Earlier this week, I had the opportunity to present at RKL LLP's Cybersecurity Forum, which was hosted at the Lancaster Country Club. The presentations seemed to flow and add value to the prior session, creating a very nice buildup throughout the day.
It started with James Ruffin, CPA, CISA, providing a primer on Risk Assessments and Business Continuity. He covered best practices to consider, such as defining your objectives, identifying potential threats, strategizing your response level and evaluating residual risk. He also shared insights on various external testing and processes that you can engage third parties to assist in your compliance, such as external vulnerability scans, penetration testing, internal IT audits, ISO certification and SOC Audits.
KDG joined us to discuss how AI is changing the culture of work. Kyle David shared many insightful real-world uses of how AI can provide a more strategic and adaptive organization, embracing AI to enhance productivity, processes and, yes, even culture. He provided practical steps for embracing AI, such as automating tedious internal processes, championing team members excited about AI to boost your culture, and establishing boundaries early on in the process while also reinforcing positive adoption behaviors.
I was honored to be a part of the 3rd session, where I was facilitating the panel that consisted of myself, Susan Hummelbaugh from EHD, and Devin Chwastyk, JD, CIPP/US, CIPP/E, two industry experts in the areas of Cyber Risk and Incident. We discussed how to better protect our businesses with insurance and legal considerations, and also drilled into preparing ourselves and the business with proper procedures on how to handle an incident. We were even able to raise their current awareness of where the insurance industry and legal are in the new AI space. This all seems to be a work in progress, but I realize the urgency to get a handle on it.
Last but not least, we were joined by Matthew Vassallo and Katrina Xander from Access Point Consulting. They shared a bit more in-depth actions and processes that individuals and businesses can take to create a formal checklist or business plan to protect themselves. It really complemented the prior three sessions. They shared how businesses of all sizes could have an industry expert at a reasonable cost, even if they can't afford to have these full-time resources, such as a Chief Information Security Officer (CISO), also available in the form of a vCISO (virtual CISO). Making access to this skill professional at a fraction of the investment.
We appreciate everyone who was able to attend this in-person event. It was very informative and interactive, and we had a lot of questions during each session.
