-
SOC Attestation
Independent opinion attesting to the commitment of service providers to sound internal controls
-
Audit and review of financial statements
Credibility of your company's accounting activities in accordance with the legislation in force
-
Assurance of Non-Financial Reports
It aims to meet the needs of the business, being able to contemplate different bases and sectorial and global development guidelines
-
Assurance of Integrated Reporting and Sustainability Reports
Differential for rendering accounts and demonstrating the engagement of organizations in relation to sustainable practices and their generation of value
-
Assistance in accounting definitions
Quality, comparability and transparency of financial information in your company
-
Accounting, Labor and Tax Compliance
Permanent diagnostics and advice to raise the level of controls and mitigate risks
-
Pre-Audit Diagnosis
Diagnostics capable of offering support according to the purpose and needs of the business
-
Assessment reports for consolidations, spin-offs, and mergers
Technical evaluation of net assets at book value or of net assets adjusted to market prices
-
Capital Markets
Complete analysis and preparation for strategic fundraising operations
-
Business Consulting
Approaches compatible with technologies that support corporate decision-making and stimulate innovation
-
Strategy & Transactions
Performance of operations and capital structure to enable more efficient corporate transactions
-
FIDS – Forensic, Investigation & Dispute Services
Identification, protection and prevention of risks to preserve business integrity and security
-
Risk and Compliance - BRS
Risk management, process improvement to achieve strategic objectives
-
Business Restructuring and Recovery
Assertive plans and agile actions to recover your company's strategy and performance
-
Global Mobility Services
International mobility programs in compliance with local tax legislation and optimized costs
-
Home page
Financial Statements
-
Transfer Pricing
Review or elaboration of calculations that allow the most assertive compliance in operations abroad
-
Labor & Social Security
Identification of existing risks and opportunities according to the current moment and future perspectives
-
Direct tax
Agile strategies for complying with laws and enabling regional and sectoral tax incentives
-
Indirect tax
Specialized support capable of increasing legal certainty involving different laws and jurisprudence
-
International Tax
Analysis and planning of scenarios in different jurisdictions, with integration into the Brazilian scenario
Few companies have had a viable alternative to remote working during the COVID-19 lockdown, but most sectors have been surprised by how easy and how effective this change to home working has been. As the lockdown begins to ease, many are looking at how they can maintain the benefits of this new approach in the long term.
An uptake in remote working presents new opportunities for firms across the financial services sector. With more people working from home in the long term, firms can reduce their physical overheads, and attract top talent from further afield.
Remote working means new challenges
The greater flexibility that comes with remote working is also good for employees, as it promotes a healthy work-life balance. And the environmental benefits from ;an end to commuting can help the UK meet its reduced carbon targets.
Remote working, however, brings new challenges and you need to adapt your cyber security safeguards to take account of this. This is particularly true in the financial sector, where outages are particularly damaging and can cause widespread economic harm and impact individual customers. Good operational resilience is vital, regardless of whether your people are working remotely or on-premises, and your cyber security framework should reduce the potential for outages and help the firm bounce back to business as usual.
A three-tiered approach to secure remote working
Your new remote working cyber security framework should broadly cover three areas:
Remote workers will not have the same support as they did from an on-sight IT support team, and most home networks will not have the same security configurations or robust safeguards in place as an office environment.
Offering additional training and raising awareness of your remote working policy will promote cyber vigilance for those working from home. Ensure your workers are aware of the importance of following procedures.
Key considerations for remote working:
Is there a clear process to continuously monitor infrastructure performance, such as VPN connections, laptops, bandwidths or security tokens?
- Is your IT support team adequately resourced and trained to accommodate an increased number of requests?
- What measures are in place to safeguard personally identifiable information, considering data security, fraud, cyber security?
- Are all devices, including employee's own, secured with strong passwords and updated firmware/software?
- Is your cyber security training current, clear in employee's minds and are clear protocols in place for if suspicious activity is detected?
Good cyber security leads to good cyber resilience. If a cyber incident does happen, good cyber resilience keeps firms functioning and minimises the impact. This is critical for financial firms’ operational resilience frameworks, particularly when remote working is the norm.
Cloud storage is a key element of both business and cyber resilience processes, but greater reliance on cloud services need additional security safeguards.
For a start, check if sensitive data is held in the cloud. Confirm the data is held securely and that the vendor is managing their risks appropriately. Vendors, consultants or other personnel may have access to cloud data, and you should ensure proper steps are being taken to keep your data safe.
Your internal audit team may want to evaluate cloud programmes, and most firms have the contractual right to audit the firm’s cloud data and the interfaces between its web applications.
Other items to consider for ensuring remote working cyber resilience:
- What is the review cycle for contracts with business resiliency partners and how are vendors and emergency responders currently engaged?
- Are there business-critical processes or activities that will have regulatory implications if changed or disrupted?
- If there are business-critical activities that are automated, do you have the resource and ability to perform them manually?
- Are you assessing the ongoing effectiveness of supply-chain cyber security requirements for your business and third parties?
- Is there supplier attestation in place on controls for logging, patching or multi-factor authentication?
- Can you cope with staff absences or lack of access due to connectivity or bandwidth issues?
Despite all the planning and preventative processes in place, cyber incidents occasionally still happen. Effective cyber incident management, combined with good resilience, can reduce the impact and help keep your new remote working processes on track.
While the current circumstances have shown that remote working is effective and relatively safe, there are still some risks to consider.
In the office, shredding bins are readily available, printers have individual logins, and employees generally use managed devices. Protecting data in your employees' homes while they're remote working is still possible, but requires some new processes and measures.
Be sure to answer the following questions in your remote working policy:
- If people are using personal devices, are they saving work information to the cloud and avoiding using their personal computer for storage?
- Do people have somewhere at home to make sensitive phone calls?
- Are screens or papers visible to others in the household?
- Have work-related papers been stored securely and shredded, if no longer needed?
- Are cameras and microphones disabled when not in use?
- Have the rules around encryption and data sharing been applied?
Cyber resilience for the new normal
Effectively managing information security, data protection and cyber resilience processes can support your business while your employees are remote working during lockdown. But looking across these three strands, lessons learned now can help businesses prepare for a shift in working patterns in the long term.
By: Manu Sharma, Partner, Head of Cyber Security and Resilience at Grant Thornton UK
How can Grant Thornton support your company's cybersecurity?
You can count on our experts for more information and guidance on the steps your organization should take to mitigate risks, deal with digital threats and increase the resilience of your business.