The events of the last 18 months have intensified security risks for businesses of all sizes, and across all industries.
According to a recent CISCO report, 69% of businesses said they have experienced an increase of 25% or more in cyber threats or alerts. Worryingly, 7% said they wouldn’t be able to tell either way.i
Just under half of Australian businesses (41%) also said security is more important now than it was before the pandemic. ii
The shift to hybrid working, and the need to support a highly distributed workforce, has accelerated the risk for many businesses, including those in the professional services sector.
According to a recent study by McKinsey, the professional services sector is one of four most able to support and continue with remote/hybrid work – alongside the finance, management, and information sectors. iii
A survey by Hays of 2,500 working professionals also found that 61% believed a hybrid working model was the most productive. iv
At the same time, however, the security of data for a professional services firm that is facilitating hybrid working is of critical importance. If your data, or that of your customers, gets into the wrong hands, the results could be devastating. As well as the costly fines associated with non-compliance, there’s also the lasting impact on your reputation, and ability to secure clients and attract employees.
So when it comes to implementing a professional cyber security strategy, what are the main challenges for you as a professional services firm? And what steps can you take to safeguard your data, without restricting innovation? Here’s a quick overview.
Top security challenges for professional services firms
52% of cybercrime committed against professional services firms is cyber-spying or cyber-espionage, 25% is committed through crimeware and 10% through miscellaneous errors. Source: Verizon Data Breach Report vi
Perimeter-based security
While many professional services firms had remote working policies and processes in place before the pandemic, few had the facilities and infrastructure to support it at scale. Many, for instance, are still relying on perimeter-based security, with things like firewalls and browser isolation systems attempting to ward off threats as they enter the premises.
Now, with a significant number of people working remotely, perimeter-based security simply isn’t sufficient. What’s needed is a new approach that tackles security at the device level, referred to as end-point security.
A recent survey commissioned for HP suggests that 91% of IT decision-makers believe end-point security is now just as important as network security.vii
Confidentiality of client data
Professional services firms retain and share vast amounts of confidential data about clients’ businesses – their financial performance, legal cases, human resources information and much more.
Once a cyber-breach occurs, it’s very easy for this data to end up in the wrong hands. For instance, it’s an incredibly worrying reality that emails and passwords from 90% of small and mid-size businesses are currently for sale on the dark web.
Typically, professional services firms are also required to adhere to strict information security frameworks to meet compliance, which can be time-consuming.
Lack of scalability
Many professional services firms also rely on a project-based workforce and therefore require considerable flexibility and agility when it comes to their IT.
However, traditional, on-premise security infrastructure can be inflexible and detract from the level of agility that firms need to thrive.
What’s needed is a more flexible approach to security that can scale with the business and its specific needs.
Overworked IT teams
Similar to many industries, the IT experts within professional services firms are facing an enormous workload. Many are dealing with increasingly complex infrastructure, and the need to support remote workers is considerable. The more overworked the IT team, the more likely that there will be security gaps that cyber-criminals can exploit.
What can be done?
The good news is that there are some very simple steps that your professional services firm can take to improve security:
Step 1: Engage a trusted partner
Perhaps the most important step you can take when it comes to security is to engage a partner who can provide the level of guidance, advice and strategic support you need.
Outsourcing your security as part of a managed services agreement can free your IT team to focus on other areas, and can also provide you with ongoing access to an expert team.
Step 2: Determine your level of risk
Before implementing any new security solution, you also need to understand where you stand now, and where the biggest risks like. For instance, many firms simply don’t know if their data is for sale on the dark web, or even if a breach has occurred. An experienced security partner can perform the necessary checks and provide you with an assessment regarding your level of security risk.
A key place to start is with a Dark Web Scan – a service that Office Solutions IT provides. Within just 3 – 4 days, we can help you:
- Discover exposed data – find out whether your organisation’s information has been exposed on the dark web.
- Identify compromised accounts – discover the precise email addresses and passwords that are on sale.
- Get expert suggestions – you receive a personal call to discuss your results and recommendations.
Following on from this, Office Solutions IT also offers a complimentary risk assessment, to identify your security strengths and weaknesses; provide advice on the improvements you should be considered relative to your security posture; and supply you with a detailed report of your results against this framework, including how your business aligns with others in your industry.
Step 3: Evolve your workplace software
When it comes to boosting your security, an important place to start is your workplace software. Microsoft 365, for instance, has a very rigorous security foundation that can help you:
- Keep customer data safe. Clients can ensure that only the right people have access to important data with information protection.
- Defend against malware. Protect against ransomware, spam, malware, viruses, phishing attempts, malicious links, and other threats.
- Stay in control. Sent the wrong attachment? You can revoke access to an attachment even after the email’s left your inbox with cloud attachments.
- Bring your own devices. You can protect your information, even when it’s accessed on employees’ personal devices.
Why partner with Office Solutions IT?
Office Solutions IT is a highly experienced Microsoft solutions and Dicker Data partner, with deep expertise in the professional services sector – and over 200 corporate clients around Australia. We believe IT should work hard, not feel hard, and pride ourselves on making IT simple, streamlined and fully transparent for our clients. We also offer a pricing promise which guarantees that there will be no unexpected surprises in our IT support.
In particular, our team has many years of experience helping organisations maintain their security integrity.
If you’re interested in finding out more about security for professional services firms or getting started with a Dark Web Scan, please get in touch today.