Special Focus on Board Cyber Considerations, Email & Identity Protection and Ransomware
Cyber risks are scary and can cause significant damage to your operations and finances as well as your reputation. Don’t be spooked by these threats, learn how to fight them!
This month, Weaver’s IT Advisory Services team turns the spotlight on three areas that are top of mind with our clients: 1) Communicating with the Board on IT and cyber issues, 2) Protecting your email and identity, and 3) Handling ransomware risks and exposure. We welcome you to contact us directly.
Board Cyber Considerations
The Change Management Game
There are ‘No Slam Dunks in IT.’ Many who have worked in technology operations agree, but this statement is often discounted in organizations.
IT professionals often get caught up in the urgency of the moment, short cut change management procedures, or fail to think about the downstream impact of what they see as a minor, isolated change.
Read More
Cybersecurity Questions Board Members Should be Asking Management
Cybersecurity risk is regularly on the list of critical topics for Boards to consider. But all too often, Board members need more information to fully understand the actual risks or actions the organization is taking to mitigate them. Not only that, specific steps to resolve cybersecurity risks may not align with the organization’s cyber program.
Read More
30 Keys to Cybersecurity
News reports about data breaches can sound like they’re written in a foreign language, which makes cybersecurity seem impossible. Luckily, it’s not. Securing your company’s data requires planning and diligence, but understanding a few key terms will make it easier to understand both the risks and the solutions.
Read More
Email & Identity Protection
Will Colorado’s New Data Privacy Law Affect Your Business?
As federal lawmakers struggle to pass a nationwide data privacy law, states are beginning to enact their own legislation. Colorado recently passed a state privacy law that is scheduled to go into effect July 1, 2023. Anyone living in Colorado, conducting business with Colorado residents, or operating a business in Colorado, should have the Colorado Privacy Act (CPA) at the top of mind.
Read More
Your SAQ and You: Common Misunderstandings in PCI Self-Assessments
Growing businesses that accept credit cards are likely to be required to submit a Self-Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) for Payment Card Industry (PCI) compliance to acquirers (banks) or clients.
Read More
Does PCI Apply to Us? Regulated Financial Institutions Want to Know
There is some uncertainty in the banking world about Payment Card Industry (PCI) Data Security Standard (DSS) and whether it applies to regulated financial institutions. This may be largely due to the card brand’s (i.e. Visa, MasterCard, American Express, Discover, JCB) compliance programs, which primarily focus on merchants (entities that receive card payments from one of the five card brands).
Read More
SUNBURST Vulnerability in SolarWinds Orion
The week before the holidays is normally a slower week for most organizations. It was anything but for IT personnel the week of December 13, 2020, when organizations were scrambling to triage the cybersecurity attack that has had a series of hashtags and names associated including SUNBURST, SoloriGate, SUPERNOVA, etc.
Read More
Ransomware
Verizon 2021 Data Breach Investigations Report Highlights Top Data Breaches for 2020
As one of the most widely read annual cybersecurity reports, the Verizon Data Breach Investigation Report (DBIR) offers interesting insights into cybercrime. The 2021 report analyzed nearly 30,000 incidents across nearly 90 countries that resulted in more than 5,000 confirmed data breaches during 2020.
Read More
How to Prepare, Prevent and Recover From a Ransomware Attack
After a highly publicized cyberattack led to the shutdown of the Colonial Pipeline, many organizations are wondering how vulnerable they are to a ransomware attack. And the reality is, most of us are a target. Unfortunately, any organization that has critical data stored within its network is at risk of being a cybercrime victim.
Read More
FBI Alert Highlights Heightened Ransomware Threat to Education Institutions
On March 16, 2021, the FBI issued one of its rare flash alerts notifying of a quickly accelerating wave of Pysa ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Unidentified actors are specifically targeting higher education, K-12 schools, and seminaries, exfiltrating data prior to encrypting the victim’s systems, to facilitate eliciting ransom payments.
Read More
IBM Announces $3 Million Grant Program to Strengthen Cybersecurity in Schools
As school districts have adopted distance learning during the pandemic, another threat has become more severe. According to a December alert from the FBI, nearly 60% of reported ransomware incidents between August and September 2020 involved K-12 schools, a 29% jump from the previous months.
Read More
Tips for Protecting Your Data Against Ransomware
On March 16, 2021, the FBI issued one of its rare flash alerts notifying of a quickly accelerating wave of Pysa ransomware targeting education institutions in 12 U.S. states and the United Kingdom. Unidentified actors are specifically targeting higher education, K-12 schools, and seminaries, exfiltrating data prior to encrypting the victim’s systems, to facilitate eliciting ransom payments.
Read More
Cybersecurity Services
No two projects are identical. We perform tailored procedures to improve the security posture across organizations through our understanding of diverse technology, security frameworks and industry requirements.
![]() |
Cyber Risk Assessments Prioritizing cyber risks that impact security and operations and identifying mitigations.
|
![]() |
Compliance Assessments Evaluating systems and processes, and providing results based on criteria and requirements.
|
![]() |
Vulnerability Assessments Identifying technical weaknesses across devices to improve the overall security posture.
|
![]() |
Maturity Assessments and Roadmaps Defining the current security profile to improve and target the intended goal state for security.
|
![]() |
Gap & Readiness Assessments Facilitating work sessions and reviews to determine next steps for compliance.
|
![]() |
Penetration Tests Testing systems as an attacker to highlight flaws and misconfigurations in a controlled manner.
|
![]() |
Cyber Audits Evaluating environments and systems based on defined controls, criteria, and requirements.
|
![]() |
Cyber Due Diligence Providing buy and sell-side analysis and support aligned to M&A strategy.
|
![]() |
Social Engineering Simulating fraudulent e-mails to assess human weaknesses in security programs.
|

Brittany George
Partner, IT Advisory Services
Brittany George, CISA, CISM, QSA, has more than 16 years of experience, including former Big Four experience…

Trip Hillman
Director, Cybersecurity Services
Trip Hillman, CISSP, CISA, CEH, GPEN, GCFE, GSNA, has more than a decade…

Brian Thomas
National Practice Leader, Advisory Services
Brian Thomas, CISA, CISSP, QSA, has more than 20 years of experience in management consulting,…