Print Friendly, PDF & Email


October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month

Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. The Business & IT Security practice at AAFCPAs has published the following insights recently to outline the most common vulnerabilities and how to mitigate risks: IT Security Vulnerabilities... continue reading

IT Security Vulnerabilities Caused by Web Applications

Custom business applications are increasingly attractive because they allow companies to improve employee and customer user experiences with enhanced flexibility and efficiency. Some custom business app platforms tout that “creating your own custom apps is easy, even if your programming knowledge is non-existent.” However, this ease and accessibility can lead to unanticipated security vulnerabilities. According to Impervia, in 2018, web application security vulnerabilities increased by 23% from 2017 and by... continue reading

Internet of Things (IoT) and Cyber Security

What Is IoT And How Do Hackers Infiltrate Your Devices? An increasing number of companies are installing Internet of Things (IoT) devices on their networks. IoT devices are typically “black box” devices, the inner workings of which are unknown to most users. For example, HVAC systems, smart fridges, computer printers, and even cars can contain IoT-enabled technology that connects through WiFi or cellular and therefore can be considered IoT devices.... continue reading

Configuration & Application Vulnerabilities in Cyber & IT Security

Despite the best efforts of IT teams, organizations continue to be plagued with IT security vulnerabilities in their systems by both internal and external threats. The most common vulnerabilities are poor configurations and outdated/unpatched systems or applications. These vulnerabilities may subject your organization to the risk of hackers gaining access to sensitive employee or client data. What are Countermeasures/Prevention Techniques? Change Management Organizations must establish and document their process for... continue reading

Eye on Cyber: A Day in the Life of an Ethical Hacker

Listen to Podcasts:   “Innovation, organization, and sophistication—these are the tools of cyber attackers as they work harder and more efficiently to uncover new vulnerabilities,” reports Symantec in their 2018 Internet Security Threat Report. Ethical hacking services are a great way for organizations to unearth security weaknesses before they can be exploited by online criminals. In this instructive session, AAFCPAs’ IT Security professionals James Jumes and Vassilis Kontoglis go behind the disguise with our... continue reading

Common Social Engineering Cyber Attacks and Prevention Strategies

What is Social Engineering & what are the risks? The human component of cyber security is the weakest link in protecting your organization against external threats. Recently, social engineering attacks have become the most prevalent type of threat within reported cyber breaches. Social engineering is a malicious activity in which bad actors produce items such as false emails with the intent to persuade the recipient to unwittingly perform an action;... continue reading

SOC Report Approach & Timeline

This report highlights the approach, responsibilities and timeline for a three phase System and Organization Controls, SOC 2 Report.  AAFCPAs has provided this resource in an effort to help management of service organizations better understand SOC examinations and how to prepare for a SOC 2 engagement.

Which SOC Report is Right for Your Organization

This infographic provides a brief overview of the main differences between SOC 1, SOC 2, and SOC 3 reports. These insights will help ensure you are providing your management, customers, and prospective customers with the optimal levels of attestation without paying for more than you need to.

AAFCPAs to Lead System and Organization Controls (SOC) Reporting Forum for PrimeGlobal, National CPA Firm Association

AAFCPAs’ James Jumes, MBA, M. Ed has been selected to lead the North American System and Organization Controls (SOC) Reporting Special Interest Group (SIG) for PrimeGlobal, an international association of independent accounting firms. James is uniquely qualified to lead this national SIG, which will serve as a forum for peers to share their interpretations and implementations of these complex attestation standards (Standards for Attestation Engagements No. 18 “SSAEs 18”), as well as... continue reading

AAFCPAs Earns SOC for Cybersecurity Services Certificate

AAFCPAs Earns SOC for Cybersecurity Services Certificate

AAFCPAs’ Partners James Jumes, MBA, M.Ed. and Robin Kelley, CPA, CITP, CGMA, CSPM, CCSFP have earned the System and Organization Controls (SOC) for Cybersecurity Certificate issued by The Association of International Certified Professional Accountants (AICPA). SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to voluntarily report on their cybersecurity management programs to internal and external stakeholders with credibility. Companies are under increasing pressure to manage cybersecurity... continue reading