October is National Cybersecurity Awareness Month

Posted on October 18, 2019September 9, 2021

Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.

The Business & IT Security practice at AAFCPAs has published the following insights recently to outline the most common vulnerabilities and how to mitigate risks:

IT Security Vulnerabilities Caused by Web Applications – Sure “there’s an App for that,” but is it secure?
The Internet of Things (IoT) and Cyber Security – How does your HVAC system, smart fridge, or printer make you vulnerable?
Configuration & Application Vulnerabilities in Cyber & IT Security – The most common vulnerabilities are poor configurations and outdated/unpatched systems or applications.
Eye on Cyber: A Day in the Life of an Ethical Hacker – Learn about the covert tricks and techniques used by AAFCPAs’ Certified Ethical Hacker.
Common Social Engineering Cyber Attacks and Prevention Strategies – The human component of cybersecurity is the weakest link.
AAFCPAs’ Mr. Anderson Earns Certified Ethical Hacker Credential – Meet AAFCPAs’ “white hat” ethical security hacker and business continuity advisory.
AAFCPAs Earns SOC for Cybersecurity Services Certificate – Report on your cybersecurity management programs to internal and external stakeholders with credibility.

AAFCPAs reminds clients that the best line of defense in protecting your organization from risks is to remain vigilant and understand your vulnerabilities. AAFCPAs’ Cyber Security & Technology Assessments help identify risks from the use of technology that could potentially cause information loss or financial or reputational harm to your organization.

To schedule a cyber-security assessment, or for specific advice on how to best protect your organization against cyber-attacks, please contact James Jumes at 774.512.4062, jjumes@nullaafcpa.com; or your AAFCPAs Partner.

About the Authors

James Jumes, MBA, M.Ed.

James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting. James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.

Vassilis Kontoglis

Vassilis is a senior member of AAFCPAs' Business Process & IT Advisory practice with proven expertise in cyber security and IT risk assessments, data analytics and data visualization, and robotic process automation. He also has extensive expertise assessing IT general controls, and conducting System and Organization Control (SOC) attestations. He helps clients increase business process efficiency, effectiveness, and risk management.

Mr. Anderson, MCSE, CCNP, CISSP, CEH

Mr. Anderson is a “white hat” ethical security hacker and business continuity advisor with extensive experience in the development & implementation of security-focused audit and control programs. He is highly sought-after for his expertise in: security architecture reviews; penetration/vulnerability testing; business resiliency, disaster recovery and other remediation strategies; hardware system selection and configuration; cloud application security reviews; and wireless security assessments. Mr. Anderson has a deep understanding of industry standards and extensive experience with internal controls evaluation, COSO, COBIT, ITIL, ITGCC, GLBA audits, and ISO, SOX 404 compliance requirements, including all phases of planning, evaluation, documentation, testing and remediation.