7/27/2019 Organizational IT Security

1/2

Non-Profit Notes Newsletter

IT-Security- More than Just A Password

Thomas DeMayo, IT Manager

Just like any security professional, I stand firmly behind the principle that passwords need to

have a minimum length and be complex. They should be hard to guess and, needless to say,

never affixed to your monitor on one of those yellow sticky notes. In working with our clients

and trying to guide them in the principles of information security and Information Technology

(IT) governance, I notice that they often consider passwords alone as their best level of

defense against cyber attacks and fraud. I cannot blame them. In everything you read there is

another article on passwords.

Although I am an ardent believer in the importance of a strong password, this alone is not

enough.

IT security comes not just from a complex password, but rather from a solid foundation of

controls designed to prevent, detect and, ultimately, correct soft spots in the IT environment.

To paraphrase Johnnie Cochrane: If you cant prevent, you must detect; and, what you

detect, you must correct. At the conclusion of an IT assessment assignment, the response I

usually receive from the organization is, We had no idea! That is why the creation,

implementation, and monitoring of meaningful IT policies and procedures are critical.

Some organizations operate with a false sense of confidence with respect to their IT security.

Their IT department may function smoothly and their IT personnel are skilled problem-

solvers; however, just because things work, does not mean they work in the most secure

manner. Sometimes functionality takes precedence over security. For example, the ability to

work remotely and access internal network resources has become essential to the successful

operations of an organization. Although critical and now commonplace, this functionality can

pose a significant risk to the organization if not planned and configured properly. Electronic

security is complex and not all IT professionals are trained to know what it means to be

secure and how to get there. They do not see the entire picture and embrace the notion that

a solid, well-communicated IT policy can be one of the greatest defenses against cyber

attacks.

With the high level of dependency on IT that organizations have for their daily business

operations, the risk is great. Organizations of all sizes can be victims of cyber attacks. Usually

the smaller ones are the most vulnerable because they do not have the human or financialresources to devote to IT security. The good news is that security does not have to be out of

the reach of a smallorganization. Just as traditional auditors assess financial controls,

organizations may consult with IT auditors to assess their information technology controls.

With that said, I leave you with this question: When was the last time you had your IT

controls checked?

For more infromation or if you have any questions, please contact Thomas DeMayo at

tdemayo@odpkf.com.

Thomas DeMayo

Director

tdemayo@odpfk.com

212.876.8000

mailto:tdemayo@odmd.commailto:tdemayo@odpfk.commailto:tdemayo@odpfk.commailto:tdemayo@odpfk.commailto:tdemayo@odmd.com

7/27/2019 Organizational IT Security

2/2

About Our Practice:

O'Connor Davies, LLP is a full service Certified Public Accounting and consulting firm that has a long

history of serving clients both domestically and internationally and providing specialized professional

services of the highest quality. With roots tracing to 1891, seven offices located in New York, New

Jersey and Connecticut, and approximately 400 professionals including 70 partners, the Firm provides a

complete range of accounting, auditing, tax and management advisory services. OConnor Davies isranked as number 36 inAccounting Today's 2013 "Top 100 Firms" in the United States. The Firm is also

within the 20 largest accounting firms in the New York Metropolitan area according to Crain's New York

Business and the Westchester and Fairfield County Business Journals. OConnor Davies is dedicated to

serving the not-for-profit sector and serves more than 1,300 not-for-profit clients. OConnor Davies is a

member firm of the PKF International network of legally independent member firms, the tenth largest

global network in 2011, with 440 locations in 125 countries.

OConnor Davies, LLP is a member firm of the PKF International Limited network of legally independent

firms and does not accept any responsibility or liability for the actions or inactions on the part of any

other individual member firm or firms

IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that

unless expressly stated otherwise, any discussion of U.S. federal tax issues in this correspondence

(including any attachments) is not intended or written to be used, and cannot be used, (i) to avoid anypenalties imposed by the

Internal Revenue Code, or (ii) to promote, market, or recommend to another party any transaction or

matter addressed herein. Our firm provides the information in this e-newsletter for general guidance

only, and it does not constitute the provision of legal advice, tax advice, accounting services, investment

advice, or professional consulting of any kind.

The information provided herein should not be used as a substitute for consultation with professional tax,

accounting, legal, or other competent advisers. Before making any decision or taking any action, you shoul

consult a professional adviser who has been provided with all pertinent facts relevant to your particular

situation.

Contact:

New York, NY

(midtown)212.286.2600

New York, NY

(downtown)

212.867.8000

Harrison, NY

914.381.8900

Stamford, CT

203.323.2400

Paramus, NJ

201.712.9800

New Windsor, NY

845.220.2400

Wethersfield, CT

860.257.1870