periodic restores. Annual or semi-annual service organization control audits can help your organization manage your third party service providers. If no service organization control audit reports are available, then be sure your back-up controls include periodic visits to the third party provider or cloud provider offices and hosted data centers. You should also request and review monthly or quarterly provider reports that detail the significant events that took place, the people who accessed the third party provider or cloud provider site and planned outages by the third party or cloud provider. Whenever you are working with a third-party service provider, you also need to make sure your organization is knowledgeable and involved in the provider’s disaster recovery plan. If an unplanned outage affects a provider, your organization should be prepared for the potential effect that would have on its operations. Information and Communication A breach rarely occurs because of one incident, which makes it imperative that your organization have the means to collect and analyze meaningful information about its cybersecurity. A system that aggregates data from different sources can identify patterns, which indicate whether your organization is facing a breach. Written communication plans that address what information is distributed to whom are highly
INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Copyright©2015MayerHoffmanMcCannP.C.Allrightsreserved. recommended. Third parties involved with your organization’s IT security should be considered part of this communication plan, and your organization should be part of theirs, as data breaches on their end could affect your data. Depending on what is lost, you may be at risk for legal action by the affected parties. Your legal team should be involved to help minimize your liability exposure. They can also help you identify who needs to receive communication. Sometimes law enforcement, state attorneys general and even federal agencies may need to be included in the conversation about the breach. Monitoring Activities The risk environment continues to change and evolve, and so, too, should your cyber risk management strategy. Organizations should regularly evaluate the effectiveness of their current strategy and that of any third parties that administer their information technology security. They should then present findings to key stakeholders for consideration. Periodic cyber risk assessments should be part of your monitoring activities as well so that you can see how your systems are holding up to internal and external risks in your operating environment. Planned changes, such as adding a new third party service provider or moving office locations are also good times to revisit and update your cyber risk strategy.

Recommended

MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting ChangesMHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardWebinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
MHM (Mayer Hoffman McCann P.C.)
 
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardWebinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing StandardsWebinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing Standards
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
MHM (Mayer Hoffman McCann P.C.)
 

Recommended

MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting ChangesMHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM Messenger – A Not-for-Profi t’s Guide to Upcoming Accounting Changes
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing StandardWebinar Slides: Changes to Lessor Accounting under the New Leasing Standard
Webinar Slides: Changes to Lessor Accounting under the New Leasing Standard
MHM (Mayer Hoffman McCann P.C.)
 
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
CBIZ & MHM Executive Education Series Webinar Overview - Q4 2018
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Third Quarter Accounting and Financial Reporting Issues Update
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition StandardWebinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
Webinar Slides: Your Guide to Adopting the New Revenue Recognition Standard
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
Webinar Slides: How Not-for-Profit Organizations Can Prepare for Revenue Reco...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing StandardsWebinar Slides: Adoption of New Leasing Standards
Webinar Slides: Adoption of New Leasing Standards
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
Webinar Slides: Now Arriving - Qualified Business Income Deduction Regulation...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
MHM (Mayer Hoffman McCann P.C.)
 
Public Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdatePublic Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard Update
MHM (Mayer Hoffman McCann P.C.)
 
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
MHM (Mayer Hoffman McCann P.C.)
 
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
MHM (Mayer Hoffman McCann P.C.)
 
FASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationFASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based Compensation
MHM (Mayer Hoffman McCann P.C.)
 
Changes Coming to Consolidation Guidance
Changes Coming to Consolidation GuidanceChanges Coming to Consolidation Guidance
Changes Coming to Consolidation Guidance
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax ConsiderationsWebinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax Considerations
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesWebinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit Rules
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
MHM (Mayer Hoffman McCann P.C.)
 
Characteristics of an Effective Audit Committee
Characteristics of an Effective Audit CommitteeCharacteristics of an Effective Audit Committee
Characteristics of an Effective Audit Committee
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefWebinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
MHM (Mayer Hoffman McCann P.C.)
 
Three Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition AdoptionThree Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition Adoption
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on ManufacturersWebinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on Manufacturers
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held BusinessesWebinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & AcquisitionsWebinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction IndustryWebinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction Industry
MHM (Mayer Hoffman McCann P.C.)
 
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdfSeeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Ashis Kumar Dey
 
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
asukqco
 

More Related Content

More from MHM (Mayer Hoffman McCann P.C.)

Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
MHM (Mayer Hoffman McCann P.C.)
 
Public Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdatePublic Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard Update
MHM (Mayer Hoffman McCann P.C.)
 
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
MHM (Mayer Hoffman McCann P.C.)
 
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
MHM (Mayer Hoffman McCann P.C.)
 
FASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationFASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based Compensation
MHM (Mayer Hoffman McCann P.C.)
 
Changes Coming to Consolidation Guidance
Changes Coming to Consolidation GuidanceChanges Coming to Consolidation Guidance
Changes Coming to Consolidation Guidance
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax ConsiderationsWebinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax Considerations
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesWebinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit Rules
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
MHM (Mayer Hoffman McCann P.C.)
 
Characteristics of an Effective Audit Committee
Characteristics of an Effective Audit CommitteeCharacteristics of an Effective Audit Committee
Characteristics of an Effective Audit Committee
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefWebinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
MHM (Mayer Hoffman McCann P.C.)
 
Three Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition AdoptionThree Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition Adoption
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on ManufacturersWebinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on Manufacturers
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held BusinessesWebinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & AcquisitionsWebinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
MHM (Mayer Hoffman McCann P.C.)
 
Webinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction IndustryWebinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction Industry
MHM (Mayer Hoffman McCann P.C.)
 

More from MHM (Mayer Hoffman McCann P.C.) (20)

Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update, Q2 2018
 
Public Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard UpdatePublic Companies Catch a Break with Leasing Standard Update
Public Companies Catch a Break with Leasing Standard Update
 
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
How to Prepare Debt Covenants for Recent Changes to the Accounting for Debt I...
 
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues UpdateWebinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
Webinar Slides: Second Quarter Accounting and Financial Reporting Issues Update
 
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
Guidance Issued Regarding Contributions Made and Received for Not-for-Profit ...
 
FASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based CompensationFASB Simplifies Accounting for Non-employee Stock-based Compensation
FASB Simplifies Accounting for Non-employee Stock-based Compensation
 
Changes Coming to Consolidation Guidance
Changes Coming to Consolidation GuidanceChanges Coming to Consolidation Guidance
Changes Coming to Consolidation Guidance
 
Webinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax ConsiderationsWebinar Slides: Key International Tax Considerations
Webinar Slides: Key International Tax Considerations
 
Webinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit RulesWebinar Slides: The Latest on the New Partnership Audit Rules
Webinar Slides: The Latest on the New Partnership Audit Rules
 
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
Webinar Slides: Source Your Sales - A Multi-State Primer for Apportionment in...
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
Webinar Slides: Eye on Washington - Quarterly Business Tax Update Q1 2018
 
Characteristics of an Effective Audit Committee
Characteristics of an Effective Audit CommitteeCharacteristics of an Effective Audit Committee
Characteristics of an Effective Audit Committee
 
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments DebriefWebinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
Webinar Slides: AICPA Conference on Current SEC and PCAOB Developments Debrief
 
Three Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition AdoptionThree Questions Regulators May Have About Your Revenue Recognition Adoption
Three Questions Regulators May Have About Your Revenue Recognition Adoption
 
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
Webinar Slides: First Quarter Accounting and Financial Reporting Issues Updat...
 
Webinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on ManufacturersWebinar Slides: Tax Reform's Impact on Manufacturers
Webinar Slides: Tax Reform's Impact on Manufacturers
 
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held BusinessesWebinar Slides: The Impact of the New Tax Law on Closely Held Businesses
Webinar Slides: The Impact of the New Tax Law on Closely Held Businesses
 
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & AcquisitionsWebinar Slides: Tax Reform's Impact on Mergers & Acquisitions
Webinar Slides: Tax Reform's Impact on Mergers & Acquisitions
 
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
Webinar Slides: Eye on Washington - Quarterly Business Tax Update 2018 Q1
 
Webinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction IndustryWebinar Slides: Tax Reform and the Effect on the Construction Industry
Webinar Slides: Tax Reform and the Effect on the Construction Industry
 

Recently uploaded

Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdfSeeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Ashis Kumar Dey
 
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
asukqco
 
China's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SUChina's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SU
msthrill
 
KYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
KYC Compliance: A Cornerstone of Global Crypto Regulatory FrameworksKYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
KYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
Any kyc Account
 
5 Compelling Reasons to Invest in Cryptocurrency Now
5 Compelling Reasons to Invest in Cryptocurrency Now5 Compelling Reasons to Invest in Cryptocurrency Now
5 Compelling Reasons to Invest in Cryptocurrency Now
Daniel
 
Singapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update SlidesSingapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update Slides
International Federation of Accountants
 
Enhanced metrics to measure the Regulatory impact
Enhanced metrics to measure the Regulatory impactEnhanced metrics to measure the Regulatory impact
Enhanced metrics to measure the Regulatory impact
Alexander Belyaev
 
Macroeconomic-digest-of-Ukraine-0624-Eng.pdf
Macroeconomic-digest-of-Ukraine-0624-Eng.pdfMacroeconomic-digest-of-Ukraine-0624-Eng.pdf
Macroeconomic-digest-of-Ukraine-0624-Eng.pdf
olaola5673
 
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docxTiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
lamluanvan.net Viết thuê luận văn
 
Singapore 2024 Event The Way Forward Slides
Singapore 2024 Event The Way Forward SlidesSingapore 2024 Event The Way Forward Slides
Singapore 2024 Event The Way Forward Slides
International Federation of Accountants
 
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
Suomen Pankki
 
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdfGUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
ProexportColombia1
 
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
Henry Tapper
 
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education SlidesSingapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
International Federation of Accountants
 
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
Neil Day
 
How to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete GuideHow to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete Guide
Daniel
 
Economic trends from a business point of view (May 2024)
Economic trends from a business point of view (May 2024)Economic trends from a business point of view (May 2024)
Economic trends from a business point of view (May 2024)
Інститут економічних досліджень та політичних консультацій
 
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
brunasordi905
 
PM pre reads for the product manager framework
PM pre reads for the product manager frameworkPM pre reads for the product manager framework
PM pre reads for the product manager framework
KishoreKatta6
 
Singapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play SlidesSingapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play Slides
International Federation of Accountants
 

Recently uploaded (20)

Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdfSeeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
Seeman_Fiintouch_LLP_Newsletter_Jun_2024.pdf
 
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
一比一原版(cwu毕业证书)美国中央华盛顿大学毕业证如何办理
 
China's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SUChina's Investment Leader - Dr. Alyce SU
China's Investment Leader - Dr. Alyce SU
 
KYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
KYC Compliance: A Cornerstone of Global Crypto Regulatory FrameworksKYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
KYC Compliance: A Cornerstone of Global Crypto Regulatory Frameworks
 
5 Compelling Reasons to Invest in Cryptocurrency Now
5 Compelling Reasons to Invest in Cryptocurrency Now5 Compelling Reasons to Invest in Cryptocurrency Now
5 Compelling Reasons to Invest in Cryptocurrency Now
 
Singapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update SlidesSingapore Event 2024 IPSASB Update Slides
Singapore Event 2024 IPSASB Update Slides
 
Enhanced metrics to measure the Regulatory impact
Enhanced metrics to measure the Regulatory impactEnhanced metrics to measure the Regulatory impact
Enhanced metrics to measure the Regulatory impact
 
Macroeconomic-digest-of-Ukraine-0624-Eng.pdf
Macroeconomic-digest-of-Ukraine-0624-Eng.pdfMacroeconomic-digest-of-Ukraine-0624-Eng.pdf
Macroeconomic-digest-of-Ukraine-0624-Eng.pdf
 
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docxTiểu luận: PURPOSE OF BUDGETING IN SME.docx
Tiểu luận: PURPOSE OF BUDGETING IN SME.docx
 
Singapore 2024 Event The Way Forward Slides
Singapore 2024 Event The Way Forward SlidesSingapore 2024 Event The Way Forward Slides
Singapore 2024 Event The Way Forward Slides
 
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
Governor Olli Rehn: Inflation down and recovery supported by interest rate cu...
 
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdfGUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
 
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
Pension Playpen - TAS300 v2 maths and governance resets pension strategies (3...
 
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education SlidesSingapore 2024 Sustainability Reporting and Accountancy Education Slides
Singapore 2024 Sustainability Reporting and Accountancy Education Slides
 
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
BIHC Briefing June 2024 from Bank+Insurance Hybrid Capital in association wit...
 
How to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete GuideHow to Invest in Cryptocurrency for Beginners: A Complete Guide
How to Invest in Cryptocurrency for Beginners: A Complete Guide
 
Economic trends from a business point of view (May 2024)
Economic trends from a business point of view (May 2024)Economic trends from a business point of view (May 2024)
Economic trends from a business point of view (May 2024)
 
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
欧洲杯投注-欧洲杯投注买球-欧洲杯投注买球网|【​网址​🎉ac22.net🎉​】
 
PM pre reads for the product manager framework
PM pre reads for the product manager frameworkPM pre reads for the product manager framework
PM pre reads for the product manager framework
 
Singapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play SlidesSingapore Event 2024 State of Play Slides
Singapore Event 2024 State of Play Slides
 

Enhance Your Organization's Cybersecurity Strategy

  • 1. INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Threats to cybersecurity are increasing both in quantity and in severity. From 2012 to 2013, Data breaches doubled and from 2013 to 2014, the average cost of data breaches went up by more than 15 percent. The average cost of a data breach in 2014 was $3.5 million. Enhance Your Organization’s Cybersecurity Strategy Data breaches affect all organizations, from small not-for- profit organizations to large commercial retailers. Should your organization fall victim to a cyber attack, the results could be devastating. Your traditional approach to risk management may involve information security measures such as processes to protect your physical data from unauthorized access, use or dissemination. Nevertheless, the current environment demands a risk approach that also protects your organization’s electronic data and processes. Smartphones, computers and their networks need protection from unauthorized access and disruption, too. Cybercriminals frequently use these sources as points of entry into your organization, which could have devastating financial, legal and reputational consequences. Approaching information technology and cybersecurity as a function of your internal controls can help protect your organization’s key information. The Committee of Sponsoring Organizations of the Treadway Commission (COSO)’s 2013 internal controls framework provides a good foundation for how to monitor and mitigate your largest threats to cybersecurity. Data breaches will cause you to examine your control environment, cyber risks, control activities, internal and external communication strategies and your monitoring strategies. If you have a robust cyber risk management incorporated into your internal controls, your organization can be much more efficient in responding to and recovering from a security incident.
  • 2. INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Control Environment Everyone in your organization plays a role in minimizing your organization’s cybersecurity risk, and it’s up to your organization’s management and cybersecurity team to communicate what that entails. Common sources of data loss offer a good indication of the types of policies and practices that should be part of your risk management culture. Misplaced or stolen electronic devices rank as the primary cause of data loss. Recommended practices for how to treat company equipment could reduce the number of these incidents within your organization. For example, you might want to require employees to take home or lock up any electronic devices at the end of the workday. Hackers perpetuate roughly 18 percent of security incidents. They gain access to your organization’s networks through programs that trace the key strokes on your computer or through malware inserted into your system via vulnerable software or third-party plug-ins. Your staff should be on guard for suspicious emails or other unusual requests for information, as they might be cybersecurity breaches in disguise. Risk Assessment A cyber risk assessment helps prioritize your approach to cybersecurity. The first step is to consider your organization’s unique risk profile. Your industry and the kinds of information your organization collects are key predictors of which areas of your operations will be most at risk. Retailers have shown to be targets of hacks involving customers’ credit card information. Health care institutions are highly vulnerable to having their medical records compromised. Consider the value of the information your organization collects, both for the hacker and for your organization. On average, health care records involved in a data breach cost companies $316 per record. Compromised financial information cost companies $236 per record. Value doesn’t exclusively mean records’ monetary price, either. Information that if compromised would have a significant effect on your company’s operations should command a larger share of your security resources. Part of the risk assessment may include an information technology audit. The multifaceted approach to your existing protocol helps identify the areas of vulnerability and risk. A network security assessment can turn up vulnerabilities in your external and internal networks and review firewall, intrusion prevention and network access control systems and policies and assess wireless networks to provide you a clearer picture of where your risks may lie. Network penetration testing should also be included in your information technology assessment, as this can give you a sense of how easily security incidents can be detected in your current operating environment. Testing can also give you an idea of the potential magnitude a cybersecurity breach would have on your organization. Control Activities Internal controls are essential to the effective operation of all organizations. They are the activities or procedures designed to provide reasonable assurance to management that operations are “going according to Healthcare $316 Services $223 Industrial $204 Financial $236 Cost per compromised customer record1 Lost or stolen laptopsor other e-deviceswere the most frequent cause of data loss (20.7%), followed by hackers (18.6%)3
  • 3. INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity plan.” Without adequate internal controls, management has little assurance that its goals and objectives will be achieved. Properly designed and functioning controls reduce the likelihood that significant errors or fraud will occur and remain undetected. Internal controls help ensure that departments are performing as expected. Control activities are the policies and procedures designed by management to protect the organization’s objectives and goals from internal or external risks. Some common and important cyber risk control activities are logical security, change management, mobile devices and wireless, backups, monitoring of third party providers and cloud services. Logical security controls help make sure that one person does not have too much power or influence over your organization’s cybersecurity. Consider segregating duties on your cyber risk team. Frequent password changes, limiting the system administrator function and logging and/or reviewing system administrator changes made in the financial accounting systems are recommended practices. Change management controls can regulate updates and other modifications that go into production. Your organization should implement procedures that notify management of changes and allow management to approve any modifications prior to the work being done. Then, your organization should test the update using someone other than the developer. If satisfied that the modification works appropriately, there should be an approval process before the change goes into the production environment. Mobile device and wireless access need controls to protect them from unauthorized access. Best practices include encrypting mobile devices and removable data, issuing unique user IDs and complex passwords and automatically wiping devices that are lost or stolen. The remote wiping of devices is especially important because as mentioned earlier, missing devices are the most common source of organizational data loss. Controls should also be in place to protect your data back up. Your organization needs to know what is backed up and where it is being stored, be it a data center, third party provider or cloud provider. Back-up controls to implement include real-time notification and resolution of back-up failures, off-site back up and replication and periodic restores. Annual or semi-annual service organization control audits can help your organization manage your third party service providers. If no service organization control audit reports are available, then be sure your back-up controls include periodic visits to the third party provider or cloud provider offices and hosted data centers. You should also request and review monthly or quarterly provider reports that detail the significant events that took place, the people who accessed the third party provider or cloud provider site and planned outages by the third party or cloud provider. Whenever you are working with a third-party service provider, you also need to make sure your organization is knowledgeable and involved in the provider’s disaster recovery plan. If an unplanned outage affects a provider, your organization should be prepared for the potential effect that would have on its operations. Information and Communication A breach rarely occurs because of one incident, which makes it imperative that your organization have the means to collect and analyze meaningful information about its cybersecurity. A system that aggregates data from different sources can identify patterns, which indicate whether your organization is facing a breach. Written communication plans that address what information is distributed to whom are highly
  • 4. INTERNAL CONTROLS Learn more about how cybersecurity can affect your business at cbiz.com/cybersecurity Copyright©2015MayerHoffmanMcCannP.C.Allrightsreserved. recommended. Third parties involved with your organization’s IT security should be considered part of this communication plan, and your organization should be part of theirs, as data breaches on their end could affect your data. Depending on what is lost, you may be at risk for legal action by the affected parties. Your legal team should be involved to help minimize your liability exposure. They can also help you identify who needs to receive communication. Sometimes law enforcement, state attorneys general and even federal agencies may need to be included in the conversation about the breach. Monitoring Activities The risk environment continues to change and evolve, and so, too, should your cyber risk management strategy. Organizations should regularly evaluate the effectiveness of their current strategy and that of any third parties that administer their information technology security. They should then present findings to key stakeholders for consideration. Periodic cyber risk assessments should be part of your monitoring activities as well so that you can see how your systems are holding up to internal and external risks in your operating environment. Planned changes, such as adding a new third party service provider or moving office locations are also good times to revisit and update your cyber risk strategy.