Login
iscover
Firms can create a security strategy that can continuously adapt to changing risks, says one specialist.
Newsletter
‘Zero trust’ vital to combat cyber risks, accountants told
09 May 2022
•
10 minute read
A “zero trust” mindset is critical to laying the foundations for cyber security across any modern business and accounting firms are no exception, said security advisory firm Sekuro.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Customer chief information security officer Lee Roebig said the zero-trust approach was based on the concept that no person, device, object, or connection should be trusted until it is proven that it should be.
“Technology is growing at a rapid pace and allowing businesses to thrive, but with a side effect of increased risk exposure. As a result, a modern security framework is needed to protect businesses on their transformation journey” he said.
“Zero trust applies to People, Identities, Endpoints, Networks, Infrastructure, Applications, and Data; underpinning all of them with strong Analytics. These are what we call the Eight Pillars of Zero Trust."
Mr Roebig said accounting firms of all sizes could adopt the methodology to bolster their protection processes and safeguard sensitive client data.
This approach to cyber security would require firms to continuously assess and decide if a user or system has permission to carry out an action.
“This level of proactivity is especially important in the world of accounting where numbers are crunched every day and the safeguarding of sensitive information and confidentiality is critical,” he said.
“For accounting businesses to effectively implement the zero trust model, organisations should adopt a holistic security strategy that involves people, process and technology.”
Mr Roebig said while it might sound overwhelming, modern technology makes taking steps towards zero trust easily achievable for even the smallest of accounting firms that have just started thinking about cyber security.
Firms could kickstart the deployment of zero trust with minimal investment by first implementing strong preventative controls across authentication, networks and endpoint security.
“You could start with authentication: Using MFA where possible plus uplifting the character limit to 14+ in your password policy, and not requiring password expiry as it encourages poor password hygiene” he said.
“It will also be important to review your network access controls and segment high-value infrastructure, as there is no trusted source. Assume potential attackers are present both inside and outside the network.”
Mr Roebig said with usage of portable devices and hybrid workforces, firms should also look at their current endpoint security solutions and ensure they support a 'secure everywhere' approach.
“You should be able to deploy configuration, gain real-time visibility and provide protection entirely from the cloud to your endpoints. There should be no difference in the security of your endpoints regardless of when or where your users want to work.” he said.
You need to be a member to post comments. Become a member for free today!
