What steps have you and your team taken to address cybersecurity risk?

klompy Back in 2020 we engaged an IT consultant to review our entire practice for security, this was especially important during Covid working remotely which we now do full time.  He put in place a number of security systems such as ESET, bitlocker and 2FA on most of our systems, he also does regular training with staff and reports on issues that happen in Cyber Crime so we are aware of issues that can happen, just last week he emailed us about a client that had the 2FA hacked !! he is super conservative and has protected us from making decisions on software that potentially could be an issue.  We just dont know this stuff so having an expert there on call is great and I recommend every practice should have one

We follow the usual IT processes and have 2FA on almost everything. We still feel very exposed and would love to hear more ideas on how we can be more protected!

Rainier-Reyes, I would expect it's because we don't want anything bad happening to ourselves. But the evidence is scary for professional firms that could lose most of their business value overnight.

It really is all about the conversations that your team has with your clients (and others) in forming good cyber habits. Your clients are a big part of the supply chain risk to any professional firm. I have heard so many stories that start with "my client's email was hacked and..."

Hi klompy - our business undertook a cyber security audit by fraser-jack 's team last year and it was a very thorough process. We have implemented many of the recommendations made including ongoing staff training and awareness. The feedback from IT providers was interesting as they learned some things they didn't know about and are now spreading the word amongst their other business clients. My two biggest concerns in the business are looking after our team and the risk around cyber and to say we are vigilant is an understatement.