Baker Tilly
Contact us
Thumbprint used for increased security

Cybersecurity

Proactively protect and address your cybersecurity and information technology (IT) risks.

Cybersecurity

  1. Webinar
    due diligence with a SOC 2 examination

    How to bolster vendor due diligence with a SOC 2

  2. Article
    common challenges key considerations SOC report

    Common challenges and key considerations when using or reviewing a SOC report

  3. Article
    Capitol building reflection at sunrise

    Strategies to address the new SEC cyber disclosure rule (and how to do it!)

  4. Article

    Technology and its implications on class action

  5. Article
    Sun reflecting off of colorful building

    The rise of proactive assurance, and why it’s here to stay

  6. Article
    U.S. Capitol Building reflecting on water in Washington, D.C.

    New SEC cyber incident disclosure marks first-time cybersecurity disclosure requirement across the capital markets

  7. Article
    zero trust security model verify

    Never trust, always verify. But how?

  8. Case Study
    private jet company undergoes network scanning’

    Network scanning tools test prove private jet charter company's wireless network is secure

  9. Case Study
    grocery stores undergo vulnerability scanning

    Multilocation grocery store enhances internal IT practices as a result of vulnerability scan

  10. Case Study
    financial services company confirms security to minimize risk

    Financial services company confirms security of web-facing applications and minimizes risk

  11. Case Study
    city external penetration test

    City identifies weaknesses in security protections after external penetration test

  12. Article
    Risks and controls RPA solutions

    Identifying risks and controls when implementing RPA solutions in a SOX environment

  13. Article
    IT professionals working at table together in office on cybersecurity

    The missing piece of your network security

  14. Article
    Team members discuss strategy in a meeting

    HITRUST FAQ

  15. Podcast
    Closeup view of cables in server room protecting from cyber attacks

    Healthy Outcomes: The current state of cybersecurity in the healthcare industry 

  16. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  17. Webinar
    Advisor meets with clients

    Women in white collar crime

  18. Webinar
    handshake

    The importance of KYC in today's risk landscape

  19. Webinar
    Conference attendees access data on mobile devices during session break

    The art of profiling

  20. Webinar
    IT professionals working at table together in office on cybersecurity

    Renewing focus on internal controls

  21. Webinar
    Lights and cables running through server room

    Mounting a defense against ransomware: how to manage your risk

  22. Webinar
    Lights and cables running through server room

    Modern compliance

  23. Webinar
    typing on computer

    Taking the blinders off: the importance of an effective compliance program

  24. Webinar
    business professional people talking

    Why good people do bad things and how to spot a moral meltdown

  25. Webinar
    Building facade

    Fraud fight: the growing pressure to do better at finding fraud

  26. Webinar
    Team of IT professionals working on program in office

    Cash flow, gender and internal controls

  27. Webinar
    Office building courtyard with trees

    Environmental, social and governance (ESG) discussion

  28. Webinar
    Woman interacts with data

    Digital asset governance

  29. Webinar
    Digital tools: phone, computer and notepad

    Compliance: from caremark to certification

  30. Webinar
    Team of professionals working on computer

    Crisis management: ensuring business resiliency through crisis preparedness

  31. Resource
    Baker Tilly Fraud Summit

    Baker Tilly Fraud Summit 2023

  32. Webinar
    Consultants review software development code

    Strategy check: evaluating your cyber program to strengthen assurance

  33. In the News
    ransomware attack at a business

    More Malware, Less Ransomware in Higher Ed

  34. Resource
    Professional walking through office using digital tablet

    Governance dashboard for market intelligence

  35. Webinar
    Digital connectivity displays on world map

    Data analytics as the silent whistleblower

  36. Article
    University campus during the daytime

    How higher education and research institutions may benefit from using HITRUST to navigate research data security requirements

  37. Case Study
    software automation data screen

    Testing of software company's web portal boosts confidence in security measures

  38. Case Study
    Data dashboard coming out of laptop

    Multinational government contractor updates training after phishing prevention campaign uncovers vulnerabilities

  39. Case Study
    Cookies being produced in factory

    Food producer improves network security after disabling unused networks

  40. Case Study
    Rising interest rates, financial growth

    Debt consolidation company closes security vulnerability after successful external penetration testing

  41. Case Study
    Cars lined up on display at dealership

    Multilocation car dealership updates patching inventory after internal vulnerability scan

  42. Article
    Energy plant with abstract data points

    Energy and utilities sector faced with cybersecurity risks

  43. Article
    Woman at a computer analyzing data

    NIST 800-53 Revision 4 to Revision 5 comparison tool

  44. Article
    Two professionals meet at a computer to review analytics

    Four key concepts to consider when using advanced reporting solutions in your SOX program

  45. Article
    Together, team members climb a mountain to reach the summit

    Getting risk appetite right in uncertain times

  46. Article
    Abstract circle arches

    Dynamic risk landscape creates challenges regarding talent, cybersecurity and ESG

  47. Article
    Man looking at data points

    Data mapping: building a strong foundation for cybersecurity and data privacy

  48. Webinar
    Data dashboard coming out of laptop

    Cybersecurity trends: what to expect in 2023

  49. Article
    casual work space office

    How to build an effective IT audit team during a time of skilled resourcing shortages

  50. Whitepaper
    Thumbprint used for increased security

    2023 Cyber Predictions

  51. Article
    Data-driven manufacturing

    Top 5 manufacturing and distribution cybersecurity risks

  52. Article
    Consultants review software development code

    Cybersecurity risks affecting software and technology companies

  53. Article
    Man looking at window of data

    Are you overlooking a key component to cybersecurity risk management? 

  54. Article
    cyber risk manufacturing distribution

    Reducing cyber risk and protecting against a ‘perfect storm’

  55. Article
    team member talking digital screen

    Panel discussion: Smart buildings ARE networked systems

  56. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  57. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  58. Article
    people office

    Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges

  59. Whitepaper
    Building courtyard with trees

    The evolving risk landscape

  60. Article
    risk_touching_gears

    Utilizing penetration testing to enhance internal audit activities

  61. Article
    Team collaborates on client project

    Easing cyber insurance woes using key controls 

  62. Podcast
    Cybersecurity professionals performs a risk assessment at a computer

    Higher Ed Advisor: designing an effective cybersecurity strategy to safeguard institutional data and research

  63. Article
    Team strategy meeting in conference room overlooking city

    How to manage cyber risks when cyber insurance costs rise

  64. Article
    Health plan achieving interoperability compliance

    Healthcare organizations face a daunting cybersecurity landscape

  65. Article
    Government building pillars with American flag

    Top five digital opportunities for the public sector

  66. Case Study
    Woman votes on a referendum on election day

    State government implements cybersecurity program to prevent ransomware attacks at election offices

  67. Article
    Data, cybersecurity on laptop

    Small business cybersecurity risk: Cyberattacks don’t care how big your business is

  68. Resource
    hands working on report

    Which SOC report is right for your organization?

  69. Article
    man protects firm from cybersecurity risks

    New York Department of Financial Services updates cybersecurity requirements for financial services organizations

  70. Article
    Woman interacts with data

    Combating the rising costs of cyber insurance: how we got here, and what organizations can do

  71. In the News
    cyber cords crossing

    Pointers on Preventing Ransomware

  72. Webinar
    woman-in-front-of-computer

    Cybersecurity vulnerabilities and CMMC update for small businesses

  73. Article
    People shaking hands at a meeting

    Cybersecurity Maturity Model Certification (CMMC) Q&A

  74. Article
    Business professionals works at office computer

    CMMC 2.0: five key changes for government contractors

  75. In the News
    Cybersecurity professionals performs a risk assessment at a computer

    Fighting an unrelenting war – how business can be safe from cyberattack

  76. Webinar
    Finger pressing data on a screen

    Research security: what auditors must know in 2022

  77. Article
    Thumbprint used for increased security

    Public sector internal auditors most concerned by cybersecurity, data and talent risks

  78. Podcast
    Programmer performs systems testing on software

    BuzzHouse: How to protect your company from cyber threats

  79. Article
    Abstract data storage

    How NIST 800-171 Revision 3 may impact CMMC

  80. In the News
    View of the U.S. Capitol Building at night

    CMMC 2.0: Five Key Changes For Government Contractors

  81. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  82. Article
    securing your family office from a ransomware attack

    Managing your family office's risk against a ransomware attack

  83. Article
    Closeup of circuitry on computer

    Cybersecurity and data privacy: recognizing the risks facing NFP organizations

  84. Article
    cybersecurity businessman touching web

    SEC proposes improved uniformity and comparability of cybersecurity disclosures

  85. Webinar
    people walking

    The rise of the SEC Whistleblower Program

  86. Webinar
    Data server center

    Fraud Summit: Managing your risk against a ransomware attack

  87. Webinar
    Business professional viewing data and graphs on tablet

    Leveraging data in investigations

  88. Webinar
    Magnifying glass

    Important trends in white collar criminal investigations and prosecutions

  89. Webinar
    Conference room in advance of a board meeting

    Fraud and corporate governance: the board’s role in preventing and dealing with fraud

  90. Webinar
    people raising hands for Q&A

    Fraud allegations and the media: a guide to surviving the spotlight

  91. Webinar
    Government building with waving flag

    Deciphering Elizabeth Holmes: what went wrong?

  92. Webinar
    Woman at a computer analyzing data

    Cybersecurity: to infinity and beyond

  93. Webinar
    Team discusses client needs in an office

    Control activities vs. control environment: how the latter drives the former

  94. Webinar
    Consultants review an audit report prior to a finance committee meeting

    Continuous auditing within the compliance program

  95. Webinar
    Conference room in advance of board meeting

    Caremark and the impact on compliance

  96. Webinar
    abstract_people_technology_city

    Beyond three lines: the collaboration imperative for connected risk

  97. Webinar
    Finance executive analyzes cash on hand report

    AML and KYC emerging trends

  98. Webinar
    man analyzing computer data

    A deeper dive into cyber crime, cryptocurrency and illicit finance

  99. Article
    Person driving a vehicle

    Building sustainable compliance for dealerships in response to the new FTC Safeguards Rule

  100. Article
    Team working to analyze data and software

    New HITRUST assessments rise to meet the need for varying assurance levels

  101. Article
    Team meeting around a computer to analyze data

    Crisis management: three things all businesses should review now

  102. Podcast
    Cybersecurity data screen

    Healthy Outcomes: The value of cybersecurity in the healthcare industries

  103. Webinar
    hands typing on laptop

    Insurers and cybersecurity: What will 2022 look like?

  104. Webinar
    Woman looking at data visualization on tablet

    Demystifying HITRUST assessment types: bC, i1 and r2

  105. Podcast
    Data analyst performs market research from various sources

    Higher Ed Advisor: Lehigh University: how cybersecurity and compliance enable revenue generation in higher education

  106. Article
    risk two people climbing a mountain

    Fraud risks in the cannabis industry

  107. Article
    Woman works on computer at night

    Mitigating cyber risk with HCM Advanced Controls

  108. Webinar
    Board meeting at a conference table

    Managing NFP cybersecurity risks through board governance

  109. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  110. Article
    abstract data

    Data Privacy Day 2022: Resolve to be in front of privacy ... not behind it

  111. Whitepaper
    hands typing on laptop

    2022 Cyber Predictions e-book

  112. Webinar
    Car lights speed through valley

    Industry perspectives on CMMC 2.0

  113. Article
    Closeup of circuitry on computer

    Managing cyber risks Part 3: business interruption losses

  114. Article
    People in a crosswalk from above

    Managing cyber risks Part 2: Cyber insurance policies

  115. Podcast
    Fed Talks podcast series

    Fed Talks: CMMC 2.0

  116. Article
    cybersecurity of personal health information

    COVID business shifts change but don’t stop robust HITRUST evaluations

  117. Webinar
    Professionals collaborate in team meeting

    CMMC 2.0: five changes to navigate

  118. Webinar
    NIST Cybersecurity (CSF) assessment

    How to perform a NIST Cybersecurity (CSF) assessment in seven easy steps

  119. Article
    Cyber

    Managing cyber risks Part 1: IT contracts

  120. Webinar
    protected health information

    HITRUST panel: lessons learned from a year of remote HITRUST validations

  121. Resource
    Man consults on the phone while working on the computer

    Ransomware prevention guide

  122. Article
    information traveling to the cloud

    How to mitigate your risk when doing business on the cloud

  123. Webinar
    government contractors need to respond to new supply chain requirements

    Dealing with ever-increasing supply chain risk requirements

  124. Webinar
    Woman looking toward the future

    Utility University: Putting “now, for tomorrow” into practice

  125. Article
    Woman works on computer at night

    Ransomware: understanding the risks and recognizing the threats

  126. Article
    aerial view of a fort

    Mounting a defense in the ransomware war

  127. Article
    Team members review successful project on a tablet

    Elevating IT SOX programs through PCAOB inspection results and staff outlooks

  128. Webinar
    ransomware attack at a business

    Managing your risk against a ransomware attack

  129. Case Study
    Team of consultants analyzes data on the computer

    Investment firm manages risks across large portfolio through ongoing cyber health checks

  130. Case Study
    speed of technology blur

    NCDIT simultaneously undergoes HITRUST and NIST 800-53 readiness

  131. Article
    Protecting your institution with effective cybersecurity governance

    New cyber law impacts Wisconsin insurers

  132. Webinar
    People looking at cybersecurity screens

    Cybersecurity risk management: mitigating vulnerabilities in the cloud

  133. Article
    Medical professional works on a computer with a stethoscope

    Pharmaceuticals distribution in a post-COVID-19 economy: insurance considerations for logistics and distribution

  134. Article
    Professional working remotely

    Cybersecurity awareness remains key for post-pandemic remote workforce

  135. Article
    Supply chain risk management

    Beyond the headline: examining the Biden cybersecurity executive order

  136. Article
    Woman reviews NIST SP 800-161 Revision 1

    NIST SP 800-161 aims to reshape supply chain risk management: What does it mean for government contractors?

  137. Webinar
    woman with multiple computer screens monitoring cybersecurity

    CMMC preparation: minimize competitive barriers and grow your federal business

  138. Article
    Protecting your institution with effective cybersecurity governance

    NY cybersecurity regulation consent order shows need for adequate compliance program

  139. Podcast
    Fed Talks podcast series

    Fed Talks: Zero Trust thirty: reflections on cybersecurity

  140. Article
    View of a computer server room

    Cybersecurity considerations across the life cycle of a deal

  141. Webinar
    Abstract data

    CMMC for construction contractors: a practical examination

  142. Resource
    Abstract data

    Baker Tilly Fraud Summit 2022

  143. Article
    Healthcare data and cybersecurity risk management on an ipad

    HIPAA: get serious about identifying your organizational cybersecurity risks

  144. Webinar
    Cybersecurity

    Real and present maritime cyber security challenges for ship operators, insurers and lawyers

  145. Webinar
    Team meeting at a computer

    NIST 800-53 Revision 5: preparing for the transition

  146. Article
    Protecting your institution with effective cybersecurity governance

    Lions and gazelles - the reality of the cyber jungle

  147. Article
    Cybersecurity and data server at a not-for-profit organization

    Aligning your cybersecurity framework with your organization's mission

  148. Webinar
    Supply chain man working on tablet

    Insurance hot topics virtual series: the evolving insurance cybersecurity program

  149. Whitepaper
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    2021 cyber predictions e-book

  150. Article
    Polaris IT services

    Find your path to Polaris: important takeaways from the draft to GSA’s latest GWAC

  151. Resource
    Conference room in advance of a board meeting

    NACD (National Association of Corporate Directors)

  152. Article
    Woman managing cloud technology on laptop

    Managing security risks when using third-party hosted solutions

  153. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  154. Article
    Woman managing cybersecurity risks in the cloud

    Managing cybersecurity risks in the cloud

  155. Article
    Cybersecurity on laptop with mobile icons

    Taking a risk-based approach to cybersecurity

  156. Webinar
    CMMC what to expect during official assessment

    CMMC: What to expect during an official assessment

  157. Webinar
    CMMC guidance

    Your CMMC timeline: expert guidance for today and preparing for tomorrow

  158. Webinar
    IT general controls and cybersecurity for public sector

    Stay in control: IT general controls and cybersecurity for public sector

  159. Article
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    New dog, old tricks – how the cyber insurance market can learn from the property market

  160. Article
    Cyberattacks and intellectual property loss

    Cyberattacks and intellectual property loss

  161. Article
    data privacy points across the globe

    Five things you need to know to optimize your company’s approach to data privacy and cybersecurity

  162. Article
    Cyber risk management framework in a virtual environment

    NIST releases SP 800-53 Revision 5 and SP 800-53B

  163. Article
    Healthcare professionals discussing cybersecurity and ransomware attacks

    Healthcare industry seeks enhanced cybersecurity controls in the face of rising ransomware attacks

  164. Webinar
    Professional working remotely

    Cybersecurity and business continuity challenges in the work-from-home era

  165. Webinar
    U.S. Capital Building reflection in a nearby building

    Are you ready for CMMC?

  166. Article
    Consultant uses data analytics to address strategic growth

    Data strategy canvas discussion: identifying opportunities and developing actionable solutions for your data

  167. Article
    contractors documenting changing terms of the Paycheck Protection Program (PPP)

    Preparing for the economic recovery: strategies to help contractors succeed in a changed business environment

  168. Webinar
    CMMC cybersecurity success hands

    Ensure CMMC success: seven common scoping mistakes to avoid

  169. Webinar
    Bike wheel spinning

    Data security and shop floor integration/IIoT

  170. Article
    Taking notes while working at a computer

    Section 889 Part B is now in effect – are you ready to respond on day one?

  171. Article
    Man working on a tablet at night

    CMMC: preparation is paramount

  172. Article
    Video conference of a medical professionals

    The rise of telehealth and the importance of cybersecurity

  173. Article
    Factory plant

    Pressure testing supply chain management: What do today’s challenges mean for government contractors?

  174. Webinar
    Dark Web: cybersecurity and the biggest threat facing your organization

    Cybersecurity Maturity Model Certification (CMMC) readiness series – Part II

  175. Article
    office building windows in the city

    Cybersecurity Maturity Model Certification (CMMC) impacts on the research enterprise at higher education and research institutions

  176. Webinar
    IT audit consultant analyzes data on a computer

    Critical cybersecurity considerations with a remote workforce

  177. Case Study
    Man works remotely with phone, reports and computer

    Baker Tilly guides city to enhance IT department operations

  178. Webinar
    Blue lighting in server room

    SOC considerations through the COVID-19 lens

  179. Webinar
    Looking in on a board meeting

    Understanding CMMC and the implications for DoD contractors

  180. Webinar
    Man working at a computer from home

    CMMC is here, time to move to the cloud

  181. Multimedia
    Webinar series hero

    Simon Oddy discusses mitigating impacts of COVID-19 on insurers and policyholders for supply chain and cybersecurity risks

  182. Podcast
    Baker Tilly podcast

    Mitigating impacts on insurers and policyholders for supply chain and cybersecurity risks from COVID-19

  183. Article
    Businessman reviews report data

    Important cybersecurity tips while working remotely

  184. Multimedia
    Webinar series hero

    Derek Royster discusses insurance industry exposure during COVID-19

  185. Article
    Neighborhood street leading to state and local government building

    Cybersecurity Maturity Model Certification (CMMC) raises the bar for contractors

  186. Article
    Woman working at a computer

    IT audit for remote work environments during COVID-19 crisis, through recovery

  187. Article
    Doctor reviews patient data on computer

    Technology due diligence in healthcare

  188. Article
    Professional works remotely from home

    Cybersecurity hygiene for individuals working or learning remotely

  189. Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

  190. Multimedia
    geometric ceiling

    Can your IT SOX program withstand the PCAOB?

  191. Webinar
    Keeping your organization aligned with the SEC's cybersecurity guidance

    Keeping your organization aligned with the SEC's cybersecurity guidance

  192. Article
    Classroom

    Cybersecurity issues in research: can higher education institutions keep up with research data security requirements?

  193. Article
    Risky business: Protect your government from cyber threats

    Risky business: protect your government from cyber threats

  194. Webinar
    How Willis Towers Watson successfully moved its global HR operations to the cloud

    Healthcare and the cloud: utilizing cloud computing for more effective healthcare data security

  195. Whitepaper
    Data breaches pose increasing risk to healthcare organizations

    2020 Cyber Predictions

  196. Article
    Server room

    The road to CIO-SP4: uncharted but not entirely uncertain

  197. Article
    View from below of a blue interior staircase

    FEDSIM brings proposal teams to attention: how to prepare for ASTRO launch

  198. Press Release
    Two women working together at a computer, discussing privacy and risk management

    Baker Tilly Partners with CENTRL to Help Clients Enhance Privacy Compliance and Risk Management

  199. Podcast
    team members walk through office

    SOC 2 and data security’s impact on insurance companies

  200. Webinar
    Internal server

    Cybersecurity threat briefing: managing emerging threats and risks

  201. Case Study
    Three doctors standing together in a hospital hallway

    National marrow donor program implements cybersecurity controls to protect sensitive patient data

  202. Webinar
    cyber curcuit board

    Protecting you and your family business against cyber risks

  203. Webinar
    ceiling lines

    Protecting your next investment: The importance of technology due diligence

  204. Article
    Empty conference room

    Authentication: Do we really need to use crazy passwords?

  205. Webinar
    Various meeting notes pinned to a board

    Privacy compliance: ensuring compliance with CCPA and beyond

  206. Article
    Stairs and columns outside government building

    New state data breach notification laws have near-term impact

  207. In the News

    It only takes three seconds

  208. Press Release

    More than 25% of Healthcare Organizations Rate Cybersecurity as Their Greatest Concern

  209. Webinar
    Stack of papers

    The NAIC Insurance Data Security Model Law: Preparing for your state’s next cybersecurity examination

  210. Press Release

    Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

  211. In the News

    Investment in Cybersecurity is Key to Minimizing Risk and Gaining a Competitive Edge

  212. In the News

    Cyber risks weaken links in supply chains

  213. Article
    Hospital groups threaten to sue over site-neutral payment cuts

    Navigating the NAIC Insurance Data Security Model Law

  214. Webinar
    weather radar indicates storm warning

    Understanding privacy regulations and compliance

  215. Article
    prepare to answer questions about cybersecurity

    Audits hone in on cybersecurity

  216. Webinar
    Software and technology

    Cybersecurity oversight: the board and C-suite’s perspectives

  217. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  218. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  219. Article
    Storm tracking radar

    European Commission releases report on U.S.-EU Privacy Shield

  220. Article
    Clinical quality, economic value and available data sources: How these work hand in hand

    Cybersecurity matters

  221. Webinar
    Padlock on red door

    The rise of privacy: a risk-based approach to privacy oversight, compliance and management

  222. Webinar
    Secure server

    Managing cyber threats: Developing a sustainable cybersecurity program to address your unique risks

  223. Article
    Lock key

    Putting a price on privacy risk

  224. Article
    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

  225. Article
    View of a computer server room

    U.S. federal data privacy law gains support of tech giants

  226. Article
    SEC releases guidance on cyber-related fraud and accounting controls for public companies

    SEC releases guidance on cyber-related fraud and accounting controls for public companies

  227. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  228. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  229. Webinar
    View of a computer server room

    Protecting your next investment: The importance of cybersecurity due diligence

  230. Press Release

    Nearly 90 percent of Organizations Lack Holistic Cybersecurity Testing Program

  231. Webinar
    Secure server

    Advanced cyber intelligence techniques: Integrated security testing

  232. Article
    Ball made up of data nodes

    Data privacy legislation tightens across the globe

  233. Press Release

    Majority of Insurers Have Not Adopted Agile Methodologies within Internal Audit Function

  234. Article
    Typing on keyboard

    California passes furthest reaching privacy law to date

  235. Article
    Buildings in Philadelphia

    Privacy and data security concerns continue to rise after GDPR enforcement date

  236. Article
    View of a computer server room

    GDPR quick assessment questionnaire: assess your GDPR data footprint

  237. Article
    Why you should hire a virtual chief information security officer (CISO)

    Why you should hire a virtual chief information security officer (CISO)

  238. Article
    Lighthouse prevents disaster

    Using cybersecurity attack and breach simulations to manage your organization’s attack surface

  239. Whitepaper
    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

  240. Article
    Five person board meeting

    The Center for Audit Quality releases new guidance on Cybersecurity Risk Management Oversight: A Tool for Board Members

  241. Article
    string of lights

    Embracing technology change

  242. Press Release

    Despite Impending Deadline, Most Organizations Remain Unprepared to Comply With GDPR

  243. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  244. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  245. Webinar
    Server room

    GDPR: is your organization ready?

  246. Webinar
    Touch screen

    Attack surface management webinar series

  247. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  248. Webinar
    Man at desk

    Monitoring your attack surface with effective logging capabilities

  249. Case Study
    Emerging trends in cybersecurity

    International insurance group strengthens cybersecurity program and complies with comprehensive regulations

  250. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  251. Article
    Cybersecurity management in higher education

    Cybersecurity management in higher education

  252. Webinar
    Key and keyboard

    Vulnerability management: What could it look like at your organization?

  253. In the News

    Six ways to improve your cybersecurity practices

  254. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  255. Press Release

    33 Percent of Financial Institutions Have Not Tested Their Cybersecurity Incident Response Plan

  256. Article
    View of a computer server room

    NYS DFS cybersecurity law: Implementation lessons learned

  257. Article
    European Union and United Kingdom flags

    European Union’s General Data Protection Regulation (GDPR) enforcement date looms

  258. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  259. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  260. Webinar
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

  261. Webinar
    fiber optics, lights, technology

    Social media data risks: Take steps now to improve your security posture

  262. Webinar
    Typing on keyboard

    Understanding the NAIC Insurance Data Security Law: Cybersecurity rules and regulations for insurance organizations

  263. Article
    Five person meeting

    Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

  264. Article
    Lock and laptop

    Cybersecurity and other topics discussed at PCI event

  265. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  266. Press Release

    Baker Tilly Adds David Ross to Enhance National Cybersecurity Specialization

  267. Webinar
    Ensuring cybersecurity to protect university IP assets

    Ensuring cybersecurity to protect university IP assets

  268. Article
    Opening between buildings

    HITRUST CSF™ Version 9: updates and impacts for certification

  269. Case Study
    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

  270. Case Study
    Construction planning

    Mortgage originator ensures compliance with FFIEC guidelines through business continuity management and disaster recovery plan assessments

  271. Case Study
    City skyline at sunset

    Real estate investment firm improves its business continuity strategy and approach with Baker Tilly risk assessment and disaster recovery plan

  272. Case Study
    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

  273. Article
    Strategic planning meeting members brainstorm with a clear whiteboard

    Developing and implementing an effective breach response plan

  274. Article
    technology, digital, lights

    Monitoring and verifying cybersecurity controls effectiveness

  275. Article
    Team meets in conference room

    Watch out for e-mail compromise fraud schemes

  276. Article
    Data center, server

    Dark Web: cybersecurity and the biggest threat facing your organization

  277. Article
    fiber optics, lights, technology

    Cybersecurity risk management reporting framework can provide a key component of an organization’s risk management program

  278. Webinar
    SOC essentials and reporting options

    SOC essentials and reporting options

  279. Webinar
    Data center, server

    Data security: keys to building a sound data risk management program

  280. Article
    hands typing on laptop

    Upcoming HITRUST CSF Version 9 release: Understanding the impact

  281. Webinar
    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

  282. Webinar
    Fiber optic cables and lights

    The next big real estate challenge: cybersecurity and smart buildings

  283. Article

    Why cybersecurity is getting more difficult to manage

  284. Webinar
    The finalized NYS DFS cybersecurity regulations: The 12 month transition

    The finalized NYS DFS cybersecurity regulations: The 12 month transition

  285. Case Study
    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

  286. Case Study
    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

  287. Article
    NAIC risk focused examinations: Insurers, be prepared for your next examination

    NAIC risk focused examinations: Insurers, be prepared for your next examination

  288. Whitepaper
    View of a computer server room

    NYS DFS cybersecurity rules compliance guide

  289. Article
    Final NYS DFS cybersecurity regulations signed into law

    Final NYS DFS cybersecurity regulations signed into law

  290. Case Study
    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

  291. Article
    Cybersecurity: What threats are your smart devices up against?

    Cybersecurity: What threats are your smart devices up against?

  292. Article
    NAIC cybersecurity update: Jan. 24 2017

    NAIC cybersecurity update: Jan. 24 2017

  293. Article
    string of lights

    Creating a sustainable cybersecurity management program

  294. Webinar
    Solar panels and wind turbines

    Public and social media data risks: Protecting your organization from hackers

  295. Webinar
    architecture, blue support beams

    Sustainable cybersecurity management: why it is critical to review your program now

  296. Webinar
    City buildings reflecting sky

    HITRUST demystified: what it means and what to expect from certification

  297. Article
    ASC 606 transition: Disclosures

    ASC 606 transition: Disclosures

  298. Article
    People walk on curved walkway between buildings

    AICPA proposes cybersecurity attest engagement

  299. Article
    NY DFS cybersecurity law Q&A

    NY DFS cybersecurity law Q&A

  300. Article
    Phishing for Awareness: Why cybersecurity matters for auto dealerships

    Phishing for Awareness: Why cybersecurity matters for auto dealerships

  301. Case Study
    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

  302. Article
    New York Department of Financial Services (DFS) releases new cybersecurity regulations

    New York Department of Financial Services (DFS) releases new cybersecurity regulations

  303. Webinar
    Protecting Federal Information: Five Things Contractors Need to Know

    Protecting Federal Information: Five Things Contractors Need to Know

  304. Article
    NAIC releases new version of Cybersecurity Model Law

    NAIC releases new version of Cybersecurity Model Law

  305. Article
    SEC Customer Protection Rule Initiative

    SEC Customer Protection Rule Initiative

  306. Article
    New cybersecurity requirements for government contractors

    New cybersecurity requirements for government contractors

  307. Article
    cybersecurity warning over data

    Playing offense and defense: assessing and managing cyber risk effectively

  308. Article
    Green plant

    Cybersecurity management: monitoring and verifying your cybersecurity controls are performing effectively

  309. Article
    Secure network

    The changing role of the examiner and cybersecurity risk in the financial services industry

  310. Article
    Server room at a data center

    Emerging trends in cybersecurity

  311. Article
    lock button on keyboard

    EU-US Privacy Shield Agreement increases oversight of data transfers: US companies brace for requirements

  312. Article
    Protect your firm and clients: Top 10 cybersecurity steps for law firms

    Protect your firm and clients: Top 10 cybersecurity steps for law firms

  313. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  314. Article
    laptop security

    Cybersecurity Disclosure Act of 2015: what you need to know now

  315. Article
    How to solve your organization’s biggest cybersecurity threat

    How to solve your organization’s biggest cybersecurity threat

  316. Article
    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

  317. Webinar
    Business district skyline at night

    Protecting federal information: new cybersecurity guidance for contractors

  318. Article
    Conference room in advance of board meeting

    Table of experts - fraud and cybersecurity

  319. Article
    Lights speeding by with city buildings in the distance

    Cybersecurity management: data classification demystified

  320. Article
    Lights speeding by with city buildings in the distance

    Increase IT project success with project risk reviews

  321. Article
    Conference room in advance of board meeting

    Cyber-risk: what audit committees and boards need to know now

  322. Article
    Lights speeding by with city buildings in the distance

    New Jersey law mandating health insurance data encryption may have broader implications

  323. Article
    city skyline

    Cybersecurity: stay ahead of an evolving landscape

  324. Article
    Hikers climb a rocky path

    Cybersecurity: steps to take now

  325. Article
    Drone flies within city limits

    New NIST Cybersecurity Framework

  326. Webinar
    Construction site with crane

    A framework for auditing mobile devices

  327. Article
    technology concept, 1s and 0s

    Is your business continuity sound?

  328. Article
    Working remotely at sunrise with a cup of coffee

    Cybersecurity: the growing threat (and what to do about it)

  329. Article
    Conference room in advance of a board meeting

    U.S. cybersecurity executive order could mean changes for many organizations

  330. Article
    Closeup of circuitry on computer

    Cyber preparedness and business interruption survey

  331. Article
    Building a practical cybersecurity risk acceptance/risk transfer framework

    Building a practical cybersecurity risk acceptance/risk transfer framework

  332. Case Study
    Programmer performs systems testing on software

    Baker Tilly helps local government strengthen its IT department

  333. Article
    Teammates meeting in a conference room

    Annual Statement of Accounts (ASOA) certification required for music streaming service providers

  1. Jeff Krull

    Jeff Krull

    CPA, CISA, CITP

    Partner

  2. Mike Cullen

    Mike Cullen

    CISA, CISSP, CIPP/US

    Principal

  3. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  4. Matt Gilbert

    Matt Gilbert

    CISA, CRISC

    Principal

  5. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Partner

  6. Madhu Maganti

    Madhu Maganti

    CPA, CISA, M.S.

    Partner

  7. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  8. Atit Shah

    Atit Shah

    CISA

    Principal

  9. Joe Shusko

    Joe Shusko

    CISA, PMP

    Principal

  10. Christopher J. Tait

    Christopher J. Tait

    MBA, CISA, CCSK, CFSA, CCSFP

    Principal

  11. Bosco Yuen

    Bosco Yuen

    CPA, CISSP, CISA, CIA, CSX, CCSA, PMP

    Partner

Organizations need an accurate and objective view of their cybersecurity profile to safeguard information assets and protect the organization's value.

    Proactively protect and address your cybersecurity and information technology (IT) risks.

    Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise and loss of reputation, revenue/value, customers and intellectual property. Couple these risks with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks.

    While sophisticated hacking is a valid threat to organizations, it is rarely the root cause of a data breach. The vast majority of data breaches and cybersecurity incidents are actually caused by a breakdown of basic cybersecurity processes and controls.

    Baker Tilly’s cybersecurity specialists work with organizations to assess their risk and achieve measurable security enhancements and cybersecurity control improvements. We will evaluate your cybersecurity controls, deliver recommended improvements and provide assurance that your cybersecurity controls are working.

    October is Cybersecurity Awareness Month

    2023 marks 20 years of Cybersecurity Awareness Month! This year the focus is on key behaviors including:
    • strong passwords
    • multifactor authentication
    • recognizing and reporting phishing
    • software updates

    During this month, Baker Tilly's cybersecurity specialists highlight recent events and thought leadership to help organizations address their cyber risk.

    • Week one

    Article and on-demand webinar

    Understand how the AICPA cyber risk management framework can help organizations address the recent SEC cyber disclosure rule

    Cybersecurity services and IT assessments

    Contact our teamarrowCreated with Sketch.

    Cybersecurity and privacy compliance services

    Contact our teamarrowCreated with Sketch.

    Cybersecurity certifications

    Cybersecurity compliance assessments

    We have experience performing assessments against a variety of compliance frameworks, including: 

    •  Defense Federal Acquisition Regulation Supplement (DFARS) for Cybersecurity
    • Family Education Rights and Privacy Act (FERPA)
    • Federal Information Security Modernization Act (FISMA)
    • Gramm-Leach Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • International Organization for Standardization (ISO) 27001
    • Model Audit Rule (MAR)
    • NAIC Insurance Data Security Model Act
    • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) – 800-171 and 800-53 (including Revision 5)
    • New York Department of Financial Services (NY DFS) Cybersecurity Regulation
    • Payment Card Industry Data Security Standard (PCI DSS)

    Privacy assessments

    We are making great headway on security policies, procedures and it’s measurable. Our exposed surface area for cyber-attack is smaller than it’s ever been.
    Director of Information Systems for a large insurance company

    Our industries

    1. Life sciences presentation on data dashboard

      Healthcare & Life Sciences

      Baker Tilly helps organizations win now, and explore the options for tomorrow, through an orchestrated approach and understanding encompassing all facets of the healthcare ecosystem.
    2. Two advisors reviewing financial services dashboard data

      Financial Services

      The financial services industry continues to diversify, but competition and more complex vendor relationships make determining business strategy more complicated.
    3. Students review schedules on campus

      Higher Education

      Balance competing priorities. Effectively align limited resources. Advance student and institutional success.
    4. Commercial real estate properties in city

      Real Estate

      Innovative solutions for developers, owners, investors and property managers.
    5. Supervisor observes an energy power plant

      Energy

      With expertise in oil and gas, power and utilities and renewable energy, we provide a collective view with measurable results.
    6. Manufacturing and distribution professional operating mes system software

      Manufacturing & Distribution

      Helping manufacturing and distribution (M&D) companies reduce risk and improve efficiencies from the shop floor to the top floor.
    7. Lawyer on mobile phone in law firm office

      Law Firm & Professional Services

      In the face of intense competition, successful law firms must deliver quality legal services and practice effective business management.
    8. Technician analyzes security of data on servers

      HITRUST CSF Assessment Services

      The HITRUST CSF provides an integrated, certifiable approach to securing PHI. Any organization handling PHI on behalf of customers may be required to obtain a HITRUST CSF certification.

    Featured insights

    Webinar
    Critical cybersecurity considerations with a remote workforce

    Critical cybersecurity considerations with a remote workforce

    Resource
    Ransomware prevention guide

    Ransomware prevention guide

    Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Article
    The impact of COVID-19 on SOC

    The impact of COVID-19 on SOC