It was an honor collaborating globally with peers across the Accounting Industry on this thought leadership from the Praxity Alliance on “Cybersecurity and the Hybrid Workplace“. Unsurprisingly, the whitepaper notes that too many businesses are unaware, unprepared, and unprotected in spite of the heightened security risk.
I highly recommend reading the piece but I’ll share some high level takeaways:
- “Cyber security is not an IT issue, it is a boardroom issue”. Companies typically have a duty under law as well as a duty to their customers (to protect their data, to serve them securely, etc). Unsurprisingly, “cybersecurity and regulatory compliance are now regarded as the top two biggest concerns of corporate boards.”
- It is important to think of cybersecurity in terms of business risk, not just technology and to ensure all aspects are adequately addressed.
- “The biggest cybersecurity challenge … is keeping pace with evolving threats”.
- Organizations need to develop comprehensive and flexible cybersecurity strategies to increase protection and minimize risk.
- Users are typically the greatest point of vulnerability for any IT environment and the biggest cybersecurity challenges revolve around authenticating them
- Implement multi-factor authentication (MFA) and conditional access policies. Combine this with Single Sign On (SSO) to significantly reduce administrative burden (and create a more seamless user experience!). Would you rather change 1 password/account or 20 passwords in the event of a successful phishing compromise?
Other recommendations:
- Develop incident response plans with clear actions for employees in the event of a security breach
- Provide ongoing security awareness training – I’m a big fan of regular micro-learning vs. the traditional annual security awareness training. Add some sort of regular assessment/quiz so you can validate the effectiveness of the training.
