Posts Tagged ‘cybersecurity’
Audit Firms, Cybersecurity Risk, and You
A member of the Public Company Accounting Oversight Board gave a speech last week about the role of audit firms in cybersecurity — and raised a point people seldom say aloud: the audit firm’s role is a relatively small one. Kathleen Hamm, a member of the PCAOB since last year, gave her remarks at a…
Read MoreOh, Joy: A New Cyber Risk
An interesting article from the New York Times recently, noting that some insurance firms are declining to cover damages from cybersecurity breaches — under the logic that those breaches were acts of war by foreign governments, rather than criminal acts by individuals; and therefore not covered by a corporation’s cyber insurance policies. The article cites…
Read MoreCyber Breach Disclosures: A Mess
Craving more information about how companies are disclosing cybersecurity breaches? Audit Analytics has a new report examining what publicly traded firms have been reporting in SEC filings — and you won’t get much guidance there, because those disclosures vary so widely. For that reason alone, the Audit Analytics report is worth reading. It shows that,…
Read MoreDOJ Plugs Cooperation, Compliance
All eyes in the compliance community might be the annual FCPA Conference happening in Washington right now, but compliance professionals might also want to note a different speech given across town Wednesday by John Cronan, deputy assistant attorney general. Cronan popped up at a Practising Law Institute event to talk about companies cooperating with law…
Read MoreSurvey: Third-Party Data Risk Still a Mess
Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…
Read MoreThoughts on IoT and Cybersecurity Risk
This week I attended the AuditWorld 2018 conference in Las Vegas, a gathering of several hundred audit and IT security executives to swap insights about cybersecurity and internal control. I wandered into a session about cybersecurity concerns for “the Internet of Things” — and wouldn’t you know it, a conversation about policy and vendor risk…
Read MoreDispatches From Securities Enforcement Forum
Scads of securities lawyers gathered in Washington on Thursday for the annual Securities Enforcement Forum, a one-day confab on all things related to enforcement actions against publicly traded companies — insider trading, FCPA, cybersecurity, whistleblower retaliation, and much more. The event is run by SecuritiesDocket.com, which follows securities enforcement just as obsessively as we follow…
Read MoreSEC Dings Firm on Poor Cybersecurity Policies
The Securities and Exchange Commission just hit an Iowa financial firm for poor cybersecurity, giving us another example of the policies and procedures firms should be implementing if they want to stay on the right side of this risk. The firm, Voya Financial Advisors, agreed to pay a $1 million penalty (without admitting any wrongdoing,…
Read MoreLet’s All Freak Over Cloud Apps, Security
Another analyst report on corporate IT use, another reason for compliance officers to reach for the antacids. This time around, a fresh report finds that use of cloud-based IT services is soaring in Corporate America — but use of smart security protocols lags far behind. Bitglass, a broker of cloud-based services, studied how more than…
Read MoreFive Steps After a Cybersecurity Meltdown
Oh, joy — your organization has been hacked. After all those penetration tests and all that employee training, some yahoos on the Internet still snuck onto the corporate network and absconded with your sensitive data. Now what? That’s always the question at one of my favorite conferences of the year: an annual gathering of internal…
Read More