Search Blogs
Fraudulent Applications: Are Attackers Pretending to be You?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series When downloading a new app, be sure it’s from a credible source. Hackers can create fraudulent applications that look very similar in name or appearance to well-known apps. To make matters worse, these fake apps can sometimes be found on trusted sites like the Apple or…
Fraudulent Domains: Are You a Victim of Typosquatting?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Fraudulent domains look very similar to your organization’s domain name and are used to fool people into thinking they are interacting with you. These domains are often used in phishing attacks, which according to CSO Online, account for more than 80% of all reported security incidents….
DNS Health: Ensure your organizations’ identity is protected
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Your organization’s domain name (e.g. “example.com”) serves as the base of operations for your online identity – helping interested parties to find you and connect with you online. However, the underlying machine language of the internet is based on numbers. Every site on the internet has…
Network Security: Building Resiliency
GRF Cybersecurity Risk Assessment and Scorecard Blog Series It’s not just about disruption or inconvenience. A compromised technology incident can have a detrimental impact on your organization’s processes, mission, and reputation. A review of your external network security risk should include looking at any risk that is related to your perimeter network – or…
DDoS Resiliency: Protecting Against the Attack of the Robots
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Your website is essential for promoting your nonprofit organization’s mission. However, bad actors often target nonprofit websites for attack, assuming they are not as protected as commercial sites. One hacker strategy is to bring the site down entirely through a denial of service attack. That’s where…
Email Security: Don’t let attackers in through the front door
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Your email is a critical business function that needs to be constantly available and secured. Securing your email systems involves looking at the configuration of your email server, your mail exchange (MX) records, and SMTP (Simple Mail Transfer Protocol) to identify any potential vulnerabilities or misconfigurations….
Attack Surface: Are all your systems’ access points secure?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Anything freely available on the internet and open to users can be a point of attack for a malicious actor. To prevent unauthorized access to your network and systems, it’s crucial to understand the vulnerabilities of your network. The term “attack surface” refers to the total…
Fraud Control and Prevention: Proactive Measures
The Association of Certified Fraud Examiners (ACFE) publishes a bi-annual, Report to the Nations (the Report) providing detailed statistics and key findings related to fraudulent activity by industry throughout the world. The 11th study of occupational fraud, the publication serves as one of the best sources of fraud-related data and information the globe over. GRF’s…
Fraud Control and Prevention: Mastering the Basics
Keeping it simple provides more protection than you might expect By Mac Lillard, CPA, CFE, CISA, CRISC, CITP | Manager, Audit and Risk Advisory Services During 2020, the Federal Trade Commission (FTC) received more than 2.2 million reports of fraud, up 500,000 from the 1.7 million reports filed in 2019. The significant increase in fraudulent…
Information Disclosure: Are you up to date on privacy laws?
GRF Cybersecurity Risk Assessment and Scorecard Blog Series Securing the privacy of your organization’s employee and customer data is critical for maintaining the trust of members and donors – and is increasingly becoming a legal requirement. What is information disclosure? Information disclosure occurs when an application reveals sensitive information about its users. Depending on…