Is your Outsourcing Provider Vulnerable to Cyber Risks?

Is your Outsourcing Provider Vulnerable to Cyber Risks?

The scope of cyber risks is significantly expanding. Reports across the world suggest that as more people work from home during the Coronavirus pandemic, cyber security attacks have increased multifold.

The Hill explains that the FBI’s Internet Complaint Center has received over 3,000 to 4,000 cybersecurity complaints every day since the beginning of the outbreak, which is miles ahead of the previous average of 1,000 complaints per day.

Internet powerhouse- Google has also reported a big surge in phishing attacks related to coronavirus. One of the company’s articles goes on to say that Google has been blocking 240 million spam messages per day along with 18 million coronavirus email scams daily.

Cyber risks associated with Outsourcing

In these unprecedented times, given the above scenario, accounting firms in the UK, US, Canada, Ireland, Australia, etc. may not be aware if their Outsourcing partner is equipped to handle the beckoning cyber security risk.Firms need to have a better control and knowledge of their providers’ cyber security procedures to make sure that their data is being handled within a safe and secured environment, even if the work is carried on Firms server, the risks exists as the virus can always be transmitted through user machine on a remote connection.

Many firms utilize outsourced services to improve productivity and/or to reduce costs.

However, the benefits from an increased use of outsourced services may be hampered by the correlating greater potential cyber risk vulnerabilities created for firms acquiring these services if not partnering with the right provider. Entities that acquire outsourcing services may be less than fully protected against these risks or perhaps unaware that they exist if at the other end outsourcing company is not taking it seriously.

In the wake of Covid-19, the threat to the cyber security landscape has been overwhelming as the working model has seen a major disruption towards work from home model. Lets see first and foremost, why the risk is more than ever:

Factors behind the Influx in Attacks

• Remote Working Leads to Increased unsecured Data-Sharing through the Internet

As compared to an office environment where employees use secured communication infrastructure and intranets to communicate and exchange information, work from home interactions are increasingly dependent on Internet connectivity, variety of other tools which may not be safe at all. This turns out to be a massive risk because Employees Internets are not much secured and can possibly lead to malicious acts.

• No Firewalls/Antivirus

Without the security protections that office systems afford – such as firewalls or End to End Antivirus protection, which blocks the unnecessary browsing to susceptible sites which can potentially infect your system – work from home systems are far more vulnerable.

• Home Wi-Fi Security

As opposed to the office environment, where IT managers can control the security of all Wi-Fi networks, employees’ home networks have weaker protocols (WEP instead of WPA-2, for example). This allows hackers easier access to the network’s traffic.

• Insecure Passwords

Simple passwords are incredibly easy for hackers to crack, and furthermore, if an insecure password is used across several platforms, it allows hackers to gain unauthorized access to multiple accounts in a very short period of time.

• Employees tend to use several devices

Employees frequently use more than one device when working from home to access important information or for other work-related reasons. This complicates the implemented efforts for protecting data as every device used is a potential entry for system threats. For instance, the employee’s laptop may have sufficient security controls but using an insecure smartphone may enable cybercriminals to compromise the organization’s cybersecurity posture.

How Firms can Defend against the Risks, what are the takeaways?

Understanding the cyber risks a Firm may encounter from using unreliable outsourced partner begins with asking clarifying questions. Business executives evaluating whether to increase their use of outsourced services or for the existing relationship must get answersto these important cyber security questions:

• How is your outsourcing partner is more vulnerable to cyber risk due to the technological changes in service delivery?
• What are the key policies and technical precautions your outsourcing provider has implemented at their workplace, especially for work from home employees?
• Do they have a comprehensive Work from home policy in place?
• Have they invested in educating their employees with new ways of work, have they invested in secured system access?

If the policies of your Outsourcing partner are non-existent and not fully robust, this is the time you should ask them to invest into technology to enable secured way of working from home as urgently as possible, else you are already playing with fire and any more delay would definitely leave a finger or two burned if not more (hopefully :-))

Significant recent technological developments in the methods for delivering outsourced services especially with WFH scenario, have improved the capability and efficiency of the Outsourcing companies like us that provide such services securely. If you are interested to know more, please feel free to get in touch with us at info@sandmartin.com