Technology Consulting

Security and Risk Assurance


Almost half of organizations have suffered at least one security incident in the past 12 months, and the average cost of a U.S. data breach is now $6.5 million, according to reports by the Ponemon Institute and Experian®. Security incident costs can include both indirect expenses, such as loss of customers or business partners, and direct expenses, including technology recovery, customer communication, and legal fees. Of course, the greatest risk is your reputation-your most important and valuable asset.

More industries than ever are bound by increasingly complex state and federal government regulations concerning data security (e.g., PCI DSS, the Federal Information Security Management Act (FISMA), Sarbanes-Oxley, and the Gramm-Leach-Bliley Act). EKS&H offers data security clients a custom and comprehensive eight-step assessment:
  1. Defend perimeter—Network system architecture; hardware, software, and connectivity
  2. Inventory data—Creation, storage, encryption, and retention policies
  3. Ensure regulation compliance—Industry and organization-based legal regulations and requirements
  4. Manage system users—Internal and external authorized personnel access, and employee-based attrition
  5. Review access controls—Passwords or multi-factor authentication, and single sign-on procedures
  6. Monitor system environment—Ongoing observation of access/attempted breach or suspicious activity
  7. Plan breach response—Cyber resiliency plan; disaster recovery, backup, and restoration policies
  8. Maximize organizational awareness—Training and development; security best practices and education

The EKS&H Advantage

  • Comprehensive business focus—By offering both technology and accounting compliance services, we comprehensively support your organization’s security needs.
  • Proactive guidance—Phishing, malware, RAM-scraping, mobility, virus security patches—we help you stay ahead of the latest threats and identify new critical protections unique to your industry, business, or organization.
  • Experience—Combining years of business technology consulting experience with the expertise of individuals who have been in your shoes as CIOs, IT directors, and others, we are knowledgeable about proven methodologies to keep your systems safe.

Talk with Our Practice Lead

Connect with Gabriel Cisneros to discuss your security and risk assurance needs.

Contact Gabriel »

Minimizing Cybersecurity Risk

Dan Domagala

Protecting information is a necessity for all organizations including hospitals, businesses, governments, and technology hubs. In this multi-part series Consulting Senior Manager Dan Domagala outlines critical steps you can take today to protect your organization from cybercriminals. Read more »


Dan Domagala

The risk to nonprofits for a cyberattack or security breach is real, but many of these attacks can be prevented through careful planning and thoughtful execution. Read more »