Cybersecurity and the hybrid workplace

Jorge Rey, principal of cybersecurity & compliance and chief information security officer at Kaufman Rossin, is featured in a Praxity exclusive report, “Cybersecurity and the hybrid workplace,” on the growing risk of cyberattacks and how Praxity member firms like Kaufman Rossin are responding. Praxity is an international alliance of best-in-class, independent member firms, who are champions for global business success. Praxity’s cybersecurity report draws on the findings of a Praxity survey of member firms.

Article excerpts:

Jorge Rey, chief information security officer at Praxity member firm Kaufman Rossin in the U.S., says: “While working remotely, we’re constantly sharing sensitive information over the internet. If the connection isn’t properly secured and encrypted, it creates an access point for attackers, and your data could be exposed.”

“When employees use personal devices to conduct business, the organization has no oversight of those devices’ setup, which may not include proper encryption or the latest version of an operating system. Critical security patches may not have been installed on employee laptops for more than six months.”

Rey says connecting to the cloud through third party applications is “the biggest challenge” facing businesses in the hybrid environment and creates a “high area of risk.” The other main challenge is user access, he states, adding: “We see companies’ data being compromised because stealing credentials has become easier for hackers.”

As cybercrime becomes increasingly sophisticated, businesses large and small require much broader cybersecurity strategies in a bid to identify and sure up weak points in their operations, support supply chains, and keep disruption to a minimum in the event of a major attack.

Rey says: “The first step to protecting your business data is to ensure that everyone’s wireless connection is properly encrypted. Instruct your teams to turn on full encryption from their wireless access point and set up strong passwords.”

The various models and tools to improve cybersecurity can be baffling, but there are a few basic steps every business should take. Rey recommends the following:

  • Communicate: Make sure everyone is aware of your remote work policy and cybersecurity best practices, and make your IT team easily accessible.
  •  Secure your WIFI: Use proper encryption and strong passwords, and instruct employees to turn on full encryption from their wireless access point.
  •  Secure cloud-based services: Make sure you have enabled paid-for document-sharing tools, not free versions, for added security.
  • Set up multi-factor authentication and encryption: Give an email address or a cell phone number for codes to be sent and enable notifications so you can see when someone has tried to access your data or to change your password.
  • Ensure operating systems are fully patched: Make employees aware that when notified of an upgrade, it is important to install it to enable automatic patching.
  • Reintegrate: Secure and automate part or all of the processes that were once done using pen and paper. Automation can mean that something is done the same way every time. Reducing or eliminating manual errors can lead to improved data security and increased efficiencies.

These measures should not be seen in isolation. They need to be woven together into cohesive strategy.

At Kaufman Rossin, the focus has switched from building the right cybersecurity infrastructure to securing the right configurations for hybrid work. “Two years ago, everyone was being hacked. We had to make tweaks to our infrastructure and re-evaluate the threats,” Jorge Rey explains. In terms of advisory services, the U.S. firm is helping clients with risk assessments, identifying where the risks are and making sure they have the right cloud software and reporting in place.

One way in which firms can share expertise in this way is through Praxity working groups. In the U.S, for example, accounting leaders meet regularly to discuss key issues including security challenges. Commenting on the benefits, Rey says: “The more that we do, the more we can enhance our knowledge, understand what others are doing, and ultimately do things better.”

Read the full report on the Praxity website.

Jorge Rey, CISA, CISM, is a Cybersecurity & Compliance Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.