Blog · 20 Nov 2019

Is a damaging data breach inevitable for a professional services company?

As phishing attacks and credential theft grows in this industry, find out where you're most exposed.

Today’s high-risk environment means that security is a concern for any organisation, but for those working with large volumes of sensitive data, the threat of cyber-crime is even more prominent.

For organisations within the professional services industry, dealing with their clients’ business information, confidential data and financial information is part of business as usual. And, as these organisations move towards the cloud, securing a cloud-first strategy and open internet breakout is a hot topic on many board’s security agendas.

In order to stay competitive in the marketplace, it’s important that professional service companies make the most of new technologies and innovative new solutions like cloud networking. However, the remits these firms have mean that the consequences of any kind of cyber-breach are severe. In the realm of professional services, a breach not only risks the organisation’s brand name, but also compromises clients’ data and brands, too.

Technology’s opening the door to cyber-threats

Many professional services firms are used to their reputations being on the line in a high-profile way. Look at any prominent business failure, and the auditor’s name is sure to have been raised in the media. But when it comes to network security, the entire organisation is at risk. Data is at the heart of these organisations, not just the security arm. And with sensitive data concerning audits, mergers, acquisitions and other information all key to business, they’re an attractive target for hackers and other cyber criminals.

As these businesses expand their remits and use technology to find increasingly more efficient ways of working, the door to cyber-threats is opened even wider. Take, for example, audit services offered by professional services firms. This aspect of the organisation is increasingly moving away from the traditional ‘rubber stamp’ auditing service, to a business partner who strives to add value to their clients’ organisation.

Increasing their role in this way typically requires the introduction of new technology such as robotics, artificial intelligence and automation. These technologies help companies to understand their clients’ data in the most complete way, helping them to highlight more efficient ways of working and so add value to their clients’ businesses. But, while these technologies help professional services firms to perform a more efficient service for clients, they also increase the risk and the number of entry points to that client’s valuable information.

Why employees are key for cyber-criminals

It’s not just new technology that poses a serious risk. Perhaps the greatest danger to a professional service’s organisation is its people. With the shift away from secure private networks to SD-WAN, internet and cloud-based connectivity, there’s far greater scope for individuals to unwittingly offer cyber-criminals a route into a company’s network.

New ways of working magnify this weakness further. The quest to attract and retain the best talent is outweighing the traditional company demands of the Monday to Friday nine to five, and professional services companies are increasingly offering flexible working. Plus, the ability to work anywhere is driving a growth in mobile working, proving useful to professional services companies that want to reduce office space and need to work as they travel globally to meet their multinational clients. As a result of flexible and mobile working, new devices and connections are added to the threat landscape. With this multiplication of end user devices and network entry points, there’s far more scope for a data breach.

The growth of mobile devices in professional services in particular increases the likelihood that a phishing attack will be successful. When working on a mobile, the layout of emails and webpages makes it difficult to verify whether they’re fraudulent. People are also more likely to make snap decisions to take action on a mobile, opening the door to email-based spear phishing, spoofing attacks that mimic legitimate webpages and attacks via social media.

A lack of awareness about security dangers is also an issue. The Verizon 2019 Data Breach Investigations Report revealed that phishing and credential theft associated with cloud-based mail accounts was one of the main types of attack in the professional services sector. With some professional services firms employing upwards of 250,000 individuals, based all around the world, just a small percentage being careless or unaware of security protocols can create significant vulnerabilities. It’s a challenge to keep track of these vulnerabilities and to keep employees aware and alert.

Creating a secure future for professional services

There’s a lot at stake for the professional services industry right now: it has to protect the highly valuable data that is its core business against evolving threat vectors and a strong element of human vulnerability. You need a partner who can provide a comprehensive security ecosystem able to keep pace with the sector’s changing security requirements and a complex threat landscape.

Our managed cloud security solution is ready to help you to handle ever-advancing threat vectors. We also offer specialised services to support the security priorities of the professional services industry. Avoid putting your reputation at risk by ensuring data and regulatory compliance, identify and fix your weak points with our ethical hacking service, and make sure you control access to confidential information using encryption and PKI