Antonina K. McAvoy, CISA, CISM, QSA, PCIP

Learn why SOC reports are extremely valuable for organizations looking to build trust, manage risk, and demonstrate their commitment to security and compliance. 

Securing donor data is essential for nonprofits to maintain trust and sustainability. This article covers key strategies, including threat identification, data management, staff training, and incident response. Learn how to safeguard valuable information and sustain your impact.

Learn about cyber security incident disclosure, what the SEC is doing to ensure compliance, and what your company can do to properly address and comply with these disclosure mandates.

In 2025, construction and real estate face rising cyber risks, with ransomware recovery costs averaging $2.73 million per incident. Proactive cybersecurity is critical to safeguarding data, finances, and operations. Learn more.

Like many organizations, Virginia’s Community Service Boards (CSBs) are going digital—managing client records, processing financial transactions, and coordinating services all online. Learn more about how to protect your organization from cyber threats.

Understand the new cybersecurity -related revisions from the Office of Management and how to stay in compliance.

Three major areas where strategic risk commonly arise for nonprofits are the inability to adapt to external shifts, the misalignment of programs with the organization’s mission, and a lack of innovation. Here’s a closer look at each, along with strategies to help nonprofits thrive despite these challenges.

​Learn effective strategies needed to mitigate your financial and IT risks to address the sophisticated ransomware and social engineering attacks facing businesses today.

Navigating CMMC requirements can be daunting, especially when it comes to developing a comprehensive System Security Plan (SSP) and calculating your Supplier Performance Risk System (SPRS) score. Learn how you can confidently complete the necessary steps to compliance, including performing a self-assessment against the NIST SP 800-171r2 controls to develop a robust SSP and SPRS score.

AI is reshaping the real estate industry, offering unprecedented efficiency and precision. However, while AI brings significant opportunities, it also introduces challenges that must be carefully managed.

AI offers incredible opportunities for the construction industry, but it also brings challenges that require careful management. By thoroughly evaluating the risks and rewards, construction companies can unlock AI’s full potential, driving unprecedented innovation and growth in their projects.

Foreign companies entering the U.S. market should understand the SOC 2 and PCI DSS cybersecurity standards. Learn more about why they are what is required to stay complaint.

Many non-profit organizations find themselves facing challenges when it comes to understanding and navigating their cyber insurance policies. Here are some key red flags in your cyber insurance policy that non-profits need to watch for to ensure they are adequately protected.

The recent global Microsoft outages attributed to a CrowdStrike software glitch have highlighted significant vulnerabilities in our interconnected digital ecosystem. Learn about the key lessons learned to help organizations enhance their resilience.

The recent release of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0 marks a significant milestone in the evolution of cybersecurity standards. Learn about the key updates in NIST CSF 2.0 and explore how these changes will shape the future of cybersecurity and risk management.

In today’s rapidly evolving digital landscape, maintaining robust security and compliance mechanisms is not just a regulatory requirement; it’s a business imperative. Two primary frameworks dominate this landscape: SOC 2 and PCI DSS. However, the market presents a unique challenge: the intersection of firms that can proficiently handle both SOC 2 reports and PCI DSS assessments.

Comparing HIPAA and HITRUST is a bit like comparing apples and oranges because they serve different purposes within the realm of healthcare compliance. Understanding their distinctions is essential for any healthcare entity striving to achieve comprehensive data security.

While many have been striving to meet HIPAA requirements for years, the landscape is shifting with the recently released HITRUST CSF version 11.3.0, which introduces critical updates designed to address emerging cyber threats and evolving regulatory demands.

Discover why the construction sector is particularly vulnerable to cybersecurity threats, the financial and operational impacts these threats can have, and pragmatic steps that business owners and key stakeholders can take to mitigate these risks.

In the dynamic and high-stakes environment of healthcare, process optimization isn’t just about cutting costs—it’s about enhancing service delivery, boosting patient outcomes, and improving operational resilience. Here are key strategies to consider for 2024.

In today’s rapidly evolving business landscape, the demand for Service Organization Control (SOC) 2 report compliance has skyrocketed. This surge, guided by the AICPA framework, is more than just a trend—it’s a testament to a significant transformation within the business ecosystem.

Explore key trends impacting the healthcare industry, including advanced threat detection, data privacy, process optimization, HIPAA and HITRUST compliance, and telehealth security measures.

Learn more about the recent revisions issued by The Office of Management and Budget (OMB) to the Uniform Guidance, with a notable emphasis on cybersecurity.

In this podcast, PBMares Partner, Antonina McAvoy dissects what risk means to businesses and organizations and how we can help you turn risk from a foe to a force for growth.

Learn more about risk advisory services that are designed to prepare government contractors for the unpredictable rhythms of DCSA audits.

During Cybersecurity Awareness Month, construction contractors are reminded of the proactive steps they can take to mitigate digital risk from ransomware and other cyberattacks.

October is Cybersecurity Awareness Month. Four basic tips, including how to recognize and respond to phishing attacks, can better protect online data and deter cyber criminals.

HITRUST was once considered by many small and medium-sized businesses to be out of reach due to an exorbitant price tag. But there are new cost-effective options companies can leverage to increase their transparency, integrity, and reliability.

In a call to action that’s being called “Shields Up,” the U.S. Cybersecurity and Infrastructure Security Agency continues to warn Russia could escalate destabilizing activities that may impact countries well beyond Ukraine. In light of these threats, U.S. businesses of all sizes should take steps immediately to shore up cyber defense.

Threat actors have been very transparent about focusing their efforts on businesses with fewer resources. Join our panel discussion on Cyber Resilience to better position your organization to handle a cyberattack.

Hacking and ransomware have the potential to create havoc for the assets and sensitive data housed in benefit plans across the country. As a result, in 2021, the DOL scaled up its interest in how administrators are addressing and responding to cybersecurity risks.

A small Virginia nonprofit thought they were doing all the right things in terms of cybersecurity, cyber insurance and safety. They found out the hard way that it wasn’t enough to avoid the damage from a hacker that knew how to manipulate their weak points.

Learn about the top challenges and opportunities facing not-for-profit organizations in 2022. Topics include tax updates, the impact of new legislation, succession planning challenges, industry best practices and the importance of a robust cybersecurity program.

PBMares’ October 13th webinar reviews the three most common cyber misconceptions and exposures for your organization, including guidance on controlling these risks through IT standards, best practices, and insurance coverage. 

Half of all real estate companies report being unprepared for a cyber attack. Understanding where risk comes from and how to prevent and mitigate data breaches can help companies avoid the costly effects of cybercrimes.

One in six construction companies fall victim to ransomware every year. They are at high risk for cyberattacks, yet most do not have a cybersecurity strategy. Understanding where risk comes from is a good start; proactively mitigating it takes teamwork.

More organizations are using Managed Service Providers (MSPs) to help fulfill ongoing needs, like cybersecurity and outsourced accounting. Before hiring an MSP, it’s helpful to understand the top ten areas that can impact the engagement’s success.

Ransomware attacks have become a major threat to many private businesses. The possibility of having critical business data encrypted by cybercriminals who then demand millions for data release is fast becoming a reality.

Learn how small government suppliers can meet the looming CMMC Level 1 compliance challenge.

Two events will shape everyone’s memory of 2020: COVID-19 and humankind’s increased dependence on the Internet across the world for business and personal use.

While technical cybersecurity controls are a vital part of your organization’s information security framework, they are not in and of themselves sufficient to secure all of your information assets.

The emergence of cloud computing has opened the door for financial institutions to take advantage of the many benefits offered by emerging technology.