Episode 20: The Dirty 13 – Inadequate Risk Management in CPA Information Security Programs Continuing from last week’s deep dive into the most common mistakes in CPA information security programs, we explore one of the most critical: Inadequate Risk Management. Many CPAs fail to properly identify the specific risks their business faces, resulting in an incomplete risk assessment process. Without a clear understanding of their risks, they cannot make informed business decisions or prioritize efforts effectively. In this episode, we break down why risk management is so often overlooked and how it should be the cornerstone of every security program, enabling businesses to make better decisions and protect their operations. Resources:Input Output Blog13 Mistakes CPA Firms Make with Their FTC Safeguards Rule Information Security ProgramCPA WISP: Written Information Security Plan for FTC Safeguards Rule Compliance  Explore more topics from the Cash in the Cyber Sheets - Dirty 13 series:Poor Password ManagementBad Data ClassificationMost Common Data Backup FailuresMost Common Physical Information Security Audit FindingsBackup Restore TestingMSP MisconceptionsIncident Response Management

Ver todos los episodios