First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

IT

Cybersecurity in a post-Ashley Madison world

In a recent key finding, PIPEDA Report of Findings #2016-005 – Joint investigation of Ashley Madison, the Office of the Privacy Commissioner of Canada provided crucial guidance to organizations in relation to information protection and cybersecurity.

 

, , , , , , , , , ,

Real answers to common questions on cybersecurity

Every day there is something in the news about organizations generally of all different sizes that have been breached and have had to deal with the impact of the loss, compromise or destruction of data. Making key decision-makers aware of the general threat landscape is helpful, but more helpful is making them aware of the threat landscape specific to your organization.

 

, , , , , , ,

Cyber and reputation risk are dominoes

As I was reading the book, I realized that I have a problem with organizations placing separate attention to reputation risk and its management. It’s simply an element, which should not be overlooked, in how any organization manages risk – or, I should say, how it considers what might happen in its decision-making activities.

 

, , , , ,

BYOD trend poses immense challenges for organizations

No, employees aren’t bringing their own alcoholic drinks to work, but they are bringing in their own mobile devices and expecting to use them with their employers’ networks. What does that mean? Well, chances are several (if not many) of a given organization’s employees have personal smartphones or tablet computers, and they probably want to use them to perform work tasks.

 

, , , , , , , , , , , ,

The mobile workforce – it’s not coming; it’s here

Mobility is not just about technology anymore. However, chances are high that IT, specifically the CIO, will be responsible for any mobile initiatives within the company. So, CIOs need to take a broad view of mobility and understand the effect this technology will have on departments such as HR, sales, marketing, legal, security and facilities, as well as IT.

 

, , , , , , , , , , , , , ,

Securing your web

How often do you think about malware? Do you consider it a threat to your operations? Do you have a strategy to prevent malware attacks and deal with them if they do occur? Is your strategy up to date?

 

, , , , , , , , , ,

Another take on IT strategy

In a recent issue of Inside Internal Control, I discussed a report on why small and medium-sized businesses should take information technology strategy and planning seriously. Essentially, according to the Canadian Institute of Chartered Accountants, if you don’t strategize your IT, you’re probably wasting time and money just keeping up, when you could be using your resources to support your strategic business plan.

Well, I hope you didn’t rush away after reading that piece and create and implement an IT strategy…

 

, , , , , , , , , , , , , , ,

Do you need an IT business and implementation strategy?

You already know how important information technology is to your business. You’ve got a website that pushes your brand and maybe even sells your products; you’ve got an internal network that connects all of your employees to each other and the documents they need; you’ve got company email to manage, and maybe a bunch of cellphones and BlackBerrys to keep track of; you’ve got security cameras, passwords, log-ins and keycards; and you’ve got employee management systems covering attendance, payroll, benefits and more. If any of these fails, you’ve also got a big problem.

 

, , , , , , , , , , , , ,