Category: Risk & Advisory

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Your organization’s domain name (e.g. “example.com”) serves as the base of operations for your online identity – helping interested parties to find you and connect with you online. However, the underlying machine language of the internet is based on numbers. Every site on the internet has…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     It’s not just about disruption or inconvenience. A compromised technology incident can have a detrimental impact on your organization’s processes, mission, and reputation. A review of your external network security risk should include looking at any risk that is related to your perimeter network – or…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Your website is essential for promoting your nonprofit organization’s mission. However, bad actors often target nonprofit websites for attack, assuming they are not as protected as commercial sites. One hacker strategy is to bring the site down entirely through a denial of service attack. That’s where…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Your email is a critical business function that needs to be constantly available and secured. Securing your email systems involves looking at the configuration of your email server, your mail exchange (MX) records, and SMTP (Simple Mail Transfer Protocol) to identify any potential vulnerabilities or misconfigurations….

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Anything freely available on the internet and open to users can be a point of attack for a malicious actor. To prevent unauthorized access to your network and systems, it’s crucial to understand the vulnerabilities of your network. The term “attack surface” refers to the total…

Read more ›

The Association of Certified Fraud Examiners (ACFE) publishes a bi-annual, Report to the Nations (the Report) providing detailed statistics and key findings related to fraudulent activity by industry throughout the world. The 11th study of occupational fraud, the publication serves as one of the best sources of fraud-related data and information the globe over. GRF’s…

Read more ›

Keeping it simple provides more protection than you might expect By Mac Lillard, CPA, CFE, CISA, CRISC, CITP | Manager, Audit and Risk Advisory Services During 2020, the Federal Trade Commission (FTC) received more than 2.2 million reports of fraud, up 500,000 from the 1.7 million reports filed in 2019. The significant increase in fraudulent…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Securing the privacy of your organization’s employee and customer data is critical for maintaining the trust of members and donors – and is increasingly becoming a legal requirement. What is information disclosure?  Information disclosure occurs when an application reveals sensitive information about its users. Depending on…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Social media has allowed organizations to connect with customers around the world, but the wide reach of your social network also presents opportunities for hackers and bad actors to launch attacks or damage your organization’s reputation. Properly understanding and managing your social media presence allows you…

Read more ›

GRF Cybersecurity Risk Assessment and Scorecard Blog Series     Hackers and malicious attackers will often publicize their targets in various forums or on the dark web, so they can gather support and intelligence for taking down a website or finding vulnerabilities within an organization. Hacktivists are hackers who are politically and/or socially motivated. Their targets…

Read more ›