A “zero trust” mindset is critical to laying the foundations for cyber security across any modern business and accounting firms are no exception, said security advisory firm Sekuro.
Customer chief information security officer Lee Roebig said the zero-trust approach was based on the concept that no person, device, object, or connection should be trusted until it is proven that it should be.
“Technology is growing at a rapid pace and allowing businesses to thrive, but with a side effect of increased risk exposure. As a result, a modern security framework is needed to protect businesses on their transformation journey” he said.
“Zero trust applies to People, Identities, Endpoints, Networks, Infrastructure, Applications, and Data; underpinning all of them with strong Analytics. These are what we call the Eight Pillars of Zero Trust."
Mr Roebig said accounting firms of all sizes could adopt the methodology to bolster their protection processes and safeguard sensitive client data.
This approach to cyber security would require firms to continuously assess and decide if a user or system has permission to carry out an action.
“This level of proactivity is especially important in the world of accounting where numbers are crunched every day and the safeguarding of sensitive information and confidentiality is critical,” he said.
“For accounting businesses to effectively implement the zero trust model, organisations should adopt a holistic security strategy that involves people, process and technology.”
Mr Roebig said while it might sound overwhelming, modern technology makes taking steps towards zero trust easily achievable for even the smallest of accounting firms that have just started thinking about cyber security.
Firms could kickstart the deployment of zero trust with minimal investment by first implementing strong preventative controls across authentication, networks and endpoint security.
“You could start with authentication: Using MFA where possible plus uplifting the character limit to 14+ in your password policy, and not requiring password expiry as it encourages poor password hygiene” he said.
“It will also be important to review your network access controls and segment high-value infrastructure, as there is no trusted source. Assume potential attackers are present both inside and outside the network.”
Mr Roebig said with usage of portable devices and hybrid workforces, firms should also look at their current endpoint security solutions and ensure they support a 'secure everywhere' approach.
“You should be able to deploy configuration, gain real-time visibility and provide protection entirely from the cloud to your endpoints. There should be no difference in the security of your endpoints regardless of when or where your users want to work.” he said.
Tony Zhang is a journalist at Accountants Daily, which is the leading source of news, strategy and educational content for professionals working in the accounting sector.
Since joining the Momentum Media team in 2020, Tony has written for a range of its publications including Lawyers Weekly, Adviser Innovation, ifa and SMSF Adviser. He has been full-time on Accountants Daily since September 2021.