Abstract
There has been a notable increase in insider threats to information and data security globally. The same has been noted in South Africa where local entities have faced huge losses. South African entities have thus not been spared, and the challenges relating to insider information security threats affect firms of all sizes and in all industries. It therefore follows that audit firms have been affected, as these rely on the trust given to them by their clients to keep their information secure. This is therefore a growing problem that has not spared entities in South Africa. The current study sought to evaluate the level of awareness and measures to safeguard client information from cyber related risks.
The study employed a positivist research philosophy and it was a descriptive survey which focused on small to medium audit firms (non-traditional big 4) and staff members from these firms. A questionnaire was used in collecting data, which were analysed using descriptive statistical analysis. Findings showed that there was generally a high level of awareness amongst staff in firms studied. Most firms have implemented highly suitable and relevant measures to safeguard client data in their possession. Results also showed that most of the best practices utilised globally have been adopted in the audit firms under study. These include secure access methods like VPNs, Internal firewall, USB port locking, hard drive and memory stick encryption and use of strong passwords.
It was recommended that regulators and policy makers strive to provide the necessary guidance concerning client Information Security optimisation amongst audit firms, thus standardising this aspect and encouraging the adoption of best practices. Furthermore, it is important for management in audit firms to adopt more sustainable approaches to ensure that the high levels of awareness are maintained going forward.
Keywords: Cybersecurity,