Cyber and Information Security



One doesn't have to search far to find news about the next company that has been breached. Although your systems may not have been compromised thus far, don't make the assumption, “It can't happen here—not to us.”    

In today's business environment, you have a responsibility to your stakeholders, employees, clients and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to you.  While some may have regulatory compliance, others have a fiduciary responsibility. The fear of appearing in news regarding a security breach of your company's data, under your watch, is a fear that is increasingly real for so many.

Grassi & Co.'s Cyber and Information Security Practice provides needed peace of mind by helping you understand risk profiles, recognize potential threats, determine risk tolerance and create a cyber and information security roadmap and program. 

Our professionals will assist in three very important areas: Strategy, Implementation & Remediation, and Support and will collaborate with you to custom design a program that's right for you.  Rather than simply inform our clients of vulnerabilities, our professionals, instead, remediate them to ensure reduced exposure.  We provide the necessary professionals and tools to create a security program that protects you.  Our support team includes highly skilled and trained virtual Chief Information Security Officers (vCISO) and Managed Security Services who work in collaboration with our clients every step along the way.

Our team ensures you and your organization are successful at the intersection of building and maintaining a robust cyber and information security program, in addition to providing savings to the bottom line.

The services we offer:
  • Security
  • Compliance
  • 3rd Party Vendor Risk
  • Managed Security Services
  • Threat Management
  • Identity and Access Management


Press release

Grassi & Co. Introduces Cyber and Information Security Practice (CIS)

Grassi & Co. is proud to announce that we will be offering additional consulting services through our new Cyber and Information Security Practice, which will be spearheaded by Karl Kispert.


Newsletters & Alerts

Alert: Validating Cyber Risks in the Cannabis Industry

With information gathered from assets in the underground (involved with the dark web) and conversations with federal authorities, investigations disclosed that, while there is no specific group actively targeting the cannabis industry, there are hackers focusing on three areas within the Seed to Sale lifecycle: research and extraction; growing; and consumption and retail operations.


Push for Scam Techniques Increases

The end of January marks the beginning of the push for some known scam techniques, but there are also some new ones on the scene. Scammers are targeting organizations large and small, as well as individuals, attempting to steal money and/or information. Below are some of the more common scams that are being reported around the world.


EAlert: Freezing Credit—Avoiding Fraud

As you may have seen in our social media posts, October is Cyber Awareness Month. In keeping with our intention to keep our clients informed, it’s very important for us to assist you in helping to grow in your understanding of how to identify potentially dangerous emails. 


Prepare For A Cyber-Attack Now—Don’t Wait!

Ransomware is a type of malicious software designed to block access to your computer system until a sum of money is paid.


Cyberattacks of Nonprofits on the Rise

Cyberattacks and data breaches are commonplace in the news now—it would be easy to miss the changing trend on where these attacks are being focused. Financial institutions and banks will always be prime targets due to the information they contain, but the marked increase of attacks aimed at non-profit organizations, with particular focus on charitable and educational institutions, isn’t as understood.


Insulating Your Cyberworld—One Step, and One Day, at a Time

Target, Ashley Madison, the DNC, Twitter, LinkedIn, PayPal, multiple healthcare institutions—it seems not a day goes by we’re not hearing about another data breach. Whether it’s a nation-state infiltrating governmental institutions, a breach of usernames and passwords that have numbered into the millions in a single instance, or, the most prevalent of them all, another case of ransomware holding files hostage until a payment is made. It often feels like we’re being inundated to the point of exhaustion and it seems to happen so often that there’s nothing to do to protect ourselves from being the next victim. The ugly truth is that there’s no way of ensuring, beyond any shadow of a doubt, that one will not fall victim themselves. The good news is that there are steps that can be taken to help lower an attack profile, greatly reducing the chances of being victimized.


Cyber Attacks—Why CEOs Should Care About Cybersecurity

The year 2015 saw an unprecedented increase in cyber attacks with hackers hitting companies and government agencies month after month, with alarming results. It is estimated that 300 million records were leaked in 2015, and over $1 billion stolen. (Szoldra, Paul. (December 29, 2015) “The 9 Worst Cyber Attacks of 2015.” TECH Insider.) With cyber breaches of Ashley Madison, health insurer Anthem, Inc., JP Morgan Chase, and even the White House in 2014, there is no denying THIS is a serious problem! But what’s worse than stolen identities, money and personal records, are the threat these breaches are now having on lives, as two of the latest hack jobs were performed on hospital chains, forcing some patients to be moved to other hospitals for testing purposes.