Insights | ,

Due Diligence Through a Cybersecurity Lens

June 22, 2023

By: Dr. Kenneth Cooper, DCS, CISSP
MSSP Client Success Delivery Director

At a glance

  • Main takeaway: Cybersecurity is a crucial and often overlooked piece to an organization’s due diligence plan.
  • Impact on your business: If you are not paying close attention to your due diligence efforts through a cybersecurity lens, it could severely impact your business and the level of service you provide to your customers.
  • Next steps: Aprio’s Digital Advisory services team can develop a scorecard that reviews and strengthens the effectiveness of your due diligence plan.
Are you ready to learn more? Schedule a conversation with our team.

The full story:

When you think of due diligence, it’s most commonly from a business advisory perspective. However, a crucial and often overlooked piece to any due diligence plan is cybersecurity. The foundation of due diligence is to truly understand your overall business from top to bottom, so it would make perfect sense that cybersecurity is amongst those efforts.

Ask yourself, have you identified all the operational components of your organization, and the vendors and resources that you have brought into your company?

It is one thing to know how to operationalize what your company does to make money, but you must back that up with the proper due diligence policies, guidance and programs.From a cybersecurity perspective, you also want to focus on the tactical programs you have in place under your systems and asset management (i.e., business applications), and those you utilize via vendors and third parties.

How credible are your vendors?

At any given moment, you can have an abundance of information available at your fingertips, but how do you sift through it all to uncover the credible pieces? What it comes down to is inherent factors consisting of shared values and goals between your organization and your vendors to make informed decisions. It’s natural to want to work and partner with people and companies who have the same values as you, because at the end of the day the credibility of your vendors will impact how you perform your business activities and thus your customer service. If you were restoring a 1967 Shelby Mustang, you wouldn’t drop it off at just any old mechanic. You would do thorough due diligence to find the best and most dependable mechanic out there. The same is true for your vendors.

You need to consider —Who am I going into business with? What services they will bring to the table? How are they performing and how long have they been doing it?

There will always be a level of vulnerability when it comes to your business applications because your applications ultimately drive your business activity and relationships with your customers. However, performing due diligence on the who, what, where and why of the vendors you have an existing relationship with and the vendors you are considering bringing into your company will protect your organization in the long run.

Trust but verify

It’s important to remember that due diligence is more than just a checklist where you mark an item complete and move on. There is a strategic element to ensuring your due diligence through the lens of cybersecurity is met. How do you do this? Once you have defined what components you need to run due diligence on, you must gather actual evidence to validate that those components are consistently meeting your overall compliance and regulatory standards.

But your due diligence work does not end there. At a minimum, you should perform an annual review of your due diligence plan to ensure everything is running as it should be and make any necessary updates. Now, there could be cases where an emergency would trigger an extra review, but if you are consistently monitoring your due diligence those instances will hopefully be infrequent. However, if you are a fast-growing company that gets involved in a large number of acquisitions, then it would be wise to perform a due diligence review on a bi-annual basis.

The bottom line

If you do not pay close attention to the overall level of effort and care of the operational components within your organization and the ones you bring in through vendors and resources, then that could severely impact your business and the level of service that you provide to your customers.

Unsure of the effectiveness of your due diligence program? Aprio’s Digital Advisory Services team can provide you with a scorecard that reviews and strengthens your due diligence program.

Related Resources/Assets/Aprio.com articles/pages

Migration to the Cloud: Security Should Be Your Priority, Not an Afterthought

Filter Out the Noise with Data Science Price Optimization

Case Study: Secure Your Environment Across Endpoints, Cloud and Infrastructure

About Aprio’s Digital Advisory Services

Are you ready to learn more? Schedule a conversation with our team.

Stay informed with Aprio.

Get industry news and leading insights delivered straight to your inbox.

Subscribe

Stay informed with Aprio. Subscribe now.

Recent Articles

>

3 GSA Trends in the Office of Inspector General Audits and Investigations

>

How ISO 27001 and 27701 can help address client’s GDPR needs

>

Navigating the Nonprofit Landscape: Information & Communication Components of Internal Control Frameworks

>

Understanding the Contrast: IRS Rules on Allocation of Intangible Property Income vs. OECD DEMPE Rules