Hackers may be using professional services firms as a sneaky means to reach their actual targets.

In today's digital age, the importance of security for professional services organizations cannot be overstated. With an increasing number of companies being targeted for valuable and confidential information, it's crucial that secondary targets take measures to protect both their perimeter and key data.

Many mid-range and boutique professional services organizations are struggling to catch up with security measures, leaving them vulnerable to potential attacks. This is a concern not only for these organizations but also for their clients, as the failure to address online security is leaving clients increasingly exposed to attacks.

If you are providing data to your professional advisers that is market-critical or highly confidential, it is a good time to review their levels of security and check on their security reporting. Edward Snowden, the former NSA contractor, urged professionals with a duty to protect confidential information to upgrade security in the wake of spy surveillance revelations, stating that unencrypted communications on the internet are no longer safe.

The first test of a service provider's seriousness about security is if they have strong two-factor and network access authentication, including at the partner level. This includes measures such as network access control, data encryption (at rest and in motion), and mobile device security.

US law enforcement agencies express concern over the vulnerability of US law firms to online corporate espionage due to their repository of company secrets, business strategies, and intellectual property. The failure of UK law firms to address online security is also a cause for concern, according to Seth Berman, executive managing director of Stroz Friedberg.

Companies of all sizes are at risk from IT system attacks. Larger companies often have stronger core defenses, making smaller entry points more attractive for hackers. This is why enterprises are increasingly carrying out risk analysis on their professional suppliers, including supplier access rights and data security.

Professional bodies such as The Law Society and ICAEW recognize the cyber threat to professional organizations and offer resources and advice to their members. There is also an increased awareness and calls for action regarding cyber threats to professional services companies, with US Wall Street banks and law firms collaborating to share security information.

This situation presents an opportunity for professional services providers with strong security credentials to differentiate themselves from those who currently do not. However, it's important to note that some professional services providers lack partner-level teams focused on ensuring ongoing high-profile security concerns. Additionally, some professional services firms are not subject to the same depth of compliance as their clients.

Professional service providers who offer particularly weak protection for the confidentiality of customer data and lack specific security teams focusing on this vulnerability as a high-profile issue are typically not explicitly listed in the results. However, it is indicated that external data protection officers provide professional data protection management, including advising on security, suggesting that providers without such dedicated roles or expertise might have weaker confidentiality protection.

In conclusion, the cyber threat to professional services organizations is real and growing. It's essential for these organizations to take security seriously and take measures to protect their clients' valuable and confidential information. By doing so, they can not only protect their own reputation but also help build trust with their clients and differentiate themselves from less secure competitors.

Hackers may be using professional services firms as a sneaky means to reach their actual targets.