Search
Certified Public Accountants
& Business Consultants

Cyber Security Services

CyberSecurity_Cycle.pngIt’s a matter of when, not if, you will be impacted by a cyber security event. Cyber crime is a low-risk, high reward, endeavor for criminals, and with high enough returns it is attracting highly organized and sophisticated criminals. The attack surface available to these criminals is global, anyone connected to the internet is a potential target and with the fragmented global legal enforcement, cyber criminals often act with no fear of criminal prosecution. The increased volume and sophistication of the threats means anyone connecting to the internet must use a continuous process of assessing and addressing threats and vulnerabilities. Quickly identifying and addressing vulnerabilities, minimizes the risk of compromise and breach. RubinBrown can help organizations design, plan and preform these assessments.

 

Cyber Security Services from RubinBrown

RubinBrown’s Cyber Security Services team monitors emerging threats and trends, develops tools and methodologies to address them, and delivers specialized services to organizations seeking independent third party security services. CyberSecurity-Penetration-Testing-Graphic.pngOur services range from technical security testing, to high level security assessments, security compliance assessments and security consulting:

  • Cyber Security Health Checks
  • Network Penetration Testing
  • Web Application Security Assessments
  • Phishing & Social Engineering Assessments
  • Security Compliance for NIST, HIPAA, PCI DSS, FERPA, FFIEC, NCUA and many more
  • Policy and procedure assessments and updates
  • On-demand CISO Support
  • SOC2 controls readiness, consulting and attestation services

One size does not fit all. Most clients’ security requirements are unique, changing as new threats emerge and your organization grows. The Cyber Security Services leadership has decades of experience performing hundreds of projects. We have the experience and understanding to adapt our approach to your needs and requirements.

Our information security projects deliver several layers of feedback including:

  • Actionable, management and board-ready deliverables
  • Tactical and strategic recommendations customized to your environment
  • Technical details with supporting information including raw data, analysis and recommendations for knowledge transfer
  • Security compliance analysis to address the regulatory and compliance issues relevant to your environment

When is the last time you assessed your cyber security?

Do you have audit, regulatory or compliance requirements for periodic security testing?

Does your organization have critical information or systems? How are they protected?

Do you know where and how your critical data is collected, processed, stored and eventually destroyed?

Is your security awareness training effective? Do you have issues with phishing emails, ransomware or other types of social engineering?

Are your vendors held to the same security standard as you? Do you have evidence to support?

  • Certified professionals including:
    • CISSP
    • CEH
    • CISA
    • CRISC
    • ISSMP
    • ITIL
    • PMP
    • Advanced SOC for Service Organizations Certificate
  • Specialized security skills, decades of experience and a voice of reason
  • Scalable solutions for security assessments and security compliance
  • Global delivery capabilities through the Baker Tilly International network

08/20/2020

Focus on Cyber Security: Security Weakness in Electronic Logging Devices (ELD)


On July 21, 2020, the FBI issued a Private Industry Notification (PIN 20200721-001) describing an industry and academic study performed on a set of self-certified ELDs identifying a number of security vulnerabilities.

05/07/2020

COVID-19: Cloud Security Health Check


The COVID-19 pandemic has forced many organizations to rapidly adopt cloud solutions for email, office applications, collaboration and conferencing.

04/13/2020

COVID-19: Themed Cyber Attacks


Law enforcement around the world are sending out alerts warning of increased attacks and fraud attempts as the world deals with the COVID-19 pandemic.

03/25/2020

COVID-19: Phishing and Fraud on the Rise


The COVID-19 pandemic is forcing changes on us and our workforce. Working from home, expanding use of collaboration solutions, and leveraging the cloud to stay productive are all positives we can carry forward as the pandemic winds down. Along with these, we are also seeing significant increases in phishing attacks and online fraud.

10/02/2019

Focus on Cyber Security: October is Cyber Security Awareness Month


Own IT. Secure IT. Protect IT. October is the 16th Annual National Cyber Security Awareness Month and a great time to update your security awareness training program – or start one.

05/31/2019

Focus on Gaming: The Intersection of Online Gaming, Cyber Security, and State Gambling Laws


Cyber security has to be embedded into the compliance fabric of online gambling operators and decision makers. Security is not something bolted on after a new online application is created, it has to be integrated using security by design.

04/30/2019

Focus on Cyber Security: Human Firewall or the Weakest Link - Preparing Your People


Email phishing attacks are sent to us at work, home and anywhere else we have email. Most of us use email filters to check these emails and cut down the number of bad messages we receive, but sometimes these filters can be bypassed. Avanan’s Global Phish Report analyzed more than 55 million emails and found that 1 out of every 100 contained a phishing attack.

02/08/2019

Focus on Cyber Security: Requirements in the Colorado Protections for Consumer Data Privacy (HB18-1128)


In response to the increasing number of massive data breaches over the last several years, the Colorado legislature passed new requirements for protecting the personal information of Colorado residents. The Colorado Protections for Consumer Data Privacy (HB18-1128) applies to public and private organizations that handle, process, store or otherwise have access to electronic or printed personally identifiable information (PII) of Colorado residents.

08/27/2018

Focus on Cyber Security: Changing Technology and the Role of CPA Firms


With the rapid pace that technology evolves, understanding how those changes can impact business is important.

08/27/2018

Focus on Cyber Security: Takeaways from the 2018 DefCon Hacking Conference


This year marked the 26th annual DefCon, the annual hacker conference attended by thousands of people ranging from high school students to well-known security researchers and infamous personalities in the industry.

06/11/2018

Focus on Cyber Security: GDPR – A Common Sense Approach


The General Data Protection Regulation (GDPR) went into effect on May 25, 2018. With fines as high as €20 million or 4% of global revenues, the GDPR cannot be ignored. How do you know if the regulation applies to your organization and how can you comply?

02/21/2018

Focus on Cyber Security: Web Application Security – Secure Your Web Application From Cyber Criminals


Web application vulnerabilities are a top target for cyber criminals. Websites, applications, servers and supporting infrastructure are exposed to the internet via web applications and thus are under constant attack. Many organizations perform network vulnerability scans on internet facing networks and systems, but often ignore web applications. The tests included in the network vulnerability scans generally do not test web applications and certainly do not perform deep vulnerability testing inside the application.

01/31/2018

Focus on Cyber Security: Penetration Testing – Why pay someone to try and break into your network?


RubinBrown Cyber Security Center of Excellence – Security You Need to Know. Testing your cyber security on a regular basis is part of sound strategy to identify and eliminate risks in the environment. Penetration testing, or "white hat" hacking, tests the external and internal network to assess the effectiveness of controls. Whether you are demonstrating due care in addressing cyber security threats or addressing compliance requirements, penetration testing is a core component of regular security assessment efforts.

09/29/2017

Focus on Cyber Security: Early Lessons Learned from the Equifax Breach


Powerful reminders about protecting your organization from a data breach. The Equifax breach has all the indicators of being the most costly data breach of our times. Over 143 million individuals affected, international impacts, poorly handled communications and distributing wrong information during the initial days after the announcement.

05/18/2017

Focus on Cyber Security: Global Ransomware Attack


The WannaCry (aka WannCrypt, WannaCrypt0r 2.0 and Wcry) global ransomware attack raises significant concerns about wide scale attacks from self-propagating ransomware. It appears the initial threat has been stopped by malware researcher MalwareTech. However, the underlying threat is still present and there is consensus copycat (and better designed) attacks are imminent.

01/26/2017

Focus on Cyber Security: Vulnerability Management


RubinBrown Cyber Security Center of Excellence – Security You Need to Know. New vulnerabilities are identified every day. Most of us have workstations set to auto-update, servers and applications are handled by the systems administrators, but there are more and more products, devices and applications in our environments. How do you track the patches and updates for all those manufacturers and providers?

10/18/2016

Focus on Cyber Security: October is Cyber Security Awareness Month


Training Resources to Reduce your Risk. We all need security awareness training. Whether you just know it, it is required for compliance or a recent security assessment recommended it, we all know we need more security awareness training. Great News! October is National Cyber Security Awareness Month!

09/28/2016

Focus on Cyber Security: Cyber Attest - The Changing Landscape


We are on the brink of a major shift in the cyber security landscape. Cyber attest allowing a focus on the entire cyber risk environment as well as a focus on particular systems. New proposed legislation, PCAOB discussions and new criteria from the AICPA on cyber attestation standards are all signs of impending changes that will require cyber security integration throughout the environment to provide transparency and assurance. Here are some of the proposed changes we believe could change the cyber security landscape.

09/09/2016

Focus on Cyber Security: Protecting Against Cyber Extortion


Prevent, detect, recover and above all else prepare. Ransomware holding data hostage. Threats to release sensitive information. Disruptive denial-of-service attacks. All are extortion schemes used by cyber criminals to separate you from your money. Extortion schemes are not new, but cyber criminals are constantly looking for new ways to use our technology against us.

07/07/2016

Focus on Cyber Security: Maintaining Security When Using Amazon Web Services


Moving data storage and processing to the cloud has been a growing trend for several years. As companies realize maintaining expensive computing infrastructure resources are no longer necessary, businesses are considering services like Amazon Web Services (AWS) to handle their infrastructure needs.

03/03/2016

Focus on Cyber Security: U.S. Government Ramping Up on Cyber Security


The Cyber Security National Action Plan – what to expect. On the surface the news of the Cyber Security National Action Plan sounds impressive – increasing the federal government’s investment in cyber security by 35% to $19 billion and creating a Federal Chief Information Security Officer position.

02/16/2016

Focus on Cyber Security: Your Internet Explorer Could Be Exposed


Microsoft Ending Support for Internet Explorer 8, 9 and 10.

Why do you need to care Microsoft ended support on Internet Explorer 8, 9 and 10 on January 12, 2016? We all use web browsers all the time. In fact, you may be reading this with a web browser right now. If you, or your organization, still use any of those versions of Internet Explorer you will no longer receive patches and updates, putting your system and organization at risk.