by Rebecca Lunn
As organizations become more and more reliant on technology, the risks around technology also continue to grow. Recently, we have heard on the news of large hospitals being attacked with ransomware, which encrypts files. Hackers then refuse to give the key to unlock the files unless a ransom is paid, typically in the form of bitcoin, which is more difficult to trace. Although these particular hackers were after sensitive patient data, other types of organizations should also be aware of this risk. For example, non-profits who have large databases of member or donor data may also appeal to these types of hackers. In the face of increasing risk, it is vital that organizations re-evaluate their IT controls. Strong IT controls consist of the following:
- The Organization has an IT strategic planning and risk management process in place to support financial reporting requirements.
- The Organization maintains reliable systems that include appropriate data backup and recovery processes. This includes not only backing up data, but testing the backup restoration process on a periodic basis.
- Physical security and access to programs and data are appropriately controlled to prevent unauthorized use, modifications, damage or loss of data.
- Program and system changes are appropriately managed to ensure that the application software adequately supports financial reporting objectives.
If your organization would like additional information about implementing or improving IT controls, please contact Langdon & Company LLP.
Rebecca [email protected] is an Audit Senior who works primarily with non-profit organizations.