Is Your Data Safe in the Cloud?

During a recent meeting we had with an organization, we asked their director if they had assessed the cybersecurity of the personally identifiable information they obtained from donors and employees. She replied, “We don’t need to worry about that, it isn’t on our servers. It’s in the cloud.”

Unfortunately, we had to inform her that, if the cloud service provider was hacked, her organization would share liability for the compromised data. And the penalties would include having to provide credit insurance, possible fines and penalties, and the hit to their reputation.

On top of all that, there will always be elements of security that you’re fully responsible for,

 » Read more

Safeguard Your Organization: How to Build a Meaningful Information Security Policy

Introduction

The Information Security Policy (IS Policy) is the most important security document of an organization. Ideally, it should serve as the guiding principle of an organization’s information security, providing structure and vision to ensure the organization can achieve its mission, while keeping its data safe.

The IS Policy requires a mature process to ensure its objectives are met. This article will cover the steps to creating one for your own organization.

Click here to download a more in-depth version of this piece, with a template for you to reference when building your own IS Policy.

Step 1: The Policy Statements

The IS Policy typically begins with the Policy Statements,

 » Read more

Five Security Measures for a Limited IT Budget

There’s no amount of money you can throw at cybersecurity to create a 100%, hacker-proof environment. But even on a limited budget, there are still simple steps you can take to make your organization more secure. The following are five actions and policies you can implement on a budget to keep your sensitive information safer.

(We’ll assume you already have enterprise network firewalls and anti-virus protections in place. But if not, start there!)

Internal Security Policies

Internal security policies are a great first step for any organization operating on a shoestring budget. That’s because, for the most part, they’re free!

 » Read more

IT General Controls for Financial Statement Audits

As the pace of technology advancement increases, the information systems we rely on to record and store accounting information are growing in complexity and sophistication. Financial data can be dispersed over multiple systems or “sources of truth,” leading to inconsistencies or inaccuracies that may impact business decisions.

With this greater dispersion of information, personnel may end up with too much access, leading to an increased potential of manual error in data entry or even fraud. The completeness, accuracy, and integrity of financial information is, and should be, of great concern to organizational leaders with decision making responsibilities. As such, there is greater need than ever to assess the control environment around the IT systems that produce financial data.

 » Read more

SOC Reports: What Are They, and Why Should You Request One From Your Software Provider?

Is your software provider following best practices in keeping their data, and by extension your data, safe? A System and Organization Controls (SOC) report can help you determine how closely a third-party organization is adhering to federal guidelines on cybersecurity. This article will highlight why SOC reports exist and why you should request them from your software vendors.

Third-Party Software Systems Come with Risk

While powerful technology tools have become more streamlined and available, keeping your data safe is still an uphill battle. Today, the capability to breach a system far outpaces the industry’s ability to develop secure code. This is because learning how to write secure code is most-often accomplished through on-the-job coaching and online self-learning.

 » Read more

Media Contact

Dustin VandeHoef
Marketing Manager
Clark Nuber
Phone: 425-454-4919
Contact Dustin

Subscribe to our
placeholder mailing list

View past newsletters.