David Nowacki, CISA, CIA
Manager, BlumShapiro Cybersecurity Service Group

Cybersecurity threats are continually evolving, becoming more sophisticated and harder to both prevent and detect. Your organization has likely already experienced some type of a breach, whether ransomware, phishing or a malicious virus. With the severity and frequency of these threats increasing, you need to make cybersecurity a top priority for your business this year.

Accordingly, do you know where your business stands in terms of its cybersecurity preparedness? Are you wondering if your organization might be leaving doors wide open for cyber criminals to come right in?

If you identify with any of the following areas, your organization is likely in a higher risk area when it comes to potential cyber breaches.

  1. Your organization lacks formally documented policies and procedures regarding security.
     
  2. Employees are not aware of cyber security policies or are not required to sign off acknowledging their responsibilities. Employee Security Awareness training does not exist.
     
  3. Your organization lacks management buy-in, understanding, commitment or prioritization for cybersecurity. IT staff may have some security practices in place, but a cybersecurity initiative is not in the “Top 5” list of priorities for leadership.
     
  4. Your organization relies heavily on security through obscurity; you likely have known vulnerabilities in your systems but don’t have the time, resources or talent to mitigate the risks. You depend on secrecy, or worse, a perceived “low likelihood of interest” from attackers as a security “strategy.”
     
  5. Your organization lacks a mature help desk or incident handling practices. IT support is overwhelmed, appears to be a “free for all,” and a formal ticketing system is not utilized. The majority of time is spent putting out fires.
     
  6. Your organization lacks mature planned security practices. Some indicators of this may include:
  • A server room may double as a supply room
  • A basic firewall may be installed but not intentionally configured to block certain traffic and log/alert IT staff
  • Unsupported or unpatched software may be prevalent with no long-term strategy to upgrade
  • Backup and recovery efforts may be minimal or infrequent
  • Mobile devices may be allowed to access email but mobile device management solutions are not used and BYOD policies do not exist
  • Network Administration Solutions such as Active Directory may be utilized for basic authentication, but group policies are not used to enforce security

Having a weakness in any one of these areas can result in potentially catastrophic consequences for your business – whether in down time, remediation costs or reputational damage. You need to “know what you don’t know” and often the best way to determine this is to start with an assessment from an independent source. This will benefit your organization by identifying any holes in your security and helping to prioritize remediation based on the level of risk and available resources.

How BlumShapiro's Cybersecurity Team Can Help:

Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >

Litigation Support Services

Advisors | Auditors | Consultants | CPAs – BlumShapiro is one of the premier consulting firms in New England and a Top 100 CPA Firm in the U.S. Our professionals serve companies in Boston (MA), Hartford (CT), Cranston (RI), Shelton (CT) and Quincy (MA) with technology consulting, business valuations, litigation support, project management, process & controls and bankruptcy consulting services. We are a Intacct Partner offering accounting software including Cloud ERP solutions. Learn more about our City of the Future offerings.