by Amanda Bernard, CPA, CFE, CMA, Principal
Computers and the Internet continue to radically shift the way business is done both today and in the future. The shift toward digitization comes with new risks related to data security, an area that can be complicated and highly specialized. All business partners, including customers and employees, expect their sensitive information will be respected and given adequate protection. Due to the nature of cybersecurity risks in the current business environment, we recommend the organization, as part of its annual risk assessment process, assess its risk related to cyber- and data security.
The Computer Securities Division of the National Institute for Standards in Technology has issued a publication called Small Business Information Security: The Fundamentals that can be found at https://csrc.nist.gov/publications/detail/nistir/7621/rev-1/final. The publication is written in non-technical terms and is designed to provide smaller organizations with guidance on the proper way to manage information risk, including the “absolutely necessary” actions a small business should take to protect its information, systems and networks, highly recommended practices, and other planning considerations such as disaster recovery. The publication also includes a guide and worksheet for evaluating risks that could be useful for the organization’s risk assessment process.
If you have questions please contact your Maillie LLP representative.