Special Focus on Board Cyber Considerations, Email & Identity Protection and Ransomware
Cyber risks are scary and can cause significant damage to your operations and finances as well as your reputation. Don’t be spooked by these threats, learn how to fight them!
This month, Weaver’s IT Advisory Services team turns the spotlight on three areas that are top of mind with our clients: 1) Communicating with the Board on IT and cyber issues, 2) Data privacy and management, and 3) Handling cybersecurity threats and exposure. We welcome you to contact us directly.
Board Cyber Considerations
One of the challenging parts of being a cybersecurity leader is communicating technical concepts in a manner that non-technical leaders, boards and C-suite personnel can understand. Focus too much on the metrics that lack context and you will likely get silence or a barrage of questions.
Effectively communicating information to the board is instrumental to the process of budgeting and managing cybersecurity programs. However, sharing critical technology data can become challenging when board members have a variety of experience and understanding.
During Weaver’s 2023 Second Quarter Accounting and SEC Update, we took a deep dive into examining three hot issues that affect companies of all sizes. The SEC’s cybersecurity guidelines continue to evolve and become more refined with an increased emphasis on companies adopting holistic programs. Their final rule is anticipated to be issued in late 2023 or in 2024 after review of the latest public comments.
Data Privacy & Management
With the 24 Member States from the European Union (EU) voting in favor of adopting the EU-US Data Privacy Framework (EU-US DPF), the European Commission (EC) believes that U.S. protection of personal data transferred between the countries is comparable to that offered in the EU.
Growing businesses that accept credit cards are likely to be required to submit a Self-Assessment Questionnaire (SAQ) and Attestation of Compliance (AOC) for Payment Card Industry (PCI) compliance to acquirers (banks) or clients.
In the ever-changing technology environment we live in, an up-to-date inventory of an organization’s technology assets is critical for maintaining overall security. These assets may include hardware, such as servers or laptops; software, including applications and programs, and data assets.
For as long as individuals and businesses have engaged in commerce and trade, merchants have gathered and stored information. This spans the list of products and/or services available from which buyers could choose, the list of customers in which to engage with, and transactional details related to operating the business. So while it sounds like a new concept, data inventories have actually existed for centuries.
The biggest risks to an organization may actually come from inside. A comprehensive, holistic insider threat mitigation program will provide the tools to help you identify, monitor and mitigate insider threats.
On July 26, 2023, the Securities and Exchange Commission (SEC) approved rules requiring public companies to disclose material cybersecurity incidents in Form 8-K within four days of the incident. Public companies will also be required to provide an annual update in 10-K filings with information about their cybersecurity risk management, strategy, and governance. The rules were adopted by a 3–2 vote and will take effect in December 2023.
In a world where data breaches are a question of when, not if, getting cyber insurance seems mandatory. At the same time — and for the same reasons — insurers are raising the bar to get this insurance and adding more coverage exclusions.
No two projects are identical. We perform tailored procedures to improve the security posture across organizations through our understanding of diverse technology, security frameworks and industry requirements.
|Cyber Risk Assessments
Prioritizing cyber risks that impact security and operations and identifying mitigations.
Evaluating systems and processes, and providing results based on criteria and requirements.
Identifying technical weaknesses across devices to improve the overall security posture.
|Maturity Assessments and Roadmaps
Defining the current security profile to improve and target the intended goal state for security.
|Gap & Readiness Assessments
Facilitating work sessions and reviews to determine next steps for compliance.
Testing systems as an attacker to highlight flaws and misconfigurations in a controlled manner.
Evaluating environments and systems based on defined controls, criteria, and requirements.
|Cyber Due Diligence
Providing buy and sell-side analysis and support aligned to M&A strategy.
Simulating fraudulent e-mails to assess human weaknesses in security programs.