Category: News

6 Benefits of Internal Auditing

Written by
Published 07/14/2020

If you want confidence that your organization is meeting its core business goals, you need internal audits. If you want to save your organization time and money and keep everything running like a well-oiled machine, internal audits will help you get there. If you want to protect your enterprise against fraud and prevent fraudulent practices, internal audits are key. If you want to reduce risks to your operations, finances, cybersecurity, and other areas of concern, internal audits will tell you what you need to do and how to do it. If you want to make sure you’re following the laws, regulations, and standards that apply to your organization—and reduce your costs and hassle when external auditors test your compliance—you’ll want…

Strategies for Digital Risk Protection

Written by
Published 06/23/2020

No lock has ever been invented that was completely secure. If an intruder really wants to get in, they usually can find a way. And yet, most of us wouldn’t leave the door to our home, office, or automobile open or unlocked overnight. Security isn’t perfect, but it can act as a deterrent, helping to keep us and our belongings safe. The same is true in the digital realm. Cybercriminals work around the clock to infiltrate our home and business networks. And often—too often—they succeed. Sometimes, yes, the threat actor is a lone hacker with only a modicum of knowledge or experience looking for a way to make money fast. But organized crime and nation-states are increasingly turning to cybercrime…

Categorized in:

How to Adjust Business Continuity Plans for COVID-19

Written by
Published 06/18/2020

Your business continuity planning (BCP) and disaster recovery (DR) and response plans may not suffice for the COVID-19 pandemic—or for any pandemic. Let’s face it: Many organizations found themselves woefully unprepared to deal with the effects of the novel coronavirus’s rapid, devastating spread. Many are still struggling. One reason for their problems: They had not included pandemic planning in their BCP/DR planning process, and so had no back-up plan to deal with a widespread, serious health care emergency. As a result, many were unprepared for public health and business operations disruptions including Absenteeism due to illness of employees or their family members Increases in sick leave payments A rapid shift to a telecommuting business model Losses of service providers and…

Categorized in:

June 2020: Compliance Certification Roundup

Written by
Published 06/09/2020

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our June 2020 roundup of compliance news from around the United States, and around the world. PCI Certification  PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. In May, The Ajman Finance Department, Ajman, United Arab Emirates, earned its PCI DSS certification for its Ajman Pay platform from ValueMentor, a global cybersecurity certification provider. Ajman Pay is a digital payment platform. Read more.…

Tags:
Categorized in:

What are the Elements of an Integrated Risk Management System?

Written by
Published 06/02/2020

Integrated risk management (IRM) is “a set of practices and processes supported by a risk-aware culture and enabling technologies that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks,” according to research firm Gartner Inc. Put simply, integrated risk management is an approach to risk management that integrates risk activities across every level of your company to enable better decision-making by your decision-makers. Elements of an integrated risk management system: Risk Identification Risk Assessment Risk Response Risk Communication Risk Monitoring Risk Identification During risk identification, your organization identifies and develops a solid understanding of its risks. You should include risks that could keep you from achieving your business objectives…

Tags:
Categorized in:

5 Strategies to Mitigate Business Risk During Coronavirus

Written by
Published 05/28/2020

Business risk in the United States may be higher during the novel coronavirus pandemic than at any time in our generation, making risk management a must. What are your strategies for risk mitigation—not only in your enterprise but up and down your supply chain—amidst COVID-19 disease outbreaks? Business interruption is a growing concern right now.  The Risks Are High A recent Pew Research Center report finds that 43 percent of small businesses are closed, at least temporarily, because of pandemic risk. And among the U.S. businesses with paid employees, 40 percent are in high-risk industries, the report states. These enterprises, in particular, are more likely to face business continuity issues including supply chain disruptions, absenteeism, cybersecurity breaches, and other potential…

Tags:
Categorized in: ,

Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

Written by
Published 05/26/2020

As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well. Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats. The situation is dire and urgent. The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) on April 8 issued a joint warning about the increased risk of a security breach that the COVID-19 pandemic has brought about. The…

Categorized in: ,

May 2020: Compliance Certification Roundup

Written by
Published 05/25/2020

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks.   Here’s our May 2020 roundup of compliance news from around the United States, and around the world. PCI Certification Roundup PCI certification and compliance are two different, but related, designations. PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA). PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council. On April 29, GreenBox POS, San Diego, completed an audit of its technology infrastructure resulting in PCI Level 1 Compliance Certification. The company builds customizable, Blockchain-based payment solutions. Read more. In late…

Tags:
Categorized in:

COVID-19: Importance of Ethical Leadership During a Crisis

Written by
Published 05/21/2020

Change is hard—and during the COVID-19 pandemic, it’s happening at breakneck speed. Your employees and business partners need to know now, more than ever before, that they can trust you to be honest and transparent with them. This is the essence of ethical leadership. We’re standing on shaky ground as the virus sweeps through our nation and upends our economy. People are losing their jobs, their health insurance, and perhaps even their savings. Some are losing loved ones to the novel coronavirus or worried that they, or others, will fall ill. Buffeted on all sides by calamity, your people need your steady hand. They need you to not only show your trustworthiness with reassuring words and honest assessments of where…

Categorized in: ,

COVID-19: User Access Management Best Practices

Written by
Published 05/20/2020

As cybercriminals step up their efforts during the COVID-19 crisis to infiltrate your information systems, identity and access management (IAM) processes are more important for cybersecurity than ever. Aimed at preventing data breaches and unauthorized access to your systems, IAM becomes more critical as more of your employees perform their work from home. The firewalls that protected your system perimeter won’t suffice any longer, because there is no perimeter. Users are dispersed, and user accounts and your business applications are in the cloud. Identity and access management can be a complex process, especially if yours is a larger organization. But it’s a valuable component of risk management and required by many compliance frameworks. User access management should be a part…

Categorized in: ,