Baker Tilly
Contact us
Thumbprint used for increased security

Cybersecurity

Proactively protect and address your cybersecurity and information technology (IT) risks.

Cybersecurity

  1. Article
    University campus during the daytime

    How higher education and research institutions may benefit from using HITRUST to navigate research data security requirements

  2. Case Study
    software automation data screen

    Testing of software company's web portal boosts confidence in security measures

  3. Case Study
    Data dashboard coming out of laptop

    Multinational government contractor updates training after phishing prevention campaign uncovers vulnerabilities

  4. Case Study
    Cookies being produced in factory

    Food producer improves network security after disabling unused networks

  5. Case Study
    Rising interest rates, financial growth

    Debt consolidation company closes security vulnerability after successful external penetration testing

  6. Case Study
    Cars lined up on display at dealership

    Multilocation car dealership updates patching inventory after internal vulnerability scan

  7. Article
    Energy plant with abstract data points

    Energy and utilities sector faced with cybersecurity risks

  8. Article
    Woman at a computer analyzing data

    NIST 800-53 Revision 4 to Revision 5 comparison tool

  9. Article
    Two professionals meet at a computer to review analytics

    Four key concepts to consider when using advanced reporting solutions in your SOX program

  10. Article
    Together, team members climb a mountain to reach the summit

    Getting risk appetite right in uncertain times

  11. Article
    Abstract circle arches

    Dynamic risk landscape creates challenges regarding talent, cybersecurity and ESG

  12. Article
    Man looking at data points

    Data mapping: building a strong foundation for cybersecurity and data privacy

  13. Webinar
    Data dashboard coming out of laptop

    Cybersecurity trends: what to expect in 2023

  14. Article
    casual work space office

    How to build an effective IT audit team during a time of skilled resourcing shortages

  15. Whitepaper
    Thumbprint used for increased security

    2023 Cyber Predictions

  16. Article
    Data-driven manufacturing

    Top 5 manufacturing and distribution cybersecurity risks

  17. Article
    Consultants review software development code

    Cybersecurity risks affecting software and technology companies

  18. Article
    Man looking at window of data

    Are you overlooking a key component to cybersecurity risk management? 

  19. Article
    cyber risk manufacturing distribution

    Reducing cyber risk and protecting against a ‘perfect storm’

  20. Article
    team member talking digital screen

    Panel discussion: Smart buildings ARE networked systems

  21. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  22. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  23. Article
    people office

    Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges

  24. Whitepaper

    The evolving risk landscape

  25. Article
    risk_touching_gears

    Utilizing penetration testing to enhance internal audit activities

  26. Article
    Team collaborates on client project

    Easing cyber insurance woes using key controls 

  27. Podcast
    Cybersecurity professionals performs a risk assessment at a computer

    Higher Ed Advisor: designing an effective cybersecurity strategy to safeguard institutional data and research

  28. Article
    Team strategy meeting in conference room overlooking city

    How to manage cyber risks when cyber insurance costs rise

  29. Article
    Health plan achieving interoperability compliance

    Healthcare organizations face a daunting cybersecurity landscape

  30. Article
    Government building pillars with American flag

    Top five digital opportunities for the public sector

  31. Case Study
    Woman votes on a referendum on election day

    State government implements cybersecurity program to prevent ransomware attacks at election offices

  32. Article
    Data, cybersecurity on laptop

    Small business cybersecurity risk: Cyberattacks don’t care how big your business is

  33. Article
    Team members discuss strategy in a meeting

    HITRUST FAQ

  34. Resource
    hands working on report

    Which SOC report is right for your organization?

  35. Article
    man protects firm from cybersecurity risks

    New York Department of Financial Services updates cybersecurity requirements for financial services organizations

  36. Article
    Woman interacts with data

    Combating the rising costs of cyber insurance: how we got here, and what organizations can do

  37. In the News
    cyber cords crossing

    Pointers on Preventing Ransomware

  38. Webinar
    woman-in-front-of-computer

    Cybersecurity vulnerabilities and CMMC update for small businesses

  39. Article
    People shaking hands at a meeting

    Cybersecurity Maturity Model Certification (CMMC) Q&A

  40. Article
    Business professionals works at office computer

    CMMC 2.0: five key changes for government contractors

  41. In the News
    Cybersecurity professionals performs a risk assessment at a computer

    Baker Tilly International: Fighting an unrelenting war – how business can be safe from cyberattack

  42. Webinar
    Finger pressing data on a screen

    Research security: what auditors must know in 2022

  43. Article
    Thumbprint used for increased security

    Public sector internal auditors most concerned by cybersecurity, data and talent risks

  44. Podcast
    Programmer performs systems testing on software

    BuzzHouse: How to protect your company from cyber threats

  45. Article
    Abstract data storage

    How NIST 800-171 Revision 3 may impact CMMC

  46. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  47. Article
    securing your family office from a ransomware attack

    Managing your family office's risk against a ransomware attack

  48. Article
    Closeup of circuitry on computer

    Cybersecurity and data privacy: recognizing the risks facing NFP organizations

  49. Article
    cybersecurity businessman touching web

    SEC proposes improved uniformity and comparability of cybersecurity disclosures

  50. Webinar
    Data server center

    Fraud Summit: Managing your risk against a ransomware attack

  51. Webinar
    people raising hands for Q&A

    Fraud allegations and the media: a guide to surviving the spotlight

  52. Webinar
    Woman at a computer analyzing data

    Cybersecurity: to infinity and beyond

  53. Webinar
    man analyzing computer data

    A deeper dive into cyber crime, cryptocurrency and illicit finance

  54. Article
    Person driving a vehicle

    Building sustainable compliance for dealerships in response to the new FTC Safeguards Rule

  55. Article
    Team working to analyze data and software

    New HITRUST assessments rise to meet the need for varying assurance levels

  56. Article
    Team meeting around a computer to analyze data

    Crisis management: three things all businesses should review now

  57. Webinar
    hands typing on laptop

    Insurers and cybersecurity: What will 2022 look like?

  58. Webinar
    Woman looking at data visualization on tablet

    Demystifying HITRUST assessment types: bC, i1 and r2

  59. Podcast
    Data analyst performs market research from various sources

    Higher Ed Advisor: Lehigh University: how cybersecurity and compliance enable revenue generation in higher education

  60. Article
    risk two people climbing a mountain

    Fraud risks in the cannabis industry

  61. Article
    Woman works on computer at night

    Mitigating cyber risk with HCM Advanced Controls

  62. Webinar
    Board meeting at a conference table

    Managing NFP cybersecurity risks through board governance

  63. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  64. Article
    abstract data

    Data Privacy Day 2022: Resolve to be in front of privacy ... not behind it

  65. Whitepaper
    hands typing on laptop

    2022 Cyber Predictions e-book

  66. Webinar
    Car lights speed through valley

    Industry perspectives on CMMC 2.0

  67. Article
    Closeup of circuitry on computer

    Managing cyber risks Part 3: business interruption losses

  68. Article
    People in a crosswalk from above

    Managing cyber risks Part 2: Cyber insurance policies

  69. Podcast
    Baker Tilly Fed Talks podcast

    Fed Talks: CMMC 2.0

  70. Article
    cybersecurity of personal health information

    COVID business shifts change but don’t stop robust HITRUST evaluations

  71. Webinar
    Professionals collaborate in team meeting

    CMMC 2.0: five changes to navigate

  72. Webinar
    NIST Cybersecurity (CSF) assessment

    How to perform a NIST Cybersecurity (CSF) assessment in seven easy steps

  73. Article
    Cyber

    Managing cyber risks Part 1: IT contracts

  74. Webinar
    protected health information

    HITRUST panel: lessons learned from a year of remote HITRUST validations

  75. Resource
    Man consults on the phone while working on the computer

    Ransomware prevention guide

  76. Article
    information traveling to the cloud

    How to mitigate your risk when doing business on the cloud

  77. Webinar
    government contractors need to respond to new supply chain requirements

    Dealing with ever-increasing supply chain risk requirements

  78. Webinar
    Woman looking toward the future

    Utility University: Putting “now, for tomorrow” into practice

  79. Article
    Woman works on computer at night

    Ransomware: understanding the risks and recognizing the threats

  80. Article
    aerial view of a fort

    Mounting a defense in the ransomware war

  81. Article
    Team members review successful project on a tablet

    Elevating IT SOX programs through PCAOB inspection results and staff outlooks

  82. Webinar
    ransomware attack at a business

    Managing your risk against a ransomware attack

  83. Case Study
    Team of consultants analyzes data on the computer

    Investment firm manages risks across large portfolio through ongoing cyber health checks

  84. Case Study
    speed of technology blur

    NCDIT simultaneously undergoes HITRUST and NIST 800-53 readiness

  85. Article
    Protecting your institution with effective cybersecurity governance

    New cyber law impacts Wisconsin insurers

  86. Webinar
    People looking at cybersecurity screens

    Cybersecurity risk management: mitigating vulnerabilities in the cloud

  87. Article
    Medical professional works on a computer with a stethoscope

    Pharmaceuticals distribution in a post-COVID-19 economy: insurance considerations for logistics and distribution

  88. Article
    Professional working remotely

    Cybersecurity awareness remains key for post-pandemic remote workforce

  89. Article
    Supply chain risk management

    Beyond the headline: examining the Biden cybersecurity executive order

  90. Article
    Woman reviews NIST SP 800-161 Revision 1

    NIST SP 800-161 aims to reshape supply chain risk management: What does it mean for government contractors?

  91. Webinar
    woman with multiple computer screens monitoring cybersecurity

    CMMC preparation: minimize competitive barriers and grow your federal business

  92. Article
    Protecting your institution with effective cybersecurity governance

    NY cybersecurity regulation consent order shows need for adequate compliance program

  93. Podcast
    Baker Tilly Fed Talks CMMC podcast

    Fed Talks: Zero Trust thirty: reflections on cybersecurity

  94. Article
    View of a computer server room

    Cybersecurity considerations across the life cycle of a deal

  95. Webinar
    Abstract data

    CMMC for construction contractors: a practical examination

  96. Article
    Healthcare data and cybersecurity risk management on an ipad

    HIPAA: get serious about identifying your organizational cybersecurity risks

  97. Webinar
    Cybersecurity

    Real and present maritime cyber security challenges for ship operators, insurers and lawyers

  98. Webinar
    Team meeting at a computer

    NIST 800-53 Revision 5: preparing for the transition

  99. Article
    Protecting your institution with effective cybersecurity governance

    Lions and gazelles - the reality of the cyber jungle

  100. Article
    Cybersecurity and data server at a not-for-profit organization

    Aligning your cybersecurity framework with your organization's mission

  101. Webinar
    Supply chain man working on tablet

    Insurance hot topics virtual series: the evolving insurance cybersecurity program

  102. Whitepaper
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    2021 cyber predictions e-book

  103. Article
    Polaris IT services

    Find your path to Polaris: important takeaways from the draft to GSA’s latest GWAC

  104. Resource
    Conference room in advance of a board meeting

    NACD (National Association of Corporate Directors)

  105. Article
    Woman managing cloud technology on laptop

    Managing security risks when using third-party hosted solutions

  106. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  107. Article
    Woman managing cybersecurity risks in the cloud

    Managing cybersecurity risks in the cloud

  108. Article
    Cybersecurity on laptop with mobile icons

    Taking a risk-based approach to cybersecurity

  109. Webinar
    CMMC what to expect during official assessment

    CMMC: What to expect during an official assessment

  110. Webinar
    CMMC guidance

    Your CMMC timeline: expert guidance for today and preparing for tomorrow

  111. Webinar
    IT general controls and cybersecurity for public sector

    Stay in control: IT general controls and cybersecurity for public sector

  112. Article
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    New dog, old tricks – how the cyber insurance market can learn from the property market

  113. Article
    Cyberattacks and intellectual property loss

    Cyberattacks and intellectual property loss

  114. Article
    data privacy points across the globe

    Five things you need to know to optimize your company’s approach to data privacy and cybersecurity

  115. Article
    Cyber risk management framework in a virtual environment

    NIST releases SP 800-53 Revision 5 and SP 800-53B

  116. Article
    Healthcare professionals discussing cybersecurity and ransomware attacks

    Healthcare industry seeks enhanced cybersecurity controls in the face of rising ransomware attacks

  117. Article
    Building a practical cybersecurity risk acceptance/risk transfer framework

    Baker Tilly’s global forensics cyber team ranked No. 4 cyber risk service provider by the Insurance Insider

  118. Webinar
    Professional working remotely

    Cybersecurity and business continuity challenges in the work-from-home era

  119. Webinar
    DC Capitol

    Are you ready for CMMC?

  120. Article
    Consultant uses data analytics to address strategic growth

    Data strategy canvas discussion: identifying opportunities and developing actionable solutions for your data

  121. Article
    contractors documenting changing terms of the Paycheck Protection Program (PPP)

    Preparing for the economic recovery: strategies to help contractors succeed in a changed business environment

  122. Webinar
    CMMC cybersecurity success hands

    Ensure CMMC success: seven common scoping mistakes to avoid

  123. Webinar
    Bike wheel spinning

    Data security and shop floor integration/IIoT

  124. Article
    Taking notes while working at a computer

    Section 889 Part B is now in effect – are you ready to respond on day one?

  125. Article

    CMMC: preparation is paramount

  126. Article
    Video conference of a medical professionals

    The rise of telehealth and the importance of cybersecurity

  127. Article
    Factory plant

    Pressure testing supply chain management: What do today’s challenges mean for government contractors?

  128. Webinar
    Dark Web: cybersecurity and the biggest threat facing your organization

    Cybersecurity Maturity Model Certification (CMMC) readiness series – Part II

  129. Article

    Cybersecurity Maturity Model Certification (CMMC) impacts on the research enterprise at higher education and research institutions

  130. Webinar

    Critical cybersecurity considerations with a remote workforce

  131. Case Study
    Man works remotely with phone, reports and computer

    Baker Tilly guides city to enhance IT department operations

  132. Webinar
    Blue lighting in server room

    SOC considerations through the COVID-19 lens

  133. Webinar
    Looking in on a board meeting

    Understanding CMMC and the implications for DoD contractors

  134. Webinar

    CMMC is here, time to move to the cloud

  135. Multimedia

    Simon Oddy discusses mitigating impacts of COVID-19 on insurers and policyholders for supply chain and cybersecurity risks

  136. Podcast

    Mitigating impacts on insurers and policyholders for supply chain and cybersecurity risks from COVID-19

  137. Podcast

    What we’re hearing in the current U.S. insurance market

  138. Article
    Businessman reviews report data

    Important cybersecurity tips while working remotely

  139. Multimedia

    Derek Royster discusses insurance industry exposure during COVID-19

  140. Article
    Neighborhood street leading to state and local government building

    Cybersecurity Maturity Model Certification (CMMC) raises the bar for contractors

  141. Article

    IT audit for remote work environments during COVID-19 crisis, through recovery

  142. Article
    Doctor reviews patient data on computer

    Technology due diligence in healthcare

  143. Article
    Professional works remotely from home

    Cybersecurity hygiene for individuals working or learning remotely

  144. Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

  145. Multimedia
    geometric ceiling

    Can your IT SOX program withstand the PCAOB?

  146. Webinar
    Keeping your organization aligned with the SEC's cybersecurity guidance

    Keeping your organization aligned with the SEC's cybersecurity guidance

  147. Article
    Classroom

    Cybersecurity issues in research: can higher education institutions keep up with research data security requirements?

  148. Article
    Risky business: Protect your government from cyber threats

    Risky business: protect your government from cyber threats

  149. Webinar
    How Willis Towers Watson successfully moved its global HR operations to the cloud

    Healthcare and the cloud: utilizing cloud computing for more effective healthcare data security

  150. Whitepaper
    Data breaches pose increasing risk to healthcare organizations

    2020 Cyber Predictions

  151. Article
    Server room

    The road to CIO-SP4: uncharted but not entirely uncertain

  152. Article
    View from below of a blue interior staircase

    FEDSIM brings proposal teams to attention: how to prepare for ASTRO launch

  153. Press Release
    Two women working together at a computer, discussing privacy and risk management

    Baker Tilly Partners with CENTRL to Help Clients Enhance Privacy Compliance and Risk Management

  154. Webinar
    Internal server

    Cybersecurity threat briefing: managing emerging threats and risks

  155. Case Study

    National marrow donor program implements cybersecurity controls to protect sensitive patient data

  156. Webinar
    cyber curcuit board

    Protecting you and your family business against cyber risks

  157. Webinar
    ceiling lines

    Protecting your next investment: The importance of technology due diligence

  158. Article
    Empty conference room

    Authentication: Do we really need to use crazy passwords?

  159. Webinar
    Various meeting notes pinned to a board

    Privacy compliance: ensuring compliance with CCPA and beyond

  160. Press Release

    Internal Employees Greatest Cybersecurity Threat for Insurers

  161. Article
    Stairs and columns outside government building

    New state data breach notification laws have near-term impact

  162. Media

    Accounting Today: It only takes three seconds

  163. Press Release

    More than 25% of Healthcare Organizations Rate Cybersecurity as Their Greatest Concern

  164. Webinar
    Stack of papers

    The NAIC Insurance Data Security Model Law: Preparing for your state’s next cybersecurity examination

  165. Press Release

    Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

  166. Media

    Corporate Compliance Insights: Investment in Cybersecurity is Key to Minimizing Risk and Gaining a Competitive Edge

  167. Press Release

    Cyber risks weaken links in supply chains

  168. Article
    Hospital groups threaten to sue over site-neutral payment cuts

    Navigating the NAIC Insurance Data Security Model Law

  169. Webinar

    Understanding privacy regulations and compliance

  170. Article
    prepare to answer questions about cybersecurity

    Audits hone in on cybersecurity

  171. Webinar
    Software and technology

    Cybersecurity oversight: the board and C-suite’s perspectives

  172. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  173. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  174. Article

    European Commission releases report on U.S.-EU Privacy Shield

  175. Article
    Clinical quality, economic value and available data sources: How these work hand in hand

    Cybersecurity matters

  176. Webinar
    Padlock on red door

    The rise of privacy: a risk-based approach to privacy oversight, compliance and management

  177. Webinar
    Secure server

    Managing cyber threats: Developing a sustainable cybersecurity program to address your unique risks

  178. Article
    Lock key

    Putting a price on privacy risk

  179. Article
    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

  180. Article
    View of a computer server room

    U.S. federal data privacy law gains support of tech giants

  181. Article
    SEC releases guidance on cyber-related fraud and accounting controls for public companies

    SEC releases guidance on cyber-related fraud and accounting controls for public companies

  182. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  183. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  184. Webinar
    View of a computer server room

    Protecting your next investment: The importance of cybersecurity due diligence

  185. Press Release

    Nearly 90 percent of Organizations Lack Holistic Cybersecurity Testing Program

  186. Webinar
    Secure server

    Advanced cyber intelligence techniques: Integrated security testing

  187. Article

    Data privacy legislation tightens across the globe

  188. Press Release

    Majority of Insurers Have Not Adopted Agile Methodologies within Internal Audit Function

  189. Article

    California passes furthest reaching privacy law to date

  190. Article
    Buildings in Philadelphia

    Privacy and data security concerns continue to rise after GDPR enforcement date

  191. Article
    View of a computer server room

    GDPR quick assessment questionnaire: assess your GDPR data footprint

  192. Article
    Why you should hire a virtual chief information security officer (CISO)

    Why you should hire a virtual chief information security officer (CISO)

  193. Article

    Using cybersecurity attack and breach simulations to manage your organization’s attack surface

  194. Whitepaper
    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

  195. Article
    Five person board meeting

    The Center for Audit Quality releases new guidance on Cybersecurity Risk Management Oversight: A Tool for Board Members

  196. Article
    string of lights

    Embracing technology change

  197. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  198. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  199. Webinar
    Server room

    GDPR: is your organization ready?

  200. Webinar
    Touch screen

    Attack surface management webinar series

  201. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  202. Webinar
    Man at desk

    Monitoring your attack surface with effective logging capabilities

  203. Case Study
    Emerging trends in cybersecurity

    International insurance group strengthens cybersecurity program and complies with comprehensive regulations

  204. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  205. Article
    Cybersecurity management in higher education

    Cybersecurity management in higher education

  206. Webinar
    Key and keyboard

    Vulnerability management: What could it look like at your organization?

  207. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  208. Press Release

    33 Percent of Financial Institutions Have Not Tested Their Cybersecurity Incident Response Plan

  209. Article
    View of a computer server room

    NYS DFS cybersecurity law: Implementation lessons learned

  210. Article
    European Union and United Kingdom flags

    European Union’s General Data Protection Regulation (GDPR) enforcement date looms

  211. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  212. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  213. Webinar
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

  214. Webinar

    Social media data risks: Take steps now to improve your security posture

  215. Webinar
    Understanding the NAIC Insurance Data Security Law: Cybersecurity rules and regulations for insurance organizations

    Understanding the NAIC Insurance Data Security Law: Cybersecurity rules and regulations for insurance organizations

  216. Article
    Five person meeting

    Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

  217. Article
    Lock and laptop

    Cybersecurity and other topics discussed at PCI event

  218. Webinar

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  219. Press Release

    Baker Tilly Adds David Ross to Enhance National Cybersecurity Specialization

  220. Webinar
    Ensuring cybersecurity to protect university IP assets

    Ensuring cybersecurity to protect university IP assets

  221. Article
    Opening between buildings

    HITRUST CSF™ Version 9: updates and impacts for certification

  222. Case Study
    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

  223. Case Study
    Construction planning

    Mortgage originator ensures compliance with FFIEC guidelines through business continuity management and disaster recovery plan assessments

  224. Case Study
    City skyline at sunset

    Real estate investment firm improves its business continuity strategy and approach with Baker Tilly risk assessment and disaster recovery plan

  225. Case Study
    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

  226. Article
    Strategic planning meeting members brainstorm with a clear whiteboard

    Developing and implementing an effective breach response plan

  227. Article
    technology, digital, lights

    Monitoring and verifying cybersecurity controls effectiveness

  228. Article

    Watch out for e-mail compromise fraud schemes

  229. Article
    Data center, server

    Dark Web: cybersecurity and the biggest threat facing your organization

  230. Article

    Cybersecurity risk management reporting framework can provide a key component of an organization’s risk management program

  231. Webinar
    SOC essentials and reporting options

    SOC essentials and reporting options

  232. Webinar
    Data center, server

    Data security: keys to building a sound data risk management program

  233. Webinar
    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

  234. Webinar
    Fiber optic cables and lights

    The next big real estate challenge: cybersecurity and smart buildings

  235. Article

    Why cybersecurity is getting more difficult to manage

  236. Webinar
    The finalized NYS DFS cybersecurity regulations: The 12 month transition

    The finalized NYS DFS cybersecurity regulations: The 12 month transition

  237. Case Study
    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

  238. Case Study
    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

  239. Article
    NAIC risk focused examinations: Insurers, be prepared for your next examination

    NAIC risk focused examinations: Insurers, be prepared for your next examination

  240. Article
    Final NYS DFS cybersecurity regulations signed into law

    Final NYS DFS cybersecurity regulations signed into law

  241. Case Study
    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

  242. Article
    Cybersecurity: What threats are your smart devices up against?

    Cybersecurity: What threats are your smart devices up against?

  243. Article
    NAIC cybersecurity update: Jan. 24 2017

    NAIC cybersecurity update: Jan. 24 2017

  244. Article
    string of lights

    Creating a sustainable cybersecurity management program

  245. Webinar

    Public and social media data risks: Protecting your organization from hackers

  246. Webinar

    Sustainable cybersecurity management: why it is critical to review your program now

  247. Article
    ASC 606 transition: Disclosures

    ASC 606 transition: Disclosures

  248. Article

    AICPA proposes cybersecurity attest engagement

  249. Article
    NY DFS cybersecurity law Q&A

    NY DFS cybersecurity law Q&A

  250. Article
    Phishing for Awareness: Why cybersecurity matters for auto dealerships

    Phishing for Awareness: Why cybersecurity matters for auto dealerships

  251. Case Study
    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

  252. Article
    New York Department of Financial Services (DFS) releases new cybersecurity regulations

    New York Department of Financial Services (DFS) releases new cybersecurity regulations

  253. Webinar
    Protecting Federal Information: Five Things Contractors Need to Know

    Protecting Federal Information: Five Things Contractors Need to Know

  254. Article
    NAIC releases new version of Cybersecurity Model Law

    NAIC releases new version of Cybersecurity Model Law

  255. Article
    SEC Customer Protection Rule Initiative

    SEC Customer Protection Rule Initiative

  256. Article
    New cybersecurity requirements for government contractors

    New cybersecurity requirements for government contractors

  257. Article

    Playing offense and defense: assessing and managing cyber risk effectively

  258. Article

    Cybersecurity management: monitoring and verifying your cybersecurity controls are performing effectively

  259. Article

    The changing role of the examiner and cybersecurity risk in the financial services industry

  260. Article

    Emerging trends in cybersecurity

  261. Article
    lock button on keyboard

    EU-US Privacy Shield Agreement increases oversight of data transfers: US companies brace for requirements

  262. Article
    Protect your firm and clients: Top 10 cybersecurity steps for law firms

    Protect your firm and clients: Top 10 cybersecurity steps for law firms

  263. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  264. Article
    laptop security

    Cybersecurity Disclosure Act of 2015: what you need to know now

  265. Article
    How to solve your organization’s biggest cybersecurity threat

    How to solve your organization’s biggest cybersecurity threat

  266. Article
    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

  267. Webinar
    Business district skyline at night

    Protecting federal information: new cybersecurity guidance for contractors

  268. Article
    Conference room in advance of board meeting

    Table of experts - fraud and cybersecurity

  269. Article
    Lights speeding by with city buildings in the distance

    Cybersecurity management: data classification demystified

  270. Article

    Increase IT project success with project risk reviews

  271. Article
    Conference room in advance of board meeting

    Cyber-risk: what audit committees and boards need to know now

  272. Article

    New Jersey law mandating health insurance data encryption may have broader implications

  273. Article

    Cybersecurity: stay ahead of an evolving landscape

  274. Article

    Cybersecurity: steps to take now

  275. Webinar
    Construction site with crane

    A framework for auditing mobile devices

  276. Article

    Is your business continuity sound?

  277. Article

    Cybersecurity: the growing threat (and what to do about it)

  278. Article
    Conference room in advance of a board meeting

    U.S. cybersecurity executive order could mean changes for many organizations

  279. Podcast

    SOC 2 and data security’s impact on insurance companies

  280. Whitepaper
    View of a computer server room

    NYS DFS cybersecurity rules compliance guide

  281. Article

    New NIST Cybersecurity Framework

  282. Article

    Cyber preparedness and business interruption survey

  283. Article
    Building a practical cybersecurity risk acceptance/risk transfer framework

    Building a practical cybersecurity risk acceptance/risk transfer framework

  284. Case Study

    Baker Tilly helps local government strengthen its IT department

  285. Article

    Annual Statement of Accounts (ASOA) certification required for music streaming service providers

  1. Janice S. Ahlstrom

    Janice S. Ahlstrom

    FHIMSS, CPHIMS, CCSFP, RN, B.S.N.

    Director

  2. Mike Cullen

    Mike Cullen

    CISA, CISSP, CIPP/US

    Principal

  3. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  4. Ben Hobby

    Ben Hobby

    FCA, Dip CII

    Partner

  5. Jeff Krull

    Jeff Krull

    CPA, CISA

    Partner

  6. Madhu Maganti

    Madhu Maganti

    CPA, CISA, M.S.

    Partner

  7. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  8. Simon P. Oddy

    Simon Oddy

    FCA, CFE, MCIArb

    Partner

  9. Bernard Regan

    Bernard Regan

    MSc, MBCS

    Principal

  10. Atit Shah

    Atit Shah

    CISA

    Principal

  11. Joe Shusko

    Joe Shusko

    CISA, PMP

    Principal

  12. Mallory Thomas

    Mallory Thomas

    CPA, MBA, CIA, CITP, CISA

    Partner

  13. Mike Vanderbilt

    Mike Vanderbilt

    PMP, CIPP/E

    Director

Organizations need an accurate and objective view of their cybersecurity profile to safeguard information assets and protect the organization's value.

    Proactively protect and address your cybersecurity and information technology (IT) risks.

    Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise and loss of reputation, revenue/value, customers and intellectual property. Couple these risks with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks.

    While sophisticated hacking is a valid threat to organizations, it is rarely the root cause of a data breach. The vast majority of data breaches and cybersecurity incidents are actually caused by a breakdown of basic cybersecurity processes and controls.

    Baker Tilly’s cybersecurity specialists work with organizations to assess their risk and achieve measurable security enhancements and cybersecurity control improvements. We will evaluate your cybersecurity controls, deliver recommended improvements and provide assurance that your cybersecurity controls are working.

    Cybersecurity services and IT assessments

    Contact our teamarrowCreated with Sketch.

    Cybersecurity and privacy compliance services

    Contact our teamarrowCreated with Sketch.

    Cybersecurity certifications

    Cybersecurity compliance assessments

    We have experience performing assessments against a variety of compliance frameworks, including: 

    •  Defense Federal Acquisition Regulation Supplement (DFARS) for Cybersecurity
    • Family Education Rights and Privacy Act (FERPA)
    • Federal Information Security Modernization Act (FISMA)
    • Gramm-Leach Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • International Organization for Standardization (ISO) 27001
    • Model Audit Rule (MAR)
    • NAIC Insurance Data Security Model Act
    • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) – 800-171 and 800-53 (including Revision 5)
    • New York Department of Financial Services (NY DFS) Cybersecurity Regulation
    • Payment Card Industry Data Security Standard (PCI DSS)

    Privacy assessments

    We are making great headway on security policies, procedures and it’s measurable. Our exposed surface area for cyber-attack is smaller than it’s ever been.
    Director of Information Systems for a large insurance company

    Our industries

    1. Life sciences presentation on data dashboard

      Healthcare & Life Sciences

      Baker Tilly helps organizations win now, and explore the options for tomorrow, through an orchestrated approach and understanding encompassing all facets of the healthcare ecosystem.
    2. Two advisors reviewing financial services dashboard data

      Financial Services

      The financial services industry continues to diversify, but competition and more complex vendor relationships make determining business strategy more complicated.
    3. Students review schedules on campus

      Higher Education

      Balance competing priorities. Effectively align limited resources. Advance student and institutional success.
    4. Commercial real estate properties in city

      Real Estate

      Innovative solutions for developers, owners, investors and property managers.
    5. Supervisor observes an energy power plant

      Energy

      With expertise in oil and gas, power and utilities and renewable energy, we provide a collective view with measurable results.
    6. Manufacturing and distribution professional operating mes system software

      Manufacturing & Distribution

      Helping manufacturing and distribution (M&D) companies reduce risk and improve efficiencies from the shop floor to the top floor.
    7. Lawyer on mobile phone in law firm office

      Law Firm & Professional Services

      In the face of intense competition, successful law firms must deliver quality legal services and practice effective business management.
    8. Technician analyzes security of data on servers

      HITRUST CSF Assessment Services

      The HITRUST CSF provides an integrated, certifiable approach to securing PHI. Any organization handling PHI on behalf of customers may be required to obtain a HITRUST CSF certification.

    Featured insights

    Webinar

    Critical cybersecurity considerations with a remote workforce

    Resource
    Ransomware prevention guide

    Ransomware prevention guide

    Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Article
    The impact of COVID-19 on SOC

    The impact of COVID-19 on SOC