Search Blogs
Patch Management: Eliminating Vulnerabilities
GRF Cybersecurity Risk Assessment and Scorecard Blog Series The threat of cyberattacks is frightening, persistent, and can affect any organization, big or small. One way to mitigate this risk is to be sure your computer software and operating systems are up to date. Software vendors regularly release system updates, or “patches,” which are designed…
Consider a Virtual CISO to Meet Your Current Cybersecurity Challenges
By: Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal, and Darren Hulem, IT and Risk Analyst The COVID-19 crisis, with a new reliance on working from home and an overburdened healthcare system, has opened a new door for cybercriminals. New tactics include malicious emails claiming the recipient was exposed COVID-19, to attacks on…
Continuity of Operations Considerations for Nonprofits during a Pandemic
Business Continuity Plans (BCP) are important part of risk management and can include scenarios such as pandemics like the coronavirus, government shutdowns, natural disasters and cyberattacks. Risk management planning for a pandemic involves identifying risks and assessing the impact and developing mitigation strategies to manage risks. If your nonprofit does not have a plan in…
The Bow Tie Method Addresses Risk Holistically
By Jay Mui, PMP, MBA | Supervisor, Risk & Advisory Services Well if you are being literal, 17th century Croatian mercenaries would use a scarf to hold together the openings at the neck of their shirts. King Louis XIII, a great employer of these mercenaries, so enjoyed and promoted this look that it soon became…
Why Associations Are Implementing Enterprise Risk Management (ERM)
By Melissa Musser, CPA, CITP, CISA | Principal, Risk & Advisory Services For years, associations have taken a siloed approach to risk management, focusing on areas like cybersecurity. More are now widening their nets, using ERM to ensure unexpected dangers don’t derail their association. When it comes to risk management, some may think of areas…
Be Prepared: Why Enterprise Risk Management is Essential for Nonprofits
By Melissa Musser, CPA, CITP, CISA | Risk & Advisory Services Principal Corporations and organizations have long understood the value of systematic planning for worst-case scenarios to avoid unwelcome surprises, known as enterprise risk management (ERM). ERM is a proactive, multidimensional process of identifying, assessing, cataloguing, and preparing for potential negative organizational outcomes in order…
The EU’s GDPR is Applicable to US Companies. Is Your Organization in Compliance?
By Darren Hulem | Network Administrator Auditor GDPR, also known as General Data Protection Regulation (EU) 2016/679, was a regulation passed by the European Union (EU) in 2016 aimed at data protection and privacy for individuals within the EU. Enforcement, which began on May 25, 2018, has the potential to affect companies outside of the…
Vulnerability Scanning and Penetration Testing Offer Tools for a Strong Security Posture
By Darren Hulem | Network Administrator Auditor In the movies, hackers sit in front of a computer typing a few lines of code and suddenly they have access to all of the victim company’s systems. While cybercrime does not happen like it is portrayed in the movies, it has become a common theme in recent…
Keeping Your Nonprofit’s Technology Modern, Safe and Cost-Efficient with an IT Audit
For smaller or start-up nonprofits, infrastructure elements like information technology (IT) are often small and uncomplicated allowing the greatest flexibility and economy. The bad news is that while the organization is saving money, aging IT systems lack critical security features as well as the strategic and functional advantages enjoyed by peers who have prioritized IT…