News & Events

 Search

Articles for category Internal Audit, Risk & Compliance

Executing new ideas in a conventional way is one of the key missteps we have seen people repeat when they are operationalizing a resilient organization. Convention tells you that to change an organization’s performance you need to change the organization by bringing together functions, capabilities and supporting technologies.

Read More

A new ransomware attack is underway world-wide, already targeting 20 million plus victims in the first few days. Here are the key facts to date: attack comes via email from Herbalife confirming an order or from a more generic "copier@______" address, email includes an attachment which when opened launches the ransomware, here may be as many as 8,000 variants of the email messages, no victims that have paid a ransom have received a decryption tool thus far

Read More

Hackers successfully acquired access to 143 million individuals' Social Security number, driver's license numbers, and credit card numbers. Equifax's breach affects nearly half of the U.S. population.

Read More

Hackers are increasingly targeting companies at an alarming rate. It only takes one click to bring the services of a company to a halt. Most believe that having the best firewalls in place will mitigate this risk, but in reality their most vulnerable firewall is the human firewall. Security training and awareness most be continuous to keep up with ever-evolving threats. Especially since hackers are always one day ahead of the firewalls that protect you.

Read More

According to digital security provider Gemalto, despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are underinvesting in technology that adequately protects their business, according to the findings of the fourth annual Data Security Confidence Index Survey.

Read More

According to a recent public service announcement, the FBI's Internet Crime Complaint Center ("IC3") states the business email compromise (BEC)/email account compromise (EAC) scam continues to grow. BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The EAC is a component of BEC targeting individuals that execute wire transfer payments. The scam is carried out when a subject compromises legitimate business email accounts through social engineering (ex. phishing) or computer intrusion techniques to make unauthorized transfers of funds.

Read More

WannaCrypt is a serious ransomware attack that has caused major interruptions to individuals, businesses and governments around the world. However, what gives this ransomware teeth is that it took advantage of a vulnerability in Microsoft operating systems that has been public knowledge. Anyone who was using an operating system newer than Windows XP, could have simply patched their workstation and their only risk was to click on a link they shouldn't have. The problem is many people and organizations haven't patched their computers or are still running Windows XP.

Read More

UHY Advisors convened a roundtable discussion among financial services industry professionals on Thursday, June 16th to explore the implications and causes of recent cyber bank heists. The roundtable, “Lessons Learned from Cyber Bank Heists,” launched UHY’s Financial Services Roundtable series and included compliance, risk management, internal audit, and technology managers from some of the world’s largest banks and financial services firms.

Read More

Earlier in the year we reported an increase in email phishing and spoofing scams this tax season. Recently, the Milwaukee Bucks made headlines when an employee leaked player financial information.

Read More

As consumers and businesses have begun receiving new credit and debit cards with shiny embedded microchips (known as EMV technology), many are unaware of the liability shift that occurred in 2015. As of October 2015, merchants that are not certified to accept EMV card transactions may be responsible for certain fraudulent charges, a change from standards that previously existed where the liability rested solely with the card issuer. Estimates indicate 94 percent of magnetic-only credit cards will be replaced by the end of 2016. As a result, businesses that accept credit cards face a dramatically different landscape compared to just a few short months ago.

Read More

1 2