Technology Consulting

Security and Risk Assurance


As more companies become victims of data breaches, the truth is that no place, industry, business, or organization is immune. The modern threat environment includes ransomware and spear-phishing attacks that target businesses perceived as soft targets. Additionally, the regulatory and compliance environment continues to introduce new and expanded frameworks.

Impacts of a Data Breach

Hard costs like data recovery, legal fees, regulatory fines, and more may hit the bottom line immediately following an attack, and long incident response times may slow or stop business development. At the same time, the loss of trust and reputational damage can have an even greater impact on an organization in the long term.

How We Can Help

A security program that implements, monitors, and manages best business practices is a competitive advantage you need. Our 8-Point Assessment examines the following areas and provides actionable steps to develop a program that meets your needs and budget.

1. Defend Perimeter – Network system architecture, hardware, software, and connectivity. 
2. Inventory Data – Creation, storage, encryption, and retention policies. 
3. Manage System Users – Internal and external authorized personnel access and employee attrition. 
4. Review Access Controls – Passwords or multi-factor authentication and single sign-on procedures. 
5. Monitor System Environment – Ongoing observation of access/attempted breach or suspicious activity. 
6. Plan Breach Response – Cyber resiliency plan; disaster recovery, back-up, and restoration policies. 
7. Maximize Organizational Awareness – Training and development, security best practices, and education.
8. Compliance Initiative Assistance – Industry and compliance-based regulations and requirements, including PCI DSS, the Federal Information Security Management Act (FISMA), Sarbanes-Oxley, and the Gramm-Leach-Bliley Act.

The EKS&H Advantage

  • Comprehensive business focus—By offering both technology and accounting compliance services, we comprehensively support your organization’s security needs.
  • Proactive guidance—Phishing, malware, RAM-scraping, mobility, virus security patches—we help you stay ahead of the latest threats and identify new critical protections unique to your industry, business, or organization.
  • Experience—Combining years of business technology consulting experience with the expertise of individuals who have been in your shoes as CIOs, IT directors, and others, we are knowledgeable about proven methodologies to keep your systems safe.

Talk with Our Service Area Lead

Connect with Gabriel Cisneros to discuss your security and risk assurance needs.

Why Small and Medium-sized Businesses Fail at Cybersecurity

Gabriel Cisneros
Most SMBs that suffer cybersecurity attacks don’t have the resources to recover. Developing a defense system isn’t hard, but does require a proactive approach.

Read more »


Gabriel Cisneros
It’s important to perform patch maintenance to protect your business from data breaches. Unfortunately, far too many businesses neglect this crucial task and suffer the consequences. 

Read more »

New Rules for Password Security

Gabriel Cisneros
Nearly 37 percent of small companies have weak passwords. Is yours one of them? If so, stop using old password rules and learn the new ones to stay secure online.

Read more »


Dan Domagala
Protecting information is a necessity for all organizations including hospitals, businesses, governments, and technology hubs. In this multi-part series Consulting Senior Manager Dan Domagala outlines critical steps you can take today to protect your organization from cybercriminals.

Read more »