Praxity Alliance, the world’s largest alliance of independent accountancy and consulting firms, has published a new whitepaper on managing cybersecurity in the context of shifting homeworking patterns.
“Cybersecurity and the Hybrid Workplace” offers best practice guidance for member firms, accounting professionals and clients to build a comprehensive cybersecurity strategy.
Praxity Alliance CEO, Samantha Louis, said: “The accounting industry is facing increased cyber security threats amidst the shift to hybrid working, the current geopolitical environment and weak cyber regulations. By sharing knowledge and expertise, firms stand a better chance of minimising these risks for their clients, employees, and work systems. At Praxity, member firms share best practices not only through research and member surveys, but also through our regular working groups and conferences.”
As part of the paper, Praxity conducted a survey of its member firms, which includes the following highlights:
- Most accounting and IT/cybersecurity leaders believe a cyberattack is “very likely” or “extremely likely”
- The biggest cybersecurity challenge for independent accounting firms is keeping pace with evolving threats, followed by mitigating the strain on IT resources and securing data that can be accessed remotely
- The bigger challenge for clients is encryption and multi-factor authentication
With hybrid working increasing reliance on cloud computing and third-party apps, accounting firms and their clients are more exposed than ever to cyberattacks. Cybercriminals have more opportunities to infiltrate poorly protected systems, exposing businesses to potentially catastrophic cyberattacks.
The situation is exacerbated by the volatile geopolitical environment and weak cyber regulations, the latter of which have led professional accounting bodies to help firms demonstrate the effectiveness of their cybersecurity measures, and to assist in identifying the right insurance for cyber risks.
Praxity recommends the main areas of focus in tackling cyberattacks should include: education and awareness programs; monitoring, record retention and antivirus policies; Virtual Cloud Desktops; Cloud Access Security Brokers (CASBs); Privileged Access Management (PAM); Identity and Access Management (IAM); Zero Trust Security; creating Security Operation Centres (SOCs); EDR; and data encryption.
The full whitepaper, “Cybersecurity and the Hybrid Workplace”, can be viewed here.