Cybersecurity Resources

Tools to help boost your security

Keeping your organization safe from cyber threats requires constant vigilance. At GRF, we’re here to help. Here are some curated resources created by our advisory team. You can also contact us if you need more hands-on support.

Live Webinars

Live Webinars Join us for free upcoming webinars, designed to help you learn the critical elements of a cybersecurity program. Our experts will explain things in plain English and answer any questions you have.

Our 2nd annual Cyber Symposium is coming up December 10th! This virtual symposium will provide compelling insight into current trends that impact nonprofit organizations and a look into practical solutions for mitigating risk.

Sign up for event updates >

Watch Now

Watch our cybersecurity experts explain the latest cyber threats, or see our Cybersecurity Risk Assessment and Scorecard in action.

Cybersecurity Is AI the Secret WeaponIn this engaging session, we’ll guide you through an immersive journey where technology meets security, and human expertise joins forces with artificial intelligence to fortify your cybersecurity defenses. Our expert speakers provide practical insights and actionable strategies to help you stay ahead of cyber threats and navigate the complex world of compliance obligations.


Your Organization’s Guide to Cybersecurity WebinarCybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed by the technical jargon? Join GRF CPAs & Advisors to learn the critical elements of a cybersecurity program that organizations of any size can follow. We will discuss the various benefits of a well-devised IT assessment to protect your organization from outside threats. The session will also cover best practices needed to enhance cybersecurity efforts and protect your organization’s most sensitive data.


GRF Webinar Cybersecurity Sep-8 ScreenshotData security should be a top priority for all organizations, and this is the perfect time to get your house in order. GRF’s risk advisory services team discusses possible vulnerabilities and weaknesses that malicious actors may already know about, and why they are important to remediate. We cover 19 security-related topics that may have an effect on your organization and help to prevent data breaches, privacy violations, and overall compliance risk. You’ll gain industry best practice knowledge and the top priorities that you should be pursuing to help guide your organization through its cybersecurity journey.


GRF Cybersecurity Risk Assessment and ScorecardThe GRF Cybersecurity Scorecard identifies possible vulnerabilities and weaknesses of an organization by evaluating 19 security related categories and one informational category. Each of the categories impact the score and help to create an easy-to-read report. The report will identify possible risks, remediation steps, and best practices to increase your score.



Long-form content you can download in PDF format and share with your team.

GRF-Whitepaper-Elements-of-Successful-Cybersecurity-coverDigital transformation means that organizations must be proactive about their cybersecurity. Not only are there more ways to be attacked than ever before, but cybersecurity breaches are constantly changing and hackers are becoming more sophisticated. Without proper cybersecurity, the organization’s critical activities are at risk and the potential for reputational damage is real.

Successful cybersecurity programs include a combination of elements, including leadership buy-in, end-user training, leveraging existing tools, using multi-factor authentication, and using effective cloud security. Our report details these critical elements and provides recommended resources for improving your cybersecurity posture.


Business Continuity PlanningBusiness Continuity Planning Provides Organizational Resilience

Unplanned disruptions can adversely affect the operations of any organization, no matter the size, putting it and its stakeholders at significant risk. Fortunately, strategic investments and scenario planning can give your organization a competitive advantage over those who are unprepared for a variety of contingencies. Business Continuity Plans (BCP) are an important part of risk management and can include scenarios such as pandemics (like COVID-19), government shutdowns, natural disasters and cyberattacks. In an era of devastating cyber breaches and unprecedented political rancor, the financial health and mission success of any organization depends on its preparation to weather almost any storm.


GRF’s Cybersecurity Guide Risks & Mitigation StrategiesRemote work has exposed existing cybersecurity risks and created new ones. How is your organization responding?

In this eBook, we provide detail on 20 different cybersecurity risk categories that can impact your organization. For each risk category, we explain the potential weaknesses and vulnerabilities that exist and how to identify them in your systems.

These risks are assessed in GRF’s Cybersecurity Risk Assessment and Scorecard, a tool that provides a baseline diagnostic to help you analyze your organization’s risk and develop an appropriate compliance strategy.

You may be surprised to discover you already have the right tools – you just need to leverage them properly.


Third-party-risk-in-a-post-pandemic-world-coverThe COVID-19 pandemic resulted in economic uncertainty around the world. It also exposed a number of risks for historically stable and profitable businesses, ranging from early retirement of key executives to insufficient insurance coverage. Underlying risks associated with third-parties prevail today. These parties can include everyone from contractors providing janitorial services to suppliers of a critical component to your manufacturing process. Risks to third-parties are also risks to your organization. A plan for managing third party risk protects your organization from unsuspected threats and nasty surprises.

Third-party risk management (TPRM) is the process of analyzing and mitigating risks associated with parties outside your organization.  Whether a third-party is part of the supply chain or an outsourced information technology services provider, organizations are increasingly implementing TPRM programs to ensure third-parties are not creating additional exposure for them. Successful outsourcing relationships with effective risk management allow the organization to safely procure goods and services and focus on their strategic objectives.


Online Posts

Quick reads to get up to speed on specific cybersecurity topics.

On December 5, 2023, the first annual GRF Virtual Cyber Symposium for Nonprofits & Associations brought together experts in cybersecurity, privacy, and insurance to share the strategies tax-exempt organizations can implement to identify risks and reduce an organization’s exposure.


End user cyber security training is essential for preventing malicious actors from gaining unauthorized access to your organization’s network. Creating a risk-averse organization involves making your staff aware of best-practices for identifying common attacks, like phishing scams. At the end of this article, you will find a cyber hygiene template and risk checklists for privacy, third-parties, and IT.


Remote work has exposed existing cybersecurity vulnerabilities and created new ones. How is your organization responding? The GRF Cybersecurity Risk Assessment and Scorecard provides a baseline diagnostic to help you analyze your organization’s risk and develop an appropriate compliance strategy. You may be surprised to discover you already have the right tools – you just aren’t leveraging them.

In this Blog Series, we provide detail on 20 different risk categories that are assessed in our diagnostic tool. For each risk category, we explain the potential weaknesses and vulnerabilities risks that exist and how to identify them in your systems.

Safeguard risks:

Digital Footprint
Patch Management
Application Security
CDN Security
Website Security

Privacy risks:

SSL/TLS Strength
Credential Management
Hacktivist Shares
Social Network
Information Disclosure


Attack Surface
DNS Health
Email Security
DDoS Resiliency
Network Security

Reputation Risks:

Brand Monitoring
IP Reputation
Fraudulent Applications
Fraudulent Domains
Web Ranking


Third-Party Risk Management is the process of analyzing and mitigating risks to your organization by parties other than your organization. Third parties pose a persistent risk as they are often holding data on behalf of the organization. Here are some resources to assist in managing these risks:


GRF Checklists

Our GRF advisory team has developed handy checklists you can use to analyze your organization’s risk.

Cybersecurity threats are always changing and hackers are busy finding ways to exploit your assets.

Download a PDF copy of our checklist to share with your colleagues, or, take our interactive quiz to help identify areas where you might be vulnerable.


Is your organization focused on the right issues when it comes to privacy, IT asset protection and third party risk management? To help clients identify and prioritize the most critical risks, GRF has developed comprehensive checklists that highlight vulnerable areas for most organizations. Use these checklists to analyze your organization’s risk.


Case Study

GRF’s Cybersecurity Scorecard Provides a Holistic Approach to Cybersecurity

A 501(c)(6) national trade association based in Washington, DC has been digitally transforming their organization proactively over the past few years. With an annual budget of $2.7 M, the organization, like many of its peers, has incorporated cutting-edge technologies into their operations in order to streamline processes and increase efficiency. Unfortunately, a greater reliance on information systems and outsourced service providers has created a new set of security and privacy concerns. Learn how the association used the GRF cybersecurity scorecard to develop a benchmark and address potential vulnerabilities and monitor its cybersecurity posture on an ongoing basis.


GRF Cybersecurity Blog Series

Email Updates

Subscribe to receive GRF communications with the latest on the cyber risk landscape as well as the most current regulations and recommendations to help you safeguard the integrity of your information technology systems.


Need Help?

Contact Us to get started, or reach out to member of our Cybersecurity Team below.


Melissa Musser, CPA, CIA, CITP, CISA

Partner and Director, Risk & Advisory Services

Darren Hulem

Darren Hulem, CISA, CEH, Security +

Manager, IT and Risk Advisory Services

Cybersecurity Assessment

Learn Your Cybersecurity Score

Cybersecurity Services

Go to Services Page

Talk to a GRF Expert

Contact Us