January 9, 2025

Cybersecurity Summit 2024 Key HighlightsGRF’s 2nd annual Cybersecurity Symposium brought together industry leaders to discuss the evolving landscape of data privacy, cybersecurity, and enterprise risk management. The event underscored the critical importance of robust measures to protect sensitive information and manage risks in today’s digital age.

Insights from the event, held December 10, 2024, included:

Data Privacy:
Trust and compliance are essential. Organizations must align data privacy policies with consumer expectations and regulations and educate consumers on their data privacy rights.

Common Myths:
Misconceptions about data privacy include the belief that small organizations don’t need to worry about it and that cloud-stored data is always safe.

Data Inventory:
Conducting data inventories helps organizations understand what data is collected, where it is stored, and how it is processed.

Privacy Notices:
Privacy notices inform customers about data collection, usage, and their rights. They should be regularly reviewed for accuracy.

Privacy and Security Collaboration:
Collaboration between privacy and security teams is crucial. Key tips include data minimization and vendor management.

Cybersecurity Best Practices:
Essential initiatives include implementing multi-factor authentication, regularly updating systems, adopting zero-trust architecture, encrypting sensitive data, and conducting security audits.

Cyber Risk Insurance:
Cyber risk insurance is important due to the increasing number of cyber claims. Organizations should have a crisis management team to handle incidents.

IT General Controls (ITGCs):
ITGCs ensure the integrity, reliability, and security of IT systems and data.

Third-Party Risk Management:
Organizations must assess and manage risks posed by third-party vendors and suppliers.

Government Cybersecurity Requirements:
Organizations receiving U.S. Government funding must adhere to new cybersecurity standards. For Department of Defense contractors, this includes the Cybersecurity Maturity Model Certification (CMMC) framework.

Integrating NIST CSF 2.0 into ERM:
The NIST Cybersecurity Framework (CSF) 2.0 provides a unified approach to cybersecurity and risk management.

Fireside Chat:
The symposium concluded with a discussion on the importance of internal and external audits, effective collaboration between audit teams, and the benefits of penetration testing.

Presenters:

Ricardo Trujillo, CPA, CITP, CISA | Partner, Audit and Assurance, GRF CPAs & Advisors

Jodi Daniels | Founder and CEO, Red Clover Advisors

Derek Symer, CPCU | Partner, The Baldwin Group

Melissa Musser, CPA, CIA, CITP, CISA | Partner and Director, Risk & Advisory Services, GRF CPAs & Advisors

Darren Hulem, CISA, CEH, Security + | Risk & Advisory Services Senior Manager, GRF CPAs & Advisors

Mac Lillard, CPA, CIA, CFE, CISA, CRISC, CITP | Senior Manager, Risk & Advisory Services, GRF CPAs & Advisors

Ronald McLean | Internal Audit Manager, IT and Data Analytics

Orion Reynolds, CISSP, CISM | IT Program Manager at NASAA

Want more info?

GRF’s 2025 Cybersecurity Symposium is coming up December 9, 2025! Sign up below to receive updates!

Sign up for Cybersecurity Symposium Insights

Submit a topic or speaker request

Explore Cyber Resources

Questions? Contact us!

Darren Hulem

Darren Hulem, CISA, CEH, Security +

Senior Manager, Risk & Advisory Services

Email Call

Melissa Musser, CPA, CIA, CITP, CISA

Partner and Director, Risk & Advisory Services

Email Call