Print Friendly, PDF & Email


Internet of Things (IoT) and Cyber Security

What Is IoT And How Do Hackers Infiltrate Your Devices? An increasing number of companies are installing Internet of Things (IoT) devices on their networks. IoT devices are typically “black box” devices, the inner workings of which are unknown to most users. For example, HVAC systems, smart fridges, computer printers, and even cars can contain IoT-enabled technology that connects through WiFi or cellular and therefore can be considered IoT devices.... continue reading

Configuration & Application Vulnerabilities in Cyber & IT Security

Despite the best efforts of IT teams, organizations continue to be plagued with IT security vulnerabilities in their systems by both internal and external threats. The most common vulnerabilities are poor configurations and outdated/unpatched systems or applications. These vulnerabilities may subject your organization to the risk of hackers gaining access to sensitive employee or client data. What are Countermeasures/Prevention Techniques? Change Management Organizations must establish and document their process for... continue reading

Common Social Engineering Cyber Attacks and Prevention Strategies

What is Social Engineering & what are the risks? The human component of cyber security is the weakest link in protecting your organization against external threats. Recently, social engineering attacks have become the most prevalent type of threat within reported cyber breaches. Social engineering is a malicious activity in which bad actors produce items such as false emails with the intent to persuade the recipient to unwittingly perform an action;... continue reading

AAFCPAs to Lead System and Organization Controls (SOC) Reporting Forum for PrimeGlobal, National CPA Firm Association

AAFCPAs’ James Jumes, MBA, M. Ed has been selected to lead the North American System and Organization Controls (SOC) Reporting Special Interest Group (SIG) for PrimeGlobal, an international association of independent accounting firms. James is uniquely qualified to lead this national SIG, which will serve as a forum for peers to share their interpretations and implementations of these complex attestation standards (Standards for Attestation Engagements No. 18 “SSAEs 18”), as well as... continue reading

AAFCPAs Earns SOC for Cybersecurity Services Certificate

AAFCPAs Earns SOC for Cybersecurity Services Certificate

AAFCPAs’ Partners James Jumes, MBA, M.Ed. and Robin Kelley, CPA, CITP, CGMA, CSPM, CCSFP have earned the System and Organization Controls (SOC) for Cybersecurity Certificate issued by The Association of International Certified Professional Accountants (AICPA). SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to voluntarily report on their cybersecurity management programs to internal and external stakeholders with credibility. Companies are under increasing pressure to manage cybersecurity... continue reading

Are You Ready for GDPR? Broad Reaching User Data Regulations Take Effect May 2018

In 2016, the European Union (EU) approved the General Data Protection Regulation (GDPR), which is effective on May 25, 2018. These regulations are much broader reaching than US CAN-SPAM or the Canadian Anti Spam law, and while many view this legislation as a positive step for consumer protection, GDPR introduces new challenges for organizations who collect and process user data of European residents. AAFCPAs’ Business & IT Advisory Practice advises clients regarding GDPR... continue reading

AAFCPAs Urges Vigilance as Clients Respond to Uptick in Whaling Schemes, Cyber Threats

AAFCPAs would like to make clients aware that within the past two weeks, we have received two accounts from clients reporting their executives have been targeted by sophisticated whaling schemes requesting transfers of money. AAFCPAs would like to take this moment to remind you again of the critical importance of taking measures to protect against malicious cyber-attacks. We encourage you to re-read and share now with your team members our... continue reading

Data Backup & Recovery Plans Can Protect Your Organization from the Consequences of Ransomware Attacks

Ransomware is one of the most prevalent forms of malicious cyber-attacks facing businesses today. “The advent of new tools that wrap victims’ data with tough encryption technology, hard-to-trace digital currency like Bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, have made this method of cybertheft much easier,” reported the NY Times. AAFCPAs advises clients to develop a Data... continue reading

Installing Patches Immediately Helps Protect Your Organization from Cyber Vulnerabilities

Cyber criminals often exploit known or not yet known vulnerabilities of the Operating System and/or other critical systems, such as a web server or a database, in order to penetrate your network/systems. In the recent WannaCry attack, hackers exploited the Microsoft Windows Server Message Block protocol and encrypted data demanding ransomware. There was a patch that Microsoft had provided but thousands of systems around the world had not yet installed... continue reading