Endpoint security isn’t enough to protect your hybrid workers from cybercrime

Now a central priority for many modern employees, hybrid working will play an active role in shaping the future of work. But what does this mean for cyber security?

Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.

Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.

However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.

However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.

Saving Time

For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.

Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.

Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.

Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.

This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.

The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.

“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”

– Ian Smith, partner at Ryecroft Glenton

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

When equipped with the right tools, the hybrid workforce are proving themselves to be effective from further and further afield - but while this might be great news for employees; it means a rapidly growing challenge for business leaders.  

Whether employers like it or not, the rising prominence of IoT devices mean that many are becoming entangled with their employees’ hybrid working setups – resulting in an enormous amount of entry points for CIOs to keep track of and secure.

But securing physical endpoints is only the beginning. Just as technology is becoming more refined with time, so too are cyber-threats – and if business leaders are to keep themselves safe, they must take a more holistic view of their defences; one that goes beyond endpoint security and incorporates multiple layers of protection. But what form will this take, and are organisations ready to make it a reality?

Not leaving yourself vulnerable

Pre-2020, endpoint security wasn’t necessarily a priority even among the most security-conscious businesses. This is because endpoints were nearly universally kept onsite – so as long as server locations were properly protected, endpoints were too.

However, nowadays, company endpoints are no longer all kept onsite. Instead, an interconnected web of mobiles, desktops, laptops, printers, servers, and IoT devices are now dispersed over many areas and environments; being used in homes, cafés, and even on trains.

But while company data can be accessed by each of these devices, corporate IT teams can’t always keep them all accounted for – meaning they can’t be properly protected. This is further compounded by the fact that these devices are only growing in number and many are designed only for basic antivirus (AV) and next-generation antivirus (NGAV), rather than the multiple layers of security required to repel modern cyber-threats.

With so many new points of entry, hackers are spoilt for choice when it comes to ransomware and phishing targets; with the latter comprising 41% of all security incidents. Worse still, by infiltrating devices with outdated security, hackers are now able to infiltrate company VPNs – giving them access to data across entire corporate networks, meaning enormous potential damage to any business handling sensitive information.

Antivirus software can’t protect against everything

While the cyber security landscape has advanced by incredible leaps since antivirus software was introduced in the 1980s; worryingly, many SMBs still believe that basic antivirus is enough protection for their physical endpoints. And with so many unprotected devices, networks, and Cloud-based services currently active these days, this is not a business trend that can continue to exist in our increasingly hybrid world.

The main problem with antivirus software is that it follows a signature-based model of detection. This means that it’s only suited for recognising and blocking threats that are already known – and with so many new and sophisticated forms of malware being developed every day, the limitations of this go without saying. This is especially true these days, where sneaking malicious links past antivirus programs is easily done by embedding them within PDF attachments – which saw particular prominence near the end of 2022, with attacks of this kind skyrocketing by 38%.

But to make matters worse, the protection that antivirus provides is only as effective as its latest update – which is difficult to keep up-to-date across the board, depending on how many devices are connected to your network and how much IT resource you have access to.

Regardless, it’s clear that when it comes to cyber security, antivirus software is not enough – especially when 77% of cyberattacks arrive via email, and up to 95% of successful breaches are happening due to human error. With new cyberattacks becoming too varied and sophisticated for employees to continually be vigilant against, organisations must not rely solely on the reactive protection of antivirus, but instead embrace more proactive measures.

Isolation technology – the vital component for hybrid security

Of course, this is not to say that antivirus software is completely obsolete – but rather, it should be viewed only as a component of a multi-layered cyber security strategy, rather than one catch-all solution. In fact, favouring a versatile approach will become vital to protect the remote workforce in coming years; especially as employee demands for flexibility will necessitate investment into a wider range of digital collaboration tools.

But what does this next layer of cyber security look like?

Unlike the traditional ‘detect and block’ model, isolation technology is actually able to protect against threats that it hasn’t encountered before. This is because the technology treats all applications – PDF, Microsoft Outlook, Google Chrome, etc. – with the same zero-trust protocol, opening them into areas completely isolated from a machine’s OS. Therefore, even in the event of surprise malware, the isolation technology has already neutralised the threat and prevented it from spreading to other endpoints connected to the network.

With antivirus and endpoint security working as a foundation, isolation technology gives organisations the best chance of protecting their hybrid workforce – with protocols that even mitigate against human error to a certain extent.

But just as with any tool, isolation technology can only do so much. Clear guidelines must still be set regarding usage of personal equipment, and ensuring only certain workplace devices have secure access to corporate data. Keeping this principle in mind is crucial to constructing a truly proactive cyber security frontline; not just focusing on quick fixes, but staying mindful about the cyber security landscape and new threats originating from within the hybrid workforce.

Promoting a culture of vigilance  

As with any companywide change, nurturing a culture that values cyber security is instrumental to your updated practices persisting into the future.  But even if employees are based outside of the office, a strong cyber security framework can still be integrated by updating your company policies and governance practices; and by expanding risk management processes to include incident response plans and regular penetration testing.

Another step is training and education – and for demonstrating the role that your employees play in keeping their workplace secure, you should find initiatives that favour powerful visual presentation. For many people, words on a page only go so far – whereas a demonstration from an ethical hacker could foster far-reaching behavioural change among your employees.

But before any concrete changes are made, undertaking a cyber-health check or a gap assessment is absolutely crucial. A managed service provider can ease this process, and secure you for the future – since, as well as identifying vulnerabilities in your existing security, we can also develop a solution to support your ongoing protection as the hybrid workforce continues to evolve.

In the modern cyber security landscape, businesses can no longer afford to protect their hybrid workers with only the bare minimum. However, augmenting your existing security with isolation technology – as well as cultivating a proactive culture – will allow you to put your best foot forward, and keep your employees working smarter and safer for whatever challenges the future may hold.

Apr 2024

Context-switching and multitasking: unravelling the productivity myth

The stark reality of near-flat UK productivity levels, highlighted in the latest official figures as part of the Autumn Budget, presents an opportunity to boost productivity.

Resource management challenges: 6 common blockers and how to overcome them to achieve your maturity goals

Maturing your resource management leads to firm-wide benefits and ultimately growth.

Accountants need a modern document management system

Accountancy firms realise the importance of technology in helping them function efficiently.

How accounting firms can bolster cybersecurity through AI integration

In recent years the threat of cyber-attacks has grown significantly, with both the frequency and sophistication of attempted breaches increasing.

Are your clients happy? The power of brilliant customer care

Your clients might not be as happy as you think.

Looking forward: How to drive change in your accounting practice

The metronome that is accounting and tax work often makes for a workplace and culture that is change-averse.