« 3 Things You May Not Know About Not-for-Profit Board Leadership | Main | When it Comes to Financial Literacy, Small Steps Add Up Quick »

Are You Cybersecurity Ready?

Cyber compliance


The interconnected digital world has been referred to as the wild, wild West. Hackers are eagerly looking to exploit the weakest line of code in mobile devices, applications and operating systems. And those are just a few of the types of technology at risk in today’s environment.

You’ve probably heard the old adage, “you don’t bring a knife to a gun fight.” Cybersecurity is no exception. In a cyber “gunfight,” only the most prepared organizations can survive a security breach. To assist organizations in preparing for cyber incidents, the Department of Justice’s (DOJ) Cybersecurity Unit released Best Practices for Victim Response and Reporting of Cyber Incidents, out lining steps to take before, during and after a cyber attack or network breach. 

The DOJ document provides best practices and indicates that organizations connected to the Web should evaluate cybersecurity readiness by preparing prior to, in response to and for recovery from an intrusion.  

What does proper preparation entail?

  • Adopting internal risk management policies and procedures;
  • Procuring the necessary hardware and software technology;
  • Engaging experts to evaluate, test, support and monitor the condition of the environment; and
  • Developing and testing a rapid response plan to address an intrusion.

In the world of cybersecurity, a prepared and tested incident response plan can operate as an excellent defensive weapon.

The first step in your internal risk assessment should be to identify what the DOJ refers to as the “crown jewels.” This includes mission-critical needs like sustaining operations and accessing certain intellectual and personally identifiable information stored or processed.

The assumption conveyed within the DOJ document is that businesses will proactively address the risk of a cyber-intrusion. Organizations that do not take reasonable steps to prepare for, respond to, and provide evidence of recovery monitoring after a breach put their legal standard of care and data privacy at risk for litigation.

The DOJ’s best practices for cyber incident and response are further testimony that organizations that ignore responsibility for the safety of their information are potentially exposed to significant liability for failing to meet basic cybersecurity best practices. After all, these best practices provide valuable guidance that should be taken seriously by any business.

Want to learn more about cybersecurity fundamentals? The AICPA’s Cybersecurity Webcast Series with Ridge Global provides an analysis of today's cybersecurity threats, the techniques used to protect against threats, techniques for detecting when attacks happen, and effective response strategies. The first webcast broadcasts May 12 at 2:00 P.M. In addition, you can find more cybersecurity news and information on the AICPA’s Cybersecurity Resources Center.

Susan Pierce, CPA, CITP, CGMA, Associate Director – IMTA, American Institute of CPAs. Susan drives the strategic mission of providing value to the IMTA professional, the CITP credential holder and the technology engaged CPA.

Bruce Sussman, CPA, CISA, CIPT, CISSP, is PCI Global Executive for AIG in New York. He is co-chair of the AICPA’s Information Management and Technology Assurance Section’s Cybersecurity Task Force.

Cyber compliance courtesy of Shutterstock.


Comments are moderated. Please review our Comment Policy before posting.


Subscribe in a reader

Enter your Email:

CPA Letter Daily