Abstract
There has been a notable increase in insider threats to information security (IS) globally. South African entities have thus not been spared, and the challenges relating to insider information security threats affect firms of all sizes and in all industries. It therefore follows that audit firms are not immune, as these rely on the trust given to them by their clients to keep their information secure. This is therefore a growing problem that has not spared entities in South Africa. The current study sought to evaluate the level of awareness and measures to safeguard client information from cyber related risks that emanate from within. The study employed a positivist research philosophy and a descriptive survey which focused on small to medium audit firms. A questionnaire was used for collecting data, which were analysed using descriptive statistical analysis. Findings showed that there was generally a high level of awareness amongst staff in the firms studied. Most firms have implemented suitable and relevant measures to safeguard client data electronically stored and or transmitted. Results also showed that most of the best practices utilised globally have been adopted in the audit firms under study. These include secure access methods like Virtual Private Network (VPN), internal firewalls, USB port locking, hard drive and memory stick encryption and the use of strong passwords. It was recommended that regulators and policy makers strive to provide the necessary guidance concerning client information security optimisation amongst audit firms, thus standardising this aspect and encouraging the adoption of best practices.