Cyber Security Case Study: Accounting Firm
We are basing this cyber security case study on a medium size accounting firm. This accounting firm is a family business that employs around 50 staff and based in Sydney. Covering basic bookkeeping to specialised wealth management. For the purpose of this Cyber Security Case Study, we shall protect the identity of this client.
With three sites across Australia and overseas, This Accounting Firm utilises a combination of on-premise and cloud-based infrastructure. As an accounting firm, this client is responsible for protecting highly sensitive information entrusted to them by their customers.
This Accounting Firm had decent pre-existing cyber security measures in place, but they were looking for more. Given the recent roll-out of data-related legislation, This Accounting Firm wanted to be sure they were exceeding their obligations to minimise risk. They came to Stanfield IT with the intent to meet the current ASD and NDBS requirements.
This Accounting Firm handles a significant volume of confidential data for their clients, and knew they would be subject to the Notifiable Data Breaches Scheme. As a result they wanted to reduce any possible vulnerabilities they had and avoid any breaches.
First of all, Stanfield IT needed to evaluate the current cyber security policies and procedures in place at This Accounting Firm. We also needed to identify the areas that the client wanted to focus on.
This involved an audit questionnaire that the client could fill out in order to highlight problem areas. The audit aims to determine the following information:
- Are any compliance, governance and legislative requirements required?
- The types of data the organisation deals with, and how it is handled.
- What IT systems are in place that store data and how are they managed?
- The protections that are in place around the IT systems to enforce security and compliance.
- What levels of access and awareness do the staff have around the data and its security?
This information draws a good picture of the organisation’s current state (strengths and weaknesses) and what areas need attention.
We collated the results of the audit questionnaire and compiled a list of recommended strategies for This Accounting Firm. As a part of this cyber security case study, it is helpful to share what solutions we implemented:
- Next Generation Firewall & Sandboxing: Sandboxing is a security practice where you isolate data from the the main network, in a separate environment so that any security issues that arise are found before it is found on the primary network.
- Maintenance Plan for Updates: We created a schedule for This Accounting Firm to ensure they kept all operating systems and vendor software up to date and patched.
- Mobile Device Management: Implemented MDM along with mobile application management in order to protect data on personal and company devices.
- Monthly support arrangement: We implemented a fixed monthly arrangement in order to provide ongoing support.
- AI Anti-Virus: This Accounting Firm now has an elite anti-virus and malware protection solution with a deep learning artificial intelligence with ransomware specific protection.
- Multi-factor authentication: Was configured and enforced on systems which could handle this.
- Firewall: We implemented a strict firewall policy that protects users from accessing dangerous sites.
- Application Whitelisting: The first step in the ‘essential eight’ prevents foreign or malicious programs executing.
- Restrict Admin Privileges: We removed administration privileges from all user accounts to reduce their access to the Internet.
- Application Hardening: Disable and block unnecessary add-ons such as Flash or Java.
- End User Training: We must never forget who can uphold cyber security every day. We held a training session for the team so they can identify cyber risk in their every day.
As a result of all this work, The Accounting Firm can confidently state that their system is secure. This provides ease of mind to the firm, and it’s clients as they are now assured that their IP is protected, as well as confidential client information.
The solutions implemented work together with their existing framework to provide a robust and cutting-edge cyber security strategy that effectively mitigates and controls most cyber risks. This Cyber Security Case Study is an excellent example of how you can never be too careful. Even with relatively effective cyber security in place, there were plenty of additional solutions we were able to implement to improve their situation. And when you’re working with a unique IP and sensitive information, that’s what you want to do.
Need help with your Cyber Security?
Speak to the Cyber Security Experts at Stanfield IT today on 1300 910 333.