Kennedy and Coe LLC, the largest CPA and consulting firm headquartered in Kansas, now offers information security assessments and testing to help businesses prevent incidents that can compromise customer information.
While financial institutions such as banks, savings and loans, mortgage lenders, credit unions, and insurance companies are required to have independent evaluations of their information systems, Kurt Siemers, CEO of Kennedy and Coe, says many other businesses concerned with safeguarding customer information could benefit from Kennedy and Coe’s assessments and testing.
“Any business that gathers financial information from customers is responsible for protecting their information,” Siemers says.
Kennedy and Coe is able to analyze everything from a company’s information technology policies and firewall design to the contracts it has with vendors providing online transaction services. Then the company conducts a thorough test of the client’s network to spot potential areas of vulnerability.
“More than 60 percent of businesses report experiencing financial loss as a result of one or more information security incidents every year,” Siemers says. “The average cost to businesses for one incident alone has been estimated at more than $50,000, and some single incidents have resulted in losses in excess of $825,000. Weighed against the costs of having to recoup after an incident like this, the investment in a security assessment is fractional.”
Kenneth Friedel, information security coordinator, says Kennedy and Coe differentiates itself by combining industry expertise with vulnerability testing. “It’s like having a security company come out to your house and check all the locks on the doors and windows. In the industry, this approach is termed vulnerability testing. That’s what Kennedy and Coe can do for businesses.”
Whereas most people would guess the greatest threat for security breaches stems from outside an organization, published research confirms more than 80 percent of security breaches come from within. “Users may not be malicious,” Friedel says, “but when it comes to accidentally deleting files, bumping a server, sharing files or spreading viruses, just about any system can be at risk.
“With every single assessment we’ve conducted, we’ve discovered significant improvement opportunities, even when we didn’t anticipate finding anything,” says Friedel. “We’ve also been able to validate a lot of the safeguards a business has already put into place. Management should know about both of these things.”
As part of its security assessments, Kennedy and Coe also gives businesses practical recommendations to help remedy any identified vulnerabilities.
Ever-evolving information security threats call for ongoing testing and assessments, Friedel says. “Methods are being developed all the time to break into a system. The need for security assurance is ongoing as threats develop,” he says, “and is called into question anytime a company’s situation changes, such as when it installs new servers, phone lines or desktop and operating systems.”
A combination of small business, examining, banking and technology experience allows Friedel to see the big picture when it comes to information security. This, he says, is something local businesses appreciate.
“Today, clients want three things. First, they want expertise in the technical issues,” says Friedel. “Second, they want insights and perspective relevant to their industry. Last and most important, clients want service from local people they trust. Kennedy and Coe has developed this new service to satisfy all three of these needs.”
For an initial consultation on how Kennedy and Coe can assess your information security, contact Kenneth Friedel at 316-685-0222 or 800-303-3241 or you can e-mail him at kfriedel(at)kcoe.com.
© BankNews, June 2004