October Designated National Cybersecurity Awareness Month

October kicks off National Cybersecurity Awareness Month (NCSAM), which is dedicated to raising public awareness on the importance of cybersecurity. Launched in 2004 by the U.S. federal government, NCSAM aims to encourage businesses and individuals to investigate potential risk along with strategies to improve the security of critical infrastructure.

Where To Start

The threat landscape continues to evolve as businesses become more reliant on technology. This is only intensified by the proliferation of remote work along with Bring Your Own Device (BYOD), cloud-based anywhere/anytime accessibility, and the introduction of Artificial Intelligence (AI) and Large Language Models (LLM) into the inventory of systems/tools to perform daily tasks. AAFCPAs is committed to helping clients take proactive measures to safeguard their financial systems, data, and reputation. To this end, we advise that clients take this opportunity to reassess cybersecurity strategies and ensure their ongoing relevance.

This can begin with a look at legacy systems, email protocol, and network management along with cybersecurity policies and practices. Revisit access control across the board to ensure resources are accessible only to those who need them. Consider mobile protocols, too, as one more important piece in the security puzzle.

Ask yourself, are the latest software updates in place?  How frequently are we conducting cybersecurity training? Are Wi-Fi networks encrypted and out of sight? Are employees using multi-factor authentication, and are they changing passwords every three months? When did we last perform a routine risk assessment? Have we updated our policies and trained our employees appropriately on AI and LLMs?

Just as important is knowing what steps an organization takes in the event of compromise. To plan proactively, develop an incident response plan if you don’t already have one in place. In this, outline roles, responsibilities, and communication protocols to be taken in the unfortunate event of a breach to expedite response, minimize disruption, and lessen financial loss.

Download our IT and Cybersecurity Health Check. >>

Clients are encouraged to utilize this resource in discussions with your IT services group and as part of a more comprehensive Enterprise Risk Management Program.

How We Help

Data breach can lead not only to financial loss but also disruptions in operations, legal liabilities, reputation damage, and compromise of personally identifiable information including credit and social security data. AAFCPAs works with clients to identify and mitigate cybersecurity risk. We can conduct a comprehensive IT/cybersecurity assessment and provide recommendations to seal exposures.

If you have questions, please contact James Jumes, MBA, M.Ed., Partner, Business Process & IT Consulting at 774.512.4062 or jjumes@nullaafcpa.com, Vassilis Kontoglis, Partner, Analytics, Automation & IT Security at 774.512.4069 or vkontoglis@nullaafcpa.com—or your AAFCPAs Partner.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.