Technology Consulting

Security and Risk Assurance


As more companies become victims of data breaches, the truth is that no place, industry, business, or organization is immune. The modern threat environment includes ransomware and spear-phishing attacks that target businesses perceived as soft targets. Additionally, the regulatory and compliance environment continues to introduce new and expanded frameworks.

Impacts of a Data Breach

Hard costs like data recovery, legal fees, regulatory fines, and more may hit the bottom line immediately following an attack, and long incident response times may slow or stop business development. At the same time, the loss of trust and reputational damage can have an even greater impact on an organization in the long term.

How We Can Help

A security program that implements, monitors, and manages best business practices is a competitive advantage you need. Our 8-Point Assessment examines the following areas and provides actionable steps to develop a program that meets your needs and budget.

1. Defend Perimeter – Network system architecture, hardware, software, and connectivity. 
2. Inventory Data – Creation, storage, encryption, and retention policies. 
3. Manage System Users – Internal and external authorized personnel access and employee attrition. 
4. Review Access Controls – Passwords or multi-factor authentication and single sign-on procedures. 
5. Monitor System Environment – Ongoing observation of access/attempted breach or suspicious activity. 
6. Plan Breach Response – Cyber resiliency plan; disaster recovery, back-up, and restoration policies. 
7. Maximize Organizational Awareness – Training and development, security best practices, and education.
8. Compliance Initiative Assistance – Industry and compliance-based regulations and requirements, including PCI DSS, the Federal Information Security Management Act (FISMA), Sarbanes-Oxley, and the Gramm-Leach-Bliley Act.

The EKS&H Advantage

  • Comprehensive business focus—By offering both technology and accounting compliance services, we comprehensively support your organization’s security needs.
  • Proactive guidance—Phishing, malware, RAM-scraping, mobility, virus security patches—we help you stay ahead of the latest threats and identify new critical protections unique to your industry, business, or organization.
  • Experience—Combining years of business technology consulting experience with the expertise of individuals who have been in your shoes as CIOs, IT directors, and others, we are knowledgeable about proven methodologies to keep your systems safe.

Talk with Our Service Area Lead

Connect with Gabriel Cisneros to discuss your security and risk assurance needs.


Angela Appleby
Although not a legal requirement for public companies, the SEC issued new guidance for the disclosure of cybersecurity threats or incidents. Find out what actions your company needs to take to adhere to the guidance.

Read more »


Angela Appleby
The threat of being fined 20 million euros or 4 percent of total annual review for companies not complying with the General Data Protection Regulation is real. Our primer shows you how to meet the requirements.  

Read more »

Why Small and Medium-sized Businesses Fail at Cybersecurity

Gabriel Cisneros
Most SMBs that suffer cybersecurity attacks don’t have the resources to recover. Developing a defense system isn’t hard, but does require a proactive approach.

Read more »


Gabriel Cisneros
It’s important to perform patch maintenance to protect your business from data breaches. Unfortunately, far too many businesses neglect this crucial task and suffer the consequences. 

Read more »

New Rules for Password Security

Gabriel Cisneros
Nearly 37 percent of small companies have weak passwords. Is yours one of them? If so, stop using old password rules and learn the new ones to stay secure online.

Read more »