It’s Time to Start Conducting Internal Cyber Audits
If your company does not yet conduct internal cyber audits to assess and manage your cybersecurity risks, it’s time to start. For those businesses that do, it is equally important to promptly address any vulnerabilities that are detected.
The City of Atlanta recently learned the hard way how important it is to head the warnings of a cyber audit. The city was recently hit by a ransomware attack that The New York Times called “one of the most sustained and consequential cyberattacks ever mounted against a major American city.”
According to media reports, Atlanta officials were warned last summer that the city’s IT infrastructure was vulnerable to attack. An internal audit found, “the large number of severe and critical vulnerabilities identified has existed for so long the organizations responsible have essentially become complacent and no longer take action.”
The audit further stated, “departments tasked with dealing with the thousands of vulnerabilities … do not have enough time or tools to properly analyze and treat the systems.”
Conducting an Internal Cyber Audit
While creating a cybersecurity plan is critical to safeguarding your company, testing for effectiveness and efficiency is equally important. After all, it’s far better to discover your weaknesses in a test situation rather than in real life.
When conducting a cyber audit, be sure to take IT, business, and legal concerns into account. Audits, which often require the assistance of outside professionals, must be comprehensive enough to address all points of entry. Below are several key areas that should be taken into consideration:
Systems testing: The most technical part of a cyber audit involves analyzing and penetration testing all of your internal and external systems. Auditors will also test that software and data updates are being performed; cybersecurity is incorporated into application and software development; and existing IT controls can address new and emerging threats.
Data protection: The audit should also evaluate the management and protection of PII (Personally Identifiable Information) data and intellectual property including trade secrets. For instance, physical and logical security controls should be established at all sites containing PII and other sensitive data. The adequacy of your data loss protection should also be examined.
Regulatory compliance: As the regulatory landscape continues to evolve, businesses must make sure their policies and procedures are keeping pace. The New York Division of Financial Services cyber-security standard, the Securities and Exchange Commission (SEC)’s latest cyber guidance, and HIPAA are just a few examples.
Security awareness and training: Your employees can be either an asset or a liability when it comes to cybersecurity. Audits should access both employee awareness and compliance. Common risks areas include the security of employee-owned devices and phishing attacks on corporate email accounts. The overall organization’s attitude towards cybersecurity should also be evaluated. When it comes to corporate culture, complacency at the top can quickly trickle down to the entire business.
Coordination: Comprehensive cybersecurity plans require coordination across a broad range of departments. The failure to clearly define roles can result in “turf wars.” Conversely, risks can also fall through the cracks if one department wrongly assumes the other is addressing the issue. Audits should also confirm that businesses have procedures in place to keep the board of directors informed about how cyber risks are being managed.
Third-party risks: If your vendors don’t take the same cybersecurity precautions, your data will still be at risk. It is imperative to require third-party vendors to meet minimum data security standards and also regularly monitor them for compliance.
Crisis management: Attacks can occur even when businesses have cyber plans in place, so it’s important to verify that your crisis management can quickly restore your operations and communicate effectively with business partners, customers, regulators and the public.
Of course, internal audits can also be invaluable in a number of other related areas, including testing your business-continuity and disaster-recovery plans. To determine if your existing policies and procedures pass muster, we encourage businesses to work with knowledgeable IT and legal professionals.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).
Buying Commercial Property in New Jersey: Legal Guide for Small Businesses
Small businesses considering buying commercial property in New Jersey must evaluate a range of legal, financial, and operational factors. While ownership can offer long-term value and control, it also introduces significant risks if not properly structured. This guide outlines key considerations to help New Jersey business owners make informed decisions, minimize legal exposure, and successfully […]
The SEC’s Latest Guidance on Applying Federal Securities Laws to Tokenized Securities
On January 28, 2026, staff of the U.S. Securities and Exchange Commission’s Divisions of Corporation Finance, Investment Management, and Trading and Markets issued a joint statement clarifying how existing federal securities laws apply to tokenized securities. The SEC’s “Statement on Tokenized Securities” does not establish new law, but it does provide greater clarity on the […]
Common Legal Mistakes NYC and New Jersey Business Owners Make
Operating a business in the New Jersey and New York City metropolitan region offers incredible opportunities, but it also requires navigating a dense and highly regulated legal environment. From entity formation to regulatory compliance, seemingly minor legal oversights can expose business owners to significant risk. In our work with businesses throughout the region, our attorneys […]
High-profile founder litigation is more than just a media spectacle. For startup founders, these cases underscore the legal and structural risks that can arise when rapid growth outpaces formal oversight. While launching a new company can be both an exciting and deeply rewarding endeavor, founders must be mindful that it also comes with significant risks. […]
Corporate Governance Reviews: A Practical Guide for New Jersey Companies
Every New Jersey company should periodically evaluate its governance framework. Strong corporate governance protects directors and officers, builds investor confidence, reduces litigation exposure, and positions a company for sustainable growth. The first quarter of the year is a great time to evaluate your corporate governance practices and perform any routine maintenance needed to keep that […]
What to Do After Being Served with a Lawsuit: Steps to Protect Your Legal Rights
Being served with a lawsuit is one of the most stressful legal events a business or individual can face. Whether the claim involves a contract dispute, an employment matter, an intellectual property issue, or another legal challenge, the actions you take in the first few days can significantly shape the outcome of your case. Acting […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
