Baker Tilly
Contact us
Thumbprint used for increased security

Cybersecurity

Proactively protect and address your cybersecurity and information technology (IT) risks.

Cybersecurity

  1. Article
    Risks and controls RPA solutions

    Identifying risks and controls when implementing RPA solutions in a SOX environment

  2. Article
    cybersecurity program strengthened on computer

    Evaluating your cyber program to strengthen assurance

  3. Article
    IT professionals working at table together in office on cybersecurity

    The missing piece of your network security

  4. Article
    Team members discuss strategy in a meeting

    HITRUST FAQ

  5. Podcast
    Closeup view of cables in server room protecting from cyber attacks

    Healthy Outcomes: The current state of cybersecurity in the healthcare industry 

  6. Article
    Business meeting at conference table with professionals walking by

    SOC FAQ

  7. Resource
    Baker Tilly Fraud Summit

    Baker Tilly Fraud Summit 2023

  8. Webinar
    Consultants review software development code

    Strategy check: evaluating your cyber program to strengthen assurance

  9. In the News
    ransomware attack at a business

    More Malware, Less Ransomware in Higher Ed

  10. Resource
    Professional walking through office using digital tablet

    Governance dashboard for market intelligence

  11. Article
    University campus during the daytime

    How higher education and research institutions may benefit from using HITRUST to navigate research data security requirements

  12. Case Study
    software automation data screen

    Testing of software company's web portal boosts confidence in security measures

  13. Case Study
    Data dashboard coming out of laptop

    Multinational government contractor updates training after phishing prevention campaign uncovers vulnerabilities

  14. Case Study
    Cookies being produced in factory

    Food producer improves network security after disabling unused networks

  15. Case Study
    Rising interest rates, financial growth

    Debt consolidation company closes security vulnerability after successful external penetration testing

  16. Case Study
    Cars lined up on display at dealership

    Multilocation car dealership updates patching inventory after internal vulnerability scan

  17. Article
    Energy plant with abstract data points

    Energy and utilities sector faced with cybersecurity risks

  18. Article
    Woman at a computer analyzing data

    NIST 800-53 Revision 4 to Revision 5 comparison tool

  19. Article
    Two professionals meet at a computer to review analytics

    Four key concepts to consider when using advanced reporting solutions in your SOX program

  20. Article
    Together, team members climb a mountain to reach the summit

    Getting risk appetite right in uncertain times

  21. Article
    Abstract circle arches

    Dynamic risk landscape creates challenges regarding talent, cybersecurity and ESG

  22. Article
    Man looking at data points

    Data mapping: building a strong foundation for cybersecurity and data privacy

  23. Webinar
    Data dashboard coming out of laptop

    Cybersecurity trends: what to expect in 2023

  24. Article
    casual work space office

    How to build an effective IT audit team during a time of skilled resourcing shortages

  25. Whitepaper
    Thumbprint used for increased security

    2023 Cyber Predictions

  26. Article
    Data-driven manufacturing

    Top 5 manufacturing and distribution cybersecurity risks

  27. Article
    Consultants review software development code

    Cybersecurity risks affecting software and technology companies

  28. Article
    Man looking at window of data

    Are you overlooking a key component to cybersecurity risk management? 

  29. Article
    cyber risk manufacturing distribution

    Reducing cyber risk and protecting against a ‘perfect storm’

  30. Article
    team member talking digital screen

    Panel discussion: Smart buildings ARE networked systems

  31. Article
    Colleagues walk down the stairs in discussion

    What's changed with SOC 2?

  32. Webinar
    Closeup of circuitry on computer

    Top cyber trends and emerging risks in the insurance industry

  33. Article
    people office

    Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges

  34. Whitepaper
    Building courtyard with trees

    The evolving risk landscape

  35. Article
    risk_touching_gears

    Utilizing penetration testing to enhance internal audit activities

  36. Article
    Team collaborates on client project

    Easing cyber insurance woes using key controls 

  37. Podcast
    Cybersecurity professionals performs a risk assessment at a computer

    Higher Ed Advisor: designing an effective cybersecurity strategy to safeguard institutional data and research

  38. Article
    Team strategy meeting in conference room overlooking city

    How to manage cyber risks when cyber insurance costs rise

  39. Article
    Health plan achieving interoperability compliance

    Healthcare organizations face a daunting cybersecurity landscape

  40. Article
    Government building pillars with American flag

    Top five digital opportunities for the public sector

  41. Case Study
    Woman votes on a referendum on election day

    State government implements cybersecurity program to prevent ransomware attacks at election offices

  42. Article
    Data, cybersecurity on laptop

    Small business cybersecurity risk: Cyberattacks don’t care how big your business is

  43. Resource
    hands working on report

    Which SOC report is right for your organization?

  44. Article
    man protects firm from cybersecurity risks

    New York Department of Financial Services updates cybersecurity requirements for financial services organizations

  45. Article
    Woman interacts with data

    Combating the rising costs of cyber insurance: how we got here, and what organizations can do

  46. In the News
    cyber cords crossing

    Pointers on Preventing Ransomware

  47. Webinar
    woman-in-front-of-computer

    Cybersecurity vulnerabilities and CMMC update for small businesses

  48. Article
    People shaking hands at a meeting

    Cybersecurity Maturity Model Certification (CMMC) Q&A

  49. Article
    Business professionals works at office computer

    CMMC 2.0: five key changes for government contractors

  50. In the News
    Cybersecurity professionals performs a risk assessment at a computer

    Baker Tilly International: Fighting an unrelenting war – how business can be safe from cyberattack

  51. Webinar
    Finger pressing data on a screen

    Research security: what auditors must know in 2022

  52. Article
    Thumbprint used for increased security

    Public sector internal auditors most concerned by cybersecurity, data and talent risks

  53. Podcast
    Programmer performs systems testing on software

    BuzzHouse: How to protect your company from cyber threats

  54. Article
    Abstract data storage

    How NIST 800-171 Revision 3 may impact CMMC

  55. Article
    Men shake hands in a corporate office building

    Importance of obtaining a SOC 2 for your customers

  56. Article
    securing your family office from a ransomware attack

    Managing your family office's risk against a ransomware attack

  57. Article
    Closeup of circuitry on computer

    Cybersecurity and data privacy: recognizing the risks facing NFP organizations

  58. Article
    cybersecurity businessman touching web

    SEC proposes improved uniformity and comparability of cybersecurity disclosures

  59. Webinar
    Data server center

    Fraud Summit: Managing your risk against a ransomware attack

  60. Webinar
    people raising hands for Q&A

    Fraud allegations and the media: a guide to surviving the spotlight

  61. Webinar
    Woman at a computer analyzing data

    Cybersecurity: to infinity and beyond

  62. Webinar
    man analyzing computer data

    A deeper dive into cyber crime, cryptocurrency and illicit finance

  63. Article
    Person driving a vehicle

    Building sustainable compliance for dealerships in response to the new FTC Safeguards Rule

  64. Article
    Team working to analyze data and software

    New HITRUST assessments rise to meet the need for varying assurance levels

  65. Article
    Team meeting around a computer to analyze data

    Crisis management: three things all businesses should review now

  66. Webinar
    hands typing on laptop

    Insurers and cybersecurity: What will 2022 look like?

  67. Webinar
    Woman looking at data visualization on tablet

    Demystifying HITRUST assessment types: bC, i1 and r2

  68. Podcast
    Data analyst performs market research from various sources

    Higher Ed Advisor: Lehigh University: how cybersecurity and compliance enable revenue generation in higher education

  69. Article
    risk two people climbing a mountain

    Fraud risks in the cannabis industry

  70. Article
    Woman works on computer at night

    Mitigating cyber risk with HCM Advanced Controls

  71. Webinar
    Board meeting at a conference table

    Managing NFP cybersecurity risks through board governance

  72. Webinar
    Cybersecurity data screen

    Leveraging SOC 2 and CMMC reporting to assess compliance of your security environment

  73. Article
    abstract data

    Data Privacy Day 2022: Resolve to be in front of privacy ... not behind it

  74. Whitepaper
    hands typing on laptop

    2022 Cyber Predictions e-book

  75. Webinar
    Car lights speed through valley

    Industry perspectives on CMMC 2.0

  76. Article
    Closeup of circuitry on computer

    Managing cyber risks Part 3: business interruption losses

  77. Article
    People in a crosswalk from above

    Managing cyber risks Part 2: Cyber insurance policies

  78. Podcast
    Fed Talks podcast series

    Fed Talks: CMMC 2.0

  79. Article
    cybersecurity of personal health information

    COVID business shifts change but don’t stop robust HITRUST evaluations

  80. Webinar
    Professionals collaborate in team meeting

    CMMC 2.0: five changes to navigate

  81. Webinar
    NIST Cybersecurity (CSF) assessment

    How to perform a NIST Cybersecurity (CSF) assessment in seven easy steps

  82. Article
    Cyber

    Managing cyber risks Part 1: IT contracts

  83. Webinar
    protected health information

    HITRUST panel: lessons learned from a year of remote HITRUST validations

  84. Resource
    Man consults on the phone while working on the computer

    Ransomware prevention guide

  85. Article
    information traveling to the cloud

    How to mitigate your risk when doing business on the cloud

  86. Webinar
    government contractors need to respond to new supply chain requirements

    Dealing with ever-increasing supply chain risk requirements

  87. Webinar
    Woman looking toward the future

    Utility University: Putting “now, for tomorrow” into practice

  88. Article
    Woman works on computer at night

    Ransomware: understanding the risks and recognizing the threats

  89. Article
    aerial view of a fort

    Mounting a defense in the ransomware war

  90. Article
    Team members review successful project on a tablet

    Elevating IT SOX programs through PCAOB inspection results and staff outlooks

  91. Webinar
    ransomware attack at a business

    Managing your risk against a ransomware attack

  92. Case Study
    Team of consultants analyzes data on the computer

    Investment firm manages risks across large portfolio through ongoing cyber health checks

  93. Case Study
    speed of technology blur

    NCDIT simultaneously undergoes HITRUST and NIST 800-53 readiness

  94. Article
    Protecting your institution with effective cybersecurity governance

    New cyber law impacts Wisconsin insurers

  95. Webinar
    People looking at cybersecurity screens

    Cybersecurity risk management: mitigating vulnerabilities in the cloud

  96. Article
    Medical professional works on a computer with a stethoscope

    Pharmaceuticals distribution in a post-COVID-19 economy: insurance considerations for logistics and distribution

  97. Article
    Professional working remotely

    Cybersecurity awareness remains key for post-pandemic remote workforce

  98. Article
    Supply chain risk management

    Beyond the headline: examining the Biden cybersecurity executive order

  99. Article
    Woman reviews NIST SP 800-161 Revision 1

    NIST SP 800-161 aims to reshape supply chain risk management: What does it mean for government contractors?

  100. Webinar
    woman with multiple computer screens monitoring cybersecurity

    CMMC preparation: minimize competitive barriers and grow your federal business

  101. Article
    Protecting your institution with effective cybersecurity governance

    NY cybersecurity regulation consent order shows need for adequate compliance program

  102. Podcast
    Fed Talks podcast series

    Fed Talks: Zero Trust thirty: reflections on cybersecurity

  103. Article
    View of a computer server room

    Cybersecurity considerations across the life cycle of a deal

  104. Webinar
    Abstract data

    CMMC for construction contractors: a practical examination

  105. Article
    Healthcare data and cybersecurity risk management on an ipad

    HIPAA: get serious about identifying your organizational cybersecurity risks

  106. Webinar
    Cybersecurity

    Real and present maritime cyber security challenges for ship operators, insurers and lawyers

  107. Webinar
    Team meeting at a computer

    NIST 800-53 Revision 5: preparing for the transition

  108. Article
    Protecting your institution with effective cybersecurity governance

    Lions and gazelles - the reality of the cyber jungle

  109. Article
    Cybersecurity and data server at a not-for-profit organization

    Aligning your cybersecurity framework with your organization's mission

  110. Webinar
    Supply chain man working on tablet

    Insurance hot topics virtual series: the evolving insurance cybersecurity program

  111. Whitepaper
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    2021 cyber predictions e-book

  112. Article
    Polaris IT services

    Find your path to Polaris: important takeaways from the draft to GSA’s latest GWAC

  113. Resource
    Conference room in advance of a board meeting

    NACD (National Association of Corporate Directors)

  114. Article
    Woman managing cloud technology on laptop

    Managing security risks when using third-party hosted solutions

  115. Webinar
    SOC lessons learned

    SOC: lessons learned from a year of remote engagements

  116. Article
    Woman managing cybersecurity risks in the cloud

    Managing cybersecurity risks in the cloud

  117. Article
    Cybersecurity on laptop with mobile icons

    Taking a risk-based approach to cybersecurity

  118. Webinar
    CMMC what to expect during official assessment

    CMMC: What to expect during an official assessment

  119. Webinar
    CMMC guidance

    Your CMMC timeline: expert guidance for today and preparing for tomorrow

  120. Webinar
    IT general controls and cybersecurity for public sector

    Stay in control: IT general controls and cybersecurity for public sector

  121. Article
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    New dog, old tricks – how the cyber insurance market can learn from the property market

  122. Article
    Cyberattacks and intellectual property loss

    Cyberattacks and intellectual property loss

  123. Article
    data privacy points across the globe

    Five things you need to know to optimize your company’s approach to data privacy and cybersecurity

  124. Article
    Cyber risk management framework in a virtual environment

    NIST releases SP 800-53 Revision 5 and SP 800-53B

  125. Article
    Healthcare professionals discussing cybersecurity and ransomware attacks

    Healthcare industry seeks enhanced cybersecurity controls in the face of rising ransomware attacks

  126. Article
    Building a practical cybersecurity risk acceptance/risk transfer framework

    Baker Tilly’s global forensics cyber team ranked No. 4 cyber risk service provider by the Insurance Insider

  127. Webinar
    Professional working remotely

    Cybersecurity and business continuity challenges in the work-from-home era

  128. Webinar
    DC Capitol

    Are you ready for CMMC?

  129. Article
    Consultant uses data analytics to address strategic growth

    Data strategy canvas discussion: identifying opportunities and developing actionable solutions for your data

  130. Article
    contractors documenting changing terms of the Paycheck Protection Program (PPP)

    Preparing for the economic recovery: strategies to help contractors succeed in a changed business environment

  131. Webinar
    CMMC cybersecurity success hands

    Ensure CMMC success: seven common scoping mistakes to avoid

  132. Webinar
    Bike wheel spinning

    Data security and shop floor integration/IIoT

  133. Article
    Taking notes while working at a computer

    Section 889 Part B is now in effect – are you ready to respond on day one?

  134. Article
    Man working on a tablet at night

    CMMC: preparation is paramount

  135. Article
    Video conference of a medical professionals

    The rise of telehealth and the importance of cybersecurity

  136. Article
    Factory plant

    Pressure testing supply chain management: What do today’s challenges mean for government contractors?

  137. Webinar
    Dark Web: cybersecurity and the biggest threat facing your organization

    Cybersecurity Maturity Model Certification (CMMC) readiness series – Part II

  138. Article

    Cybersecurity Maturity Model Certification (CMMC) impacts on the research enterprise at higher education and research institutions

  139. Webinar
    IT audit consultant analyzes data on a computer

    Critical cybersecurity considerations with a remote workforce

  140. Case Study
    Man works remotely with phone, reports and computer

    Baker Tilly guides city to enhance IT department operations

  141. Webinar
    Blue lighting in server room

    SOC considerations through the COVID-19 lens

  142. Webinar
    Looking in on a board meeting

    Understanding CMMC and the implications for DoD contractors

  143. Webinar

    CMMC is here, time to move to the cloud

  144. Multimedia
    Webinar series hero

    Simon Oddy discusses mitigating impacts of COVID-19 on insurers and policyholders for supply chain and cybersecurity risks

  145. Podcast
    Baker Tilly podcast

    Mitigating impacts on insurers and policyholders for supply chain and cybersecurity risks from COVID-19

  146. Podcast
    Baker Tilly podcast

    What we’re hearing in the current U.S. insurance market

  147. Article
    Businessman reviews report data

    Important cybersecurity tips while working remotely

  148. Multimedia
    Webinar series hero

    Derek Royster discusses insurance industry exposure during COVID-19

  149. Article
    Neighborhood street leading to state and local government building

    Cybersecurity Maturity Model Certification (CMMC) raises the bar for contractors

  150. Article
    Woman working at a computer

    IT audit for remote work environments during COVID-19 crisis, through recovery

  151. Article
    Doctor reviews patient data on computer

    Technology due diligence in healthcare

  152. Article
    Professional works remotely from home

    Cybersecurity hygiene for individuals working or learning remotely

  153. Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

  154. Multimedia
    geometric ceiling

    Can your IT SOX program withstand the PCAOB?

  155. Webinar
    Keeping your organization aligned with the SEC's cybersecurity guidance

    Keeping your organization aligned with the SEC's cybersecurity guidance

  156. Article
    Classroom

    Cybersecurity issues in research: can higher education institutions keep up with research data security requirements?

  157. Article
    Risky business: Protect your government from cyber threats

    Risky business: protect your government from cyber threats

  158. Webinar
    How Willis Towers Watson successfully moved its global HR operations to the cloud

    Healthcare and the cloud: utilizing cloud computing for more effective healthcare data security

  159. Whitepaper
    Data breaches pose increasing risk to healthcare organizations

    2020 Cyber Predictions

  160. Article
    Server room

    The road to CIO-SP4: uncharted but not entirely uncertain

  161. Article
    View from below of a blue interior staircase

    FEDSIM brings proposal teams to attention: how to prepare for ASTRO launch

  162. Press Release
    Two women working together at a computer, discussing privacy and risk management

    Baker Tilly Partners with CENTRL to Help Clients Enhance Privacy Compliance and Risk Management

  163. Podcast
    team members walk through office

    SOC 2 and data security’s impact on insurance companies

  164. Webinar
    Internal server

    Cybersecurity threat briefing: managing emerging threats and risks

  165. Case Study

    National marrow donor program implements cybersecurity controls to protect sensitive patient data

  166. Webinar
    cyber curcuit board

    Protecting you and your family business against cyber risks

  167. Webinar
    ceiling lines

    Protecting your next investment: The importance of technology due diligence

  168. Article
    Empty conference room

    Authentication: Do we really need to use crazy passwords?

  169. Webinar
    Various meeting notes pinned to a board

    Privacy compliance: ensuring compliance with CCPA and beyond

  170. Press Release

    Internal Employees Greatest Cybersecurity Threat for Insurers

  171. Article
    Stairs and columns outside government building

    New state data breach notification laws have near-term impact

  172. Media

    Accounting Today: It only takes three seconds

  173. Press Release

    More than 25% of Healthcare Organizations Rate Cybersecurity as Their Greatest Concern

  174. Webinar
    Stack of papers

    The NAIC Insurance Data Security Model Law: Preparing for your state’s next cybersecurity examination

  175. Press Release

    Baker Tilly Poll Shows Most Organizations Not Compliant with New SOC 2 Criteria

  176. Media

    Corporate Compliance Insights: Investment in Cybersecurity is Key to Minimizing Risk and Gaining a Competitive Edge

  177. Press Release

    Cyber risks weaken links in supply chains

  178. Article
    Hospital groups threaten to sue over site-neutral payment cuts

    Navigating the NAIC Insurance Data Security Model Law

  179. Webinar

    Understanding privacy regulations and compliance

  180. Article
    prepare to answer questions about cybersecurity

    Audits hone in on cybersecurity

  181. Webinar
    Software and technology

    Cybersecurity oversight: the board and C-suite’s perspectives

  182. Article
    Stack of white papers

    AICPA proposes guidance for new System and Organization Controls (SOC) Supply Chain report

  183. Webinar
    Bundle of fiber optic wiring

    Transitioning between System and Organization Control (SOC) reports

  184. Article
    Storm tracking radar

    European Commission releases report on U.S.-EU Privacy Shield

  185. Article
    Clinical quality, economic value and available data sources: How these work hand in hand

    Cybersecurity matters

  186. Webinar
    Padlock on red door

    The rise of privacy: a risk-based approach to privacy oversight, compliance and management

  187. Webinar
    Secure server

    Managing cyber threats: Developing a sustainable cybersecurity program to address your unique risks

  188. Article
    Lock key

    Putting a price on privacy risk

  189. Article
    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

    “Attorneys’ and hackers’ eyes only”: cybersecurity risk management program for law firms

  190. Article
    View of a computer server room

    U.S. federal data privacy law gains support of tech giants

  191. Article
    SEC releases guidance on cyber-related fraud and accounting controls for public companies

    SEC releases guidance on cyber-related fraud and accounting controls for public companies

  192. Webinar
    lighthouse at the end of a dock at night with water

    Preparing for SOC 2® changes: lessons learned from applying the new Trust Services Criteria

  193. Case Study
    Tall electrical tower

    System and Organization Controls (SOC) reports provide third-party assurance and significant time savings for large energy company

  194. Webinar
    View of a computer server room

    Protecting your next investment: The importance of cybersecurity due diligence

  195. Press Release

    Nearly 90 percent of Organizations Lack Holistic Cybersecurity Testing Program

  196. Webinar
    Secure server

    Advanced cyber intelligence techniques: Integrated security testing

  197. Article

    Data privacy legislation tightens across the globe

  198. Press Release

    Majority of Insurers Have Not Adopted Agile Methodologies within Internal Audit Function

  199. Article
    Typing on keyboard

    California passes furthest reaching privacy law to date

  200. Article
    Buildings in Philadelphia

    Privacy and data security concerns continue to rise after GDPR enforcement date

  201. Article
    View of a computer server room

    GDPR quick assessment questionnaire: assess your GDPR data footprint

  202. Article
    Why you should hire a virtual chief information security officer (CISO)

    Why you should hire a virtual chief information security officer (CISO)

  203. Article

    Using cybersecurity attack and breach simulations to manage your organization’s attack surface

  204. Whitepaper
    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

    Leveraging big data in the consumer credit industry: Better use of quality data can revitalize exhausted servicers

  205. Article
    Five person board meeting

    The Center for Audit Quality releases new guidance on Cybersecurity Risk Management Oversight: A Tool for Board Members

  206. Article
    string of lights

    Embracing technology change

  207. Webinar
    Man works remotely with phone, reports and computer

    System and Organization Controls (SOC): latest SOC 2® guidance updates and impacts for issuers and recipients

  208. Article
    Ethernet cables

    System and Organization Controls (SOC): 20 questions with Baker Tilly

  209. Webinar
    Server room

    GDPR: is your organization ready?

  210. Webinar
    Touch screen

    Attack surface management webinar series

  211. Webinar
    View of a computer server room

    System and Organization Controls (SOC) webinar and insights series

  212. Webinar
    Man at desk

    Monitoring your attack surface with effective logging capabilities

  213. Case Study
    Emerging trends in cybersecurity

    International insurance group strengthens cybersecurity program and complies with comprehensive regulations

  214. Article
    Woman reviews business plan on computer

    AICPA releases new guidance on System and Organization Controls (SOC) 2® Trust Services Criteria and Description Criteria

  215. Article
    Cybersecurity management in higher education

    Cybersecurity management in higher education

  216. Webinar
    Key and keyboard

    Vulnerability management: What could it look like at your organization?

  217. Article
    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

    AICPA releases System and Organization Controls (SOC) for Cybersecurity guidance with SOC 2® comparison

  218. Press Release

    33 Percent of Financial Institutions Have Not Tested Their Cybersecurity Incident Response Plan

  219. Article
    View of a computer server room

    NYS DFS cybersecurity law: Implementation lessons learned

  220. Article
    European Union and United Kingdom flags

    European Union’s General Data Protection Regulation (GDPR) enforcement date looms

  221. Webinar
    Man working at a computer from home

    SOC update: Lessons learned from the first year of SSAE18 and SOC for Cybersecurity

  222. Article
    Strategy session resources

    System and Organization Controls (SOC): a guide to transitioning to the new Trust Services Criteria

  223. Webinar
    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

    Sustainable cybersecurity for manufacturing and distribution: Managing risks with limited budgets and talent

  224. Webinar
    fiber optics, lights, technology

    Social media data risks: Take steps now to improve your security posture

  225. Webinar
    Typing on keyboard

    Understanding the NAIC Insurance Data Security Law: Cybersecurity rules and regulations for insurance organizations

  226. Article
    Five person meeting

    Tips to understand and maximize the value of SOC reports for boards, audit committees and senior management

  227. Article
    Lock and laptop

    Cybersecurity and other topics discussed at PCI event

  228. Webinar
    Architecture details, glass windows

    System and Organization Controls (SOC) essentials II: key tips for issuers and recipients

  229. Press Release

    Baker Tilly Adds David Ross to Enhance National Cybersecurity Specialization

  230. Webinar
    Ensuring cybersecurity to protect university IP assets

    Ensuring cybersecurity to protect university IP assets

  231. Article
    Opening between buildings

    HITRUST CSF™ Version 9: updates and impacts for certification

  232. Case Study
    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

    Financial institution develops a business continuity plan that complies with key banking regulatory guidelines

  233. Case Study
    Construction planning

    Mortgage originator ensures compliance with FFIEC guidelines through business continuity management and disaster recovery plan assessments

  234. Case Study
    City skyline at sunset

    Real estate investment firm improves its business continuity strategy and approach with Baker Tilly risk assessment and disaster recovery plan

  235. Case Study
    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

    A not-for-profit strengthens its defenses against and preparedness for potential disaster and/or crisis with business continuity and disaster recovery planning

  236. Article
    Strategic planning meeting members brainstorm with a clear whiteboard

    Developing and implementing an effective breach response plan

  237. Article
    technology, digital, lights

    Monitoring and verifying cybersecurity controls effectiveness

  238. Article

    Watch out for e-mail compromise fraud schemes

  239. Article
    Data center, server

    Dark Web: cybersecurity and the biggest threat facing your organization

  240. Article
    fiber optics, lights, technology

    Cybersecurity risk management reporting framework can provide a key component of an organization’s risk management program

  241. Webinar
    SOC essentials and reporting options

    SOC essentials and reporting options

  242. Webinar
    Data center, server

    Data security: keys to building a sound data risk management program

  243. Webinar
    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

    SOC updates: Understanding SOC for Cybersecurity and SSAE 18

  244. Webinar
    Fiber optic cables and lights

    The next big real estate challenge: cybersecurity and smart buildings

  245. Article

    Why cybersecurity is getting more difficult to manage

  246. Webinar
    The finalized NYS DFS cybersecurity regulations: The 12 month transition

    The finalized NYS DFS cybersecurity regulations: The 12 month transition

  247. Case Study
    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

    Not-for-profit undergoes IT general controls and application controls audit and receives recommendations that will drive IT planning and budget processes and improve operating effectiveness

  248. Case Study
    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

    Publicly traded manufacturer improves financial reporting control environment after SOX compliance review

  249. Article
    NAIC risk focused examinations: Insurers, be prepared for your next examination

    NAIC risk focused examinations: Insurers, be prepared for your next examination

  250. Article
    Final NYS DFS cybersecurity regulations signed into law

    Final NYS DFS cybersecurity regulations signed into law

  251. Case Study
    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

    Health system strives to maintain data security working with Baker Tilly to conduct a HIPAA security risk assessment

  252. Article
    Cybersecurity: What threats are your smart devices up against?

    Cybersecurity: What threats are your smart devices up against?

  253. Article
    NAIC cybersecurity update: Jan. 24 2017

    NAIC cybersecurity update: Jan. 24 2017

  254. Article
    string of lights

    Creating a sustainable cybersecurity management program

  255. Webinar

    Public and social media data risks: Protecting your organization from hackers

  256. Webinar

    Sustainable cybersecurity management: why it is critical to review your program now

  257. Article
    ASC 606 transition: Disclosures

    ASC 606 transition: Disclosures

  258. Article
    People walk on curved walkway between buildings

    AICPA proposes cybersecurity attest engagement

  259. Article
    NY DFS cybersecurity law Q&A

    NY DFS cybersecurity law Q&A

  260. Article
    Phishing for Awareness: Why cybersecurity matters for auto dealerships

    Phishing for Awareness: Why cybersecurity matters for auto dealerships

  261. Case Study
    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

    Intellectual property law firm seeks IT risk and network vulnerability assessments to protect sensitive data

  262. Article
    New York Department of Financial Services (DFS) releases new cybersecurity regulations

    New York Department of Financial Services (DFS) releases new cybersecurity regulations

  263. Webinar
    Protecting Federal Information: Five Things Contractors Need to Know

    Protecting Federal Information: Five Things Contractors Need to Know

  264. Article
    NAIC releases new version of Cybersecurity Model Law

    NAIC releases new version of Cybersecurity Model Law

  265. Article
    SEC Customer Protection Rule Initiative

    SEC Customer Protection Rule Initiative

  266. Article
    New cybersecurity requirements for government contractors

    New cybersecurity requirements for government contractors

  267. Article
    cybersecurity warning over data

    Playing offense and defense: assessing and managing cyber risk effectively

  268. Article
    Green plant

    Cybersecurity management: monitoring and verifying your cybersecurity controls are performing effectively

  269. Article
    Secure network

    The changing role of the examiner and cybersecurity risk in the financial services industry

  270. Article
    Server room at a data center

    Emerging trends in cybersecurity

  271. Article
    lock button on keyboard

    EU-US Privacy Shield Agreement increases oversight of data transfers: US companies brace for requirements

  272. Article
    Protect your firm and clients: Top 10 cybersecurity steps for law firms

    Protect your firm and clients: Top 10 cybersecurity steps for law firms

  273. Article
    architecture, blue support beams

    Cybersecurity management: implementing cybersecurity controls

  274. Article
    laptop security

    Cybersecurity Disclosure Act of 2015: what you need to know now

  275. Article
    How to solve your organization’s biggest cybersecurity threat

    How to solve your organization’s biggest cybersecurity threat

  276. Article
    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

    Prioritize your cybersecurity and HIPAA initiatives with a risk assessment

  277. Webinar
    Business district skyline at night

    Protecting federal information: new cybersecurity guidance for contractors

  278. Article
    Conference room in advance of board meeting

    Table of experts - fraud and cybersecurity

  279. Article
    Lights speeding by with city buildings in the distance

    Cybersecurity management: data classification demystified

  280. Article

    Increase IT project success with project risk reviews

  281. Article
    Conference room in advance of board meeting

    Cyber-risk: what audit committees and boards need to know now

  282. Article

    New Jersey law mandating health insurance data encryption may have broader implications

  283. Article
    city skyline

    Cybersecurity: stay ahead of an evolving landscape

  284. Article
    Hikers climb a rocky path

    Cybersecurity: steps to take now

  285. Webinar
    Construction site with crane

    A framework for auditing mobile devices

  286. Article

    Is your business continuity sound?

  287. Article

    Cybersecurity: the growing threat (and what to do about it)

  288. Article
    Conference room in advance of a board meeting

    U.S. cybersecurity executive order could mean changes for many organizations

  289. Whitepaper
    View of a computer server room

    NYS DFS cybersecurity rules compliance guide

  290. Article

    New NIST Cybersecurity Framework

  291. Article

    Cyber preparedness and business interruption survey

  292. Article
    Building a practical cybersecurity risk acceptance/risk transfer framework

    Building a practical cybersecurity risk acceptance/risk transfer framework

  293. Case Study

    Baker Tilly helps local government strengthen its IT department

  294. Article

    Annual Statement of Accounts (ASOA) certification required for music streaming service providers

  1. Jeff Krull

    Jeff Krull

    CPA, CISA, CITP

    Partner

  2. Mike Cullen

    Mike Cullen

    CISA, CISSP, CIPP/US

    Principal

  3. Emily Di Nardo

    Emily Di Nardo

    CPA, CITP, HITRUST CHQP

    Partner

  4. Matt Gilbert

    Matt Gilbert

    CISA, CRISC

    Principal

  5. Garrett Gosh

    Garrett Gosh

    CPA, CITP

    Partner

  6. Madhu Maganti

    Madhu Maganti

    CPA, CISA, M.S.

    Partner

  7. Brian Nichols

    Brian Nichols

    CISSP, CIPP/US

    Principal

  8. Atit Shah

    Atit Shah

    CISA

    Principal

  9. Joe Shusko

    Joe Shusko

    CISA, PMP

    Principal

  10. Christopher J. Tait

    Christopher J. Tait

    MBA, CISA, CCSK, CFSA, CCSFP

    Principal

Organizations need an accurate and objective view of their cybersecurity profile to safeguard information assets and protect the organization's value.

    Proactively protect and address your cybersecurity and information technology (IT) risks.

    Information assets and technology investments left ungoverned and unprotected leave organizations vulnerable to compromise and loss of reputation, revenue/value, customers and intellectual property. Couple these risks with the increasing demands for transparency, accountability and compliance by regulators, government entities, shareholders and others, and you have a perfect storm of risks.

    While sophisticated hacking is a valid threat to organizations, it is rarely the root cause of a data breach. The vast majority of data breaches and cybersecurity incidents are actually caused by a breakdown of basic cybersecurity processes and controls.

    Baker Tilly’s cybersecurity specialists work with organizations to assess their risk and achieve measurable security enhancements and cybersecurity control improvements. We will evaluate your cybersecurity controls, deliver recommended improvements and provide assurance that your cybersecurity controls are working.

    Cybersecurity services and IT assessments

    Contact our teamarrowCreated with Sketch.

    Cybersecurity and privacy compliance services

    Contact our teamarrowCreated with Sketch.

    Cybersecurity certifications

    Cybersecurity compliance assessments

    We have experience performing assessments against a variety of compliance frameworks, including: 

    •  Defense Federal Acquisition Regulation Supplement (DFARS) for Cybersecurity
    • Family Education Rights and Privacy Act (FERPA)
    • Federal Information Security Modernization Act (FISMA)
    • Gramm-Leach Bliley Act (GLBA)
    • Health Insurance Portability and Accountability Act (HIPAA)
    • International Organization for Standardization (ISO) 27001
    • Model Audit Rule (MAR)
    • NAIC Insurance Data Security Model Act
    • National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) – 800-171 and 800-53 (including Revision 5)
    • New York Department of Financial Services (NY DFS) Cybersecurity Regulation
    • Payment Card Industry Data Security Standard (PCI DSS)

    Privacy assessments

    We are making great headway on security policies, procedures and it’s measurable. Our exposed surface area for cyber-attack is smaller than it’s ever been.
    Director of Information Systems for a large insurance company

    Our industries

    1. Life sciences presentation on data dashboard

      Healthcare & Life Sciences

      Baker Tilly helps organizations win now, and explore the options for tomorrow, through an orchestrated approach and understanding encompassing all facets of the healthcare ecosystem.
    2. Two advisors reviewing financial services dashboard data

      Financial Services

      The financial services industry continues to diversify, but competition and more complex vendor relationships make determining business strategy more complicated.
    3. Students review schedules on campus

      Higher Education

      Balance competing priorities. Effectively align limited resources. Advance student and institutional success.
    4. Commercial real estate properties in city

      Real Estate

      Innovative solutions for developers, owners, investors and property managers.
    5. Supervisor observes an energy power plant

      Energy

      With expertise in oil and gas, power and utilities and renewable energy, we provide a collective view with measurable results.
    6. Manufacturing and distribution professional operating mes system software

      Manufacturing & Distribution

      Helping manufacturing and distribution (M&D) companies reduce risk and improve efficiencies from the shop floor to the top floor.
    7. Lawyer on mobile phone in law firm office

      Law Firm & Professional Services

      In the face of intense competition, successful law firms must deliver quality legal services and practice effective business management.
    8. Technician analyzes security of data on servers

      HITRUST CSF Assessment Services

      The HITRUST CSF provides an integrated, certifiable approach to securing PHI. Any organization handling PHI on behalf of customers may be required to obtain a HITRUST CSF certification.

    Featured insights

    Webinar
    Critical cybersecurity considerations with a remote workforce

    Critical cybersecurity considerations with a remote workforce

    Resource
    Ransomware prevention guide

    Ransomware prevention guide

    Webinar
    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Cybersecurity maturity – enhancing your organization’s cyber risk management posture and program

    Article
    The impact of COVID-19 on SOC

    The impact of COVID-19 on SOC