12 technology trends and tips for 2018 - Crain's Cleveland Business (blog)

7. Vendor management: Businesses continue to move key processes to external sources such as software as a service, infrastructure as a service, third party support and outsourcing. Trusting a third party with your process also means they will have responsibility for some of your internal controls (such as logical security). Major breaches (e.g., Target, Equifax) often point to weaknesses in a third-party vendor. Auditors are now focusing more on the steps that businesses take to assure that third-party contractors are living up to appropriate standards. It is important to develop a vendor management policy that includes annual evaluations, among other components. Where appropriate, reviewing independent assessments of your vendor contractors is important. The American Institute of Certified Public Accountants is also developing a SOC audit standard specifically to meet vendor supply chain control issues. Expect to see this new SOC audit soon.

8. Big Data comes to the rest of us: For years businesses with the resources have used data and trends to spot audit and compliance issues. Often this meant hiring a forensic specialist or having expensive analytic tools along with experienced staff to find outlier data that indicated a compliance problem. Well, we may not be able to replace the value in that expertise, but now entry level tools can help accounting, audit and compliance staff cull through the mountains of data using add-on tools for Excel. Most have built in functionality such as statistical sampling, heat matrix, duplicates, gaps, Benford's analysis and more. Google data analytics add-ins.

9. Security awareness training, a "must do": Investments in cybersecurity have increased exponentially, and most organizations are discovering that the investment in the people side (weakest link) of the security equation is a necessity. Businesses need to ensure that every employee is aware of the potential threats they could face, whether it's a phishing email, sharing passwords or using an insecure network. Hackers are always finding new ways to access information, which is why creating a culture of consistent awareness of threats is so important. Creating a "security culture" within a business is all about training and awareness, hybrid programs which include CBT videos and interactive gamification of cybersecurity best practices combined with social engineering and phishing exercises ensure that employees get a thorough understanding of threats, as well as the implications of a breach. Phishing and social engineering are still the weapons of choice for hackers and the entry point for a broad range of attacks, so the inclusion of these types of tools to an organization's security training is imperative for its success in preparing its employees to protect its most critical assets.

http://ift.tt/2EflL8u