Why Quality Audits Will Always Pay Off: You Get What You Pay For

by Sarah Harvey / June 14, 2023

What would be the impact to your organization if your information security auditor did not conduct a thorough audit? How would it impact your organization if you partnered with an auditing firm whose quality of services and integrity was questioned by industry regulators? Too often, organizations must deal with the aftermath of receiving an audit that wasn’t thorough enough. This could mean public-facing S3 buckets, active directory policies do not…

What is the Ohio Data Protection Act?

by Sarah Harvey / December 16, 2022

During an age when information and data fuels businesses, understanding the value of cybersecurity in protecting data is crucial. Lawmakers and business owners are continuously recognizing the new, complex risks that come from doing business in cyberspace every day. That’s why on August 3, 2018, Ohio Governor John Kasich signed Senate Bill No. 220, the Ohio Data Protection Act. This legislation makes Ohio the first state to enact a law…

How to Hire a CPA Firm for Information Security Audits

by Sarah Harvey / June 14, 2023

What Type of CPA Firm is Right for You? Before choosing an audit firm to work with, you must understand why, for some types of audits, you need a CPA firm to perform the services. Clients and prospects ask us all the time why accountants are allowed to perform information security audits. We understand the confusion behind this sentiment and want to provide some clarity. The AICPA’s SOC suite –…

Hackers vs. Consumers: 6 Best Practices for Safe Online Holiday Shopping

by Sarah Harvey / June 14, 2023

Best Practices for Safe Online Holiday Shopping While businesses are gearing up for the busiest shopping season of the year and consumers are anxiously awaiting the best online deals, malicious hackers will be prepping to get their hands on valuables as well. This makes it increasingly important that consumers practice due diligence while online shopping. Clicking on random links, buying products from unsecure websites, and inputting personally identifiable information where…

Risk Assessment Checklist – 5 Steps You Need to Know

by Sarah Harvey / April 12, 2023

What is a Risk Assessment? A risk assessment is a process by which an organization analyzes vulnerabilities, potential threats and risks to the organization's security posture and IT systems. Performing a risk assessment is a critical component of any Information Security program. Because it’s mandated by several frameworks (SOC 1, SOC 2, PCI DSS, ISO 27001, HIPAA, FISMA), organizations wanting to comply with these frameworks must conduct risk assessments on…