Business Services

In many countries, business services is one of the
largest industry groupings.
In the UK, for instance, business services account for 15.6% of
all registered companies.¹

According to some researchers, business services firms are bearing the brunt of cyberattacks. One study found that attacks are targeting professional services firms up to three times a week.² The study found that attacks result in both financial and reputational damage.³The nightmare scenario for CIOs in this industry is that their organisation loses
customer data. Depending on their activities, business services firms deal with highly sensitive data including personal data, financial data, client IP, legal data and more. Importantly, these datasets are often covered by privacy laws like the GDPR, and firms face a legal obligation to ensure they are secure. Yet data breaches are all too common, with high-profile breaches having involved some of the biggest names in the sector, such as Deloitte⁴ and Accenture.⁵For many business services companies, regular remote access to corporate resources was required long before the Covid-19 pandemic. “The nature of the industry means that professionals are constantly on the move for client meetings and secondments,” says Pelle Aardewerk, cyber security consultancy lead – personal systems services Europe, HP. “The fact that staff work from nearly anywhere, combined with the value of the data they access and use while out of the office, makes endpoint protection vital.”The demographic makeup of business services firms is also a factor for CIOs to consider. Such firms usually offer clear and promising career paths for people out of university and there are more opportunities in the sector than for comparable positions in banking and finance.⁶ This is a security challenge for CIOs because, as surveys suggest, young people are more likely to have their laptop stolen and fall victim to scams such as phishing messages.⁷ Given these trends, it’s perhaps unsurprising that 73% of business and professional services firms experienced a ransomware attack between 2021 and 2022.⁸

The fact that staff work from nearly anywhere, combined with the value of the
(customer and other sensitive) data they access and use while out of the office,
makes endpoint protection a key consideration.

- Pelle Aardewerk, cyber security consultancy lead – personal systems services Europe, HP

Security recommendationsCIOs in this sector need to be laser focused on securing endpoints from a wide range
of attacks, particularly given just how mobile the workforce is and the compliance and reputation risks that lie in wait.
Key steps include:

Layered endpoint security.
Take a “belt and braces” approach by implementing security controls on three layers: 1) privacy features like HP Sure View that protect sensitive information visible on computer screens (ideal for working in public areas); 2) HP Sure Click Enterprise isolation technology to process risky activities such as surfing the web, entering credentials or opening attachments in abstracted virtual machines to contain threats and; 3) hardware-enforced protections that secure device firmware. Uniquely, HP laptops and desktops with HP Wolf Security for Business come equipped with hardware-enforced security protections that deliver against all three layers out the box – protecting above the OS, in the OS and below the OS.

Remote trace and locate.
With the ever-present threat of employees leaving devices on trains or airplanes, in client meeting rooms or at hotels, remote trace-and-locate features are essential. Ideally, the IT team should also be able to remotely wipe data from devices in case they fall into the hands of criminals. HP Protect and Trace, for instance, empowers CIOs with just such functionality, enabling them to quickly locate lost PCs, and if necessary, lock or wipe them. The approach reduced the risk of data loss and creates more time for effective incident response.

Industry View

German Agricultural Society

The German Agricultural Society (DLG) is a respected voice in the
German food industry. DLG relies on its employees and volunteers across
more than ten countries but had found it increasingly difficult to manage and
secure the proliferation of endpoint devices this entails. The company
selected HP DaaS, inclusive of devices, HP Proactive Insights and HP Wolf Security.
Thanks to up-to-the minute data on device status, and a seamless service
from HP, device failures have fallen 15%. The company also benefits from
an enhanced security posture, which has supported its remote working model.

1 Office for National Statistics, “UK business; activity, size and location: 2022,” 2022 https://www.ons.gov.uk/businessindustryandtrade/business/activitysizeandlocation/bulletins/ukbusinessactivitysizeandlocation/2022
2 Digit News, “Professional Services Firms ‘Bearing the Brunt’ of Cyber Attacks,” November 2022 https://www.digit.fyi/professional-services-cyber-attacks-report/
3 Ibid
4 The Guardian, “Deloitte hit by cyber-attack revealing clients’ secret emails,” September 2017 https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
5 BleepingComputer, “Accenture confirms data breach after August ransomware attack.” October 2021 https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/
6 efinancialcareers, “Graduates flock to the big four in ‘toughest job market in a generation’”, February 2021. https://www.efinancialcareers.co.uk/news/2021/02/big-four-graduate-applications
7 Dazed, “Young people officially more likely to fall for scams,” April 2022 https://www.dazeddigital.com/life-culture/article/55992/1/a-quarter-of-young-people-trust-scam-messages-report-finds
8 TechTarget, “Top 14 ransomware targets in 2023 and beyond,” https://www.techtarget.com/searchsecurity/feature/Top-10-ransomware-targets-in-2021-and-beyond