Connect with us

Top Stories

Using Packet-based NPMD Tools to Prepare for GDPR Breach Reporting

Published

on

Using Packet-based NPMD Tools to Prepare for GDPR Breach Reporting

The new GDPR regulations present a number of challenges to the IT and security teams of any enterprise doing business in the EU. One challenge that will be particularly difficult to meet is the need to quickly notify regulatory authorities of a data breach. The language of Article 33 states that companies must inform the authorities “without undue delay and, where feasible, not later than 72 hours after becoming aware of it.” This is made even more challenging since the accompanying report must provide very specific information about who and what was affected, specifying:

  • the nature of the personal data breach;
  • the likely consequences of the personal data breach;
  • the measures taken or proposed to be taken by the controller to address the personal data breach.

The GDPR regulations recognize that not all breaches cause the same amount of damage, so they only require notification of authorities “when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.” This turns out not to significantly limit the reporting requirement, however, because of its very broad definition of personal data. Other landmark personal data protection laws—suchas California’s Data Protection Act of 2003—specified the kinds of data that would lead to identity theft, i.e. a driver license, social security number, mother’s maiden name, etc. However, GDPR includes any information that results in risks to “rights and freedoms” which includes risk of embarrassment, harassment, and physical threats, so breaches of data types such as email, images, geo-location, social media or chat apps must be included.

Breach Detection and Remediation

 The 72-hour breach reporting requirement mentioned above is at odds with the current reality of cyber-forensic investigations. A SANS report (Cleaning Up After a Breach) revealed that 75 percent of breaches take anywhere from several weeks to over a year to remediate, far longer than the 72 hours required under GDPR.

The good news is that the reason most breach remediations take so long is that organizations focus almost exclusively on preventing intrusions and are almost wholly unprepared to investigate a breach should one occur. Some view breach preparation as admission that their prevention strategy is inadequate, a nonsensical argument at best. Compounding the issue is the belief by many organizations that they retain sufficient data for effective investigations, and by the time they learn differently, it is too late.

So why is this lack of preparation good news? Because effective preparation for rapid breach investigations is entirely possible and can be addressed with current technology and practices. It is worth noting that some of this preparation is most effectively undertaken with tools designed for Network Performance Management and Diagnostics (NPMD). These products are designed to capture network traffic in a manner that makes possible rapid forensic investigations into elusive network performance issues. The data the NPMD tools capture and the analytics they apply can be a vital component of forensic investigations into breaches. 

Forensic Investigations into Breaches

 In a large percentage of breaches, the attacker is still active in the breached systems. Once breached, a high priority is determining whether there is unwanted activity right now. Although tools that can assist in making this determination are outside the scope of this paper, it is another area where NPMD monitoring tools have a vital role to play.

Simultaneous with the determination of current activity and often extended long after it has been completed, a forensic investigation is undertaken to determine what was affected and how it happened. This forensic investigation, which not incidentally also produces the information required by a GDPR breach report, will likely require information from four different domains: the network traffic information, the activity logs of each computer, server, and router on the network, the behaviors of users in the organization, and lastly some information about what is stored in the memory (RAM, Flash, etc.) of each computer.

If any of these four types of information is missing, it must be recreated, if it can be; a lengthy and expensive process. Even if it is available in a general way, it must be specifically available for the period under investigation. This “investigation window” varies by type of information.

One of the most important, and certainly the most definitive source of information, is packet-level network traffic data. While much of the compromised personal data itself might be found in backups of the relevant databases, packet-level network traffic data contains the transaction information revealing how data was entered or deleted, which programs or individuals could access it, which other hosts on the network or in the broader internet could view or copy the information, and how the intrusion was conveyed and disguised.

There really is no substitute. Many breached organizations have found out only too late, to their chagrin, that the first thing malware authors do is cover their tracks by changing log data, eliminating transaction records, and generally making metadata less or not at all useful to forensic investigations. Packet-level network traffic is generally stored in a write-once-then-overwrite manner not susceptible to this kind of manipulation.

It is in this packet-level network traffic that malware is conveyed, and breached data exfiltrated. This traffic contains the fingerprints of source and origin in a manner that is difficult to disguise or manipulate. It provides the cloak under which the cybercriminal hides their malicious software.Having ready access to stored packet-level network traffic, together with the appropriate tools, processes, and personnel provides an opportunity for rapid and effective network investigations.

Retaining Packet-level Network Traffic Data

Retaining packet-level network traffic data negates the need to start recording network traffic as soon as awareness of a breach occurs. The purpose of capturing network traffic is to have original information: exact duplicates of the packets that conveyed the original intrusion, the installation, migration, and management of the malware, and the exfiltration of the company data. If these activities occur during the retention window for network traffic, then all that is required is forensic analysis software. If not, the insights that would have resulted from the missing data must be inferred, if they even can be, from other data sources.

There are many NPMD tools on the market for capturing and storing packet-level network traffic data. The challenge is that files of these transactions can become very large and are often only retained for a fairly short period, sometimes just hours or days. There are ways to reduce the amount of packet-level traffic to be stored for any given time period, but there is always a danger that the cybercriminal, in a bid to disguise their malware, will make it appear innocuous, just the kind of traffic most likely to be filtered out.

Determining the desired retention window is an important first step. NPMD vendors are, of course, happy to help you determine how to meet your requirements. Then you must determine how you will use the network traffic you’ve started to store.

Other Preparations for Breach Investigations

GDPR’s rapid breach reporting requirement implies more than just storing more data and better forensic analysis tools. In order to use these tools and information, the organization must have the trained personnel and operational procedures in place to provide these rapid answers. Today, many organizations rely upon external, skilled contract investigators to perform forensic investigations when required, often on an ad-hoc basis. While this is currently the most cost-effective way to deal with what are, hopefully, rare occurrences, the data required for the breach investigations must already be available for the investigation to be effective and definitive.

After the Breach

In the event of a breach, information from each of the four domains—if available—will need to be assembled and cross-correlated to build up a complete picture of the attack. Once all the pieces of the cyber puzzle are assembled, it will become easier to assess the damage in terms of compromised personal information as well as the steps necessary to correct the deficiencies that enabled the attack.

As the dust settles and the full extent of each breach is determined, the final actions and next steps need to be assessed without ambiguity. “Does the extent of the breach require that we notify our customers?” “Where was the vulnerability in our network and what are we doing to correct it?” “What expenses are we going to incur through possible litigation or other remediation going forward?” While GDPR provides a framework of requirements intended to protect the private information of consumers, simply adhering to its prescriptions is not enough. Once a breach occurs, an organization’s most important goal is to protect its relationship with the customer. While the penalties outlined in GDPR are intended to be punitive, they will pale beside the damage to a company abandoned by its customers.

Conclusion

Every organization must have an already-established response plan to meet the stringent time requirements of GDPR. The significant financial penalties levied on organizations that do not comply with these reporting requirements make this a C-suite issue.

Effective breach preparation requires storing the information required for forensic investigations, and this means packet-level network traffic, not just log data. Without information about what packets were flowing through the network, what applications were manipulating and storing information, and what users had been doing with that information, it will be impossible for investigators to answer even the most basic questions about the extent or impact of the breach at all, much less within a 72-hour window.

Meeting the requirements of GDPR can reduce corporate risk in the event of a data breach, and NPMD products can help meet those requirements. Every organization should include preparation for breach remediation in their cybersecurity strategy.

Top Stories

To take the nation’s financial pulse, we must go digital

Published

on

To take the nation’s financial pulse, we must go digital 1

By Pete Bulley, Director of Product, Aire

The last six months have brought the precarious financial situation of many millions across the world into sharper focus than ever before. But while the figures may be unprecedented, the underlying problem is not a new one – and it requires serious attention as well as  action from lenders to solve it.

Research commissioned by Aire in February found that eight out of ten adults in the UK would be unable to cover essential monthly spending should their income drop by 20%. Since then, Covid-19 has increased the number without employment by 730,000 people between July and March, and saw 9.6 million furloughed as part of the job retention scheme.

The figures change daily but here are a few of the most significant: one in six mortgage holders had opted to take a payment holiday by June. Lenders had granted almost a million credit card payment deferrals, provided 686,500 payment holidays on personal loans, and offered 27 million interest-free overdrafts.

The pressure is growing for lenders and with no clear return to normal in sight, we are unfortunately likely to see levels of financial distress increase exponentially as we head into winter. Recent changes to the job retention scheme are signalling the start of the withdrawal of government support.

The challenge for lenders

Lenders have been embracing digital channels for years. However, we see it usually prioritised at acquisition, with customer management neglected in favour of getting new customers through the door. Once inside, even the most established of lenders are likely to fall back on manual processes when it comes to managing existing customers.

It’s different for fintechs. Unburdened by legacy systems, they’ve been able to begin with digital to offer a new generation of consumers better, more intuitive service. Most often this is digitised, mobile and seamless, and it’s spreading across sectors. While established banks and service providers are catching up — offering mobile payments and on-the-go access to accounts — this part of their service is still lagging. Nowhere is this felt harder than in customer management.

Time for a digital solution in customer management

With digital moving higher up the agenda for lenders as a result of the pandemic, many still haven’t got their customer support properly in place to meet demand. Manual outreach is still relied upon which is both heavy on resource and on time.

Lenders are also grappling with regulation. While many recognise the moral responsibility they have for their customers, they are still blind to the new tools available to help them act effectively and at scale.

In 2015, the FCA released its Fair Treatment of Customers regulations requiring that ‘consumers are provided with clear information and are kept appropriately informed before, during and after the point of sale’.

But when the individual financial situation of customers is changing daily, never has this sentiment been more important (or more difficult) for lenders to adhere to. The problem is simple: the traditional credit scoring methods relied upon by lenders are no longer dynamic enough to spot sudden financial change.

The answer lies in better, and more scalable, personalised support. But to do this, lenders need rich, real-time insight so that lenders can act effectively, as the regulator demands. It needs to be done at scale and it needs to be done with the consumer experience in mind, with convenience and trust high on the agenda.

Placing the consumer at the heart of the response

To better understand a customer, inviting them into a branch or arranging a phone call may seem the most obvious solution. However, health concerns mean few people want to see their providers face-to-face, and fewer staff are in branches, not to mention the cost and time outlay by lenders this would require.

Call centres are not the answer either. Lack of trained capacity, cost and the perceived intrusiveness of calls are all barriers. We know from our own consumer research at Aire that customers are less likely to engage directly with their lenders on the phone when they feel payment demands will be made of them.

If lenders want reliable, actionable insight that serves both their needs (and their customers) they need to look to digital.

Asking the person who knows best – the borrower

So if the opportunity lies in gathering information directly from the consumer – the solution rests with first-party data. The reasons we pioneer this approach at Aire are clear: firstly, it provides a truly holistic view of each customer to the lender, a richer picture that covers areas that traditional credit scoring often misses, including employment status and savings levels. Secondly, it offers consumers the opportunity to engage directly in the process, finally shifting the balance in credit scoring into the hands of the individual.

With the right product behind it, this can be achieved seamlessly and at scale by lenders. Pulse from Aire provides a link delivered by SMS or email to customers, encouraging them to engage with Aire’s Interactive Virtual Interview (IVI). The information gathered from the consumer is then validated by Aire to provide the genuinely holistic view of a consumer that lenders require, delivering insights that include risk of financial difficulty, validated disposable income and a measure of engagement.

No lengthy or intrusive phone calls. No manual outreach or large call centre requirements. And best of all, lenders can get started in just days and they save up to £60 a customer.

Too good to be true?

This still leaves questions. How can you trust data provided directly from consumers? What about AI bias – are the results fair? And can lenders and customers alike trust it?

To look at first-party misbehaviour or ‘gaming’, sophisticated machine-learning algorithms are used to validate responses for accuracy. Essentially, they measure responses against existing contextual data and check its plausibility.

Aire also looks at how the IVI process is completed. By looking at how people complete the interview, not just what they say, we can spot with a high degree of accuracy if people are trying to game the system.

AI bias – the system creating unfair outcomes – is tackled through governance and culture. In working towards our vision of a world where finance is truly free from bias or prejudice, we invest heavily in constructing the best model governance systems we can at Aire to ensure our models are analysed systematically before being put into use.

This process has undergone rigorous improvements to ensure our outputs are compliant by regulatory standards and also align with our own company principles on data and ethics.

That leaves the issue of encouraging consumers to be confident when speaking to financial institutions online. Part of the solution is developing a better customer experience. If the purpose of this digital engagement is to gather more information on a particular borrower, the route the borrower takes should be personal and reactive to the information they submit. The outcome and potential gain should be clear.

The right technology at the right time?

What is clear is that in Covid-19, and the resulting financial shockwaves, lenders face an unprecedented challenge in customer management. In innovative new data in the form of first-party data, harnessed ethically, they may just have an unprecedented solution.

Continue Reading

Top Stories

The Future of Software Supply Chain Security: A focus on open source management

Published

on

The Future of Software Supply Chain Security: A focus on open source management 2

By Emile Monette, Director of Value Chain Security at Synopsys

Software Supply Chain Security: change is needed

Attacks on the Software Supply Chain (SSC) have increased exponentially, fueled at least in part by the widespread adoption of open source software, as well as organisations’ insufficient knowledge of their software content and resultant limited ability to conduct robust risk management. As a result, the SSC remains an inviting target for would-be attackers. It has become clear that changes in how we collectively secure our supply chains are required to raise the cost, and lower the impact, of attacks on the SSC.

A report by Atlantic Council found that “115 instances, going back a decade, of publicly reported attacks on the SSC or disclosure of high-impact vulnerabilities likely to be exploited” in cyber-attacks were implemented by affecting aspects of the SSC. The report highlights a number of alarming trends in the security of the SSC, including a rise in the hijacking of software updates, attacks by state actors, and open source compromises.

This article explores the use of open source software – a primary foundation of almost all modern software – due to its growing prominence, and more importantly, its associated security risks. Poorly managed open source software exposes the user to a number of security risks as it provides affordable vectors to potential attackers allowing them to launch attacks on a variety of entities—including governments, multinational corporations, and even the small to medium-sized companies that comprise the global technology supply chain, individual consumers, and every other user of technology.

The risks of open source software for supply chain security

The 2020 Open Source Security and Risk Analysis (OSSRA) report states that “If your organisation builds or simply uses software, you can assume that software will contain open source. Whether you are a member of an IT, development, operations, or security team, if you don’t have policies in place for identifying and patching known issues with the open source components you’re using, you’re not doing your job.”

Open source code now creates the basic infrastructure of most commercial software which supports enterprise systems and networks, thus providing the foundation of almost every software application used across all industries worldwide. Therefore, the need to identify, track and manage open source code components and libraries has risen tremendously.

License identification, patching vulnerabilities and introducing policies addressing outdated open source packages are now all crucial for responsible open source use. However, the use of open source software itself is not the issue. Because many software engineers ‘reuse’ code components when they are creating software (this is in fact a widely acknowledged best practice for software engineering), the risk of those components becoming out of date has grown. It is the use of unpatched and otherwise poorly managed open source software that is really what is putting organizations at risk.

Emile Monette

Emile Monette

The 2020 OSSRA report also reveals a variety of worrying statistics regarding SSC security. For example, according to the report, it takes organisations an unacceptably long time to mitigate known vulnerabilities, with 2020 being the first year that the  Heartbleed vulnerability was not found in any commercial software analyzed for the OSSRA report. This is six years after the first public disclosure of Heartbleed – plenty of time for even the least sophisticated attackers to take advantage of the known and publicly reported vulnerability.

The report also found that 91% of the investigated codebases contained components that were over four years out of date or had no developments made in the last two years, putting these components at a higher risk of vulnerabilities. Additionally, vulnerabilities found in the audited codebases had an average age of almost 4 ½ years, with 19% of vulnerabilities being over 10 years old, and the oldest vulnerability being a whopping 22 years old. Therefore, it is clear that open source users are not adequately defending themselves against open source enabled cyberattacks. This is especially concerning as 99% of the codebases analyzed in the OSSRA report contained open source software, with 75% of these containing at least one vulnerability, and 49% containing high-risk vulnerabilities.

Mitigating open source security risks

In order to mitigate security risks when using open source components, one must know what software you’re using, and which exploits impact its vulnerabilities. One way to do this is to obtain a comprehensive bill of materials from your suppliers (also known as a “build list” or a “software bill of materials” or “SBOM”). Ideally, the SBOM should contain all the open source components, as well as the versions used, the download locations for all projects and dependencies, the libraries which the code calls to, and the libraries that those dependencies link to.

Creating and communicating policies

Modern applications contain an abundance of open source components with possible security, code quality and licensing issues. Over time, even the best of these open source components will age (and newly discovered vulnerabilities will be identified in the codebase), which will result in them at best losing intended functionality, and at worst exposing the user to cyber exploitation.

Organizations should ensure their policies address updating, licensing, vulnerability management and other risks that the use of open source can create. Clear policies outlining introduction and documentation of new open source components can improve the control of what enters the codebase and that it complies with the policies.

Prioritizing open source security efforts

Organisations should prioritise open source vulnerability mitigation efforts in relation to CVSS (Common Vulnerability Scoring System) scores and CWE (Common Weakness Enumeration) information, along with information about the availability of exploits, paying careful attention to the full life cycle of the open source component, instead of only focusing on what happens on “day zero.” Patch priorities should also be in-line with the business importance of the asset patched, the risk of exploitation and the criticality of the asset. Similarly, organizations must consider using sources outside of the CVSS and CWE information, many of which provide early notification of vulnerabilities, and in particular, choosing one that delivers technical details, upgrade and patch guidance, as well as security insights. Lastly, it is important for organisations to monitor for new threats for the entire time their applications remain in service.

Continue Reading

Top Stories

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses

Published

on

On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses 3

By Nicole Jass, Senior Vice President of Small Business and Fraud Products at FIS

Fraud isn’t new, but the new realities brought by COVID-19 for merchants, and the rising tide of attacks have changed the way we need to approach the fight. Even before the pandemic broke out earlier this year, the transition to digital payments was well underway, which means fighting fraud needs a multilayered, multi-channel approach. Not only do you want to increase approval rates, you want to protect your revenue and stop fraud before it happens.

A great place to start is working with your payment partners to refresh your company’s fraud strategies with emerging top three best practices:

  1. AI-based machine learning fraud solutions helps your business stay ahead of fraud trends. Leveraging data profiles to model both “good” and “bad” behavior helps find and reduce fraud. AI-based machine learning will be increasingly essential to stay ahead of the explosive and sophisticated eCommerce fraud.
  2. Increasing capabilities around device fingerprinting and behavioral data are essential to detect fraud before it happens. While much of the user-input values can be easily manipulated to look more authentic, device fingerprinting and behavioral data are captured in the background to derive unique details from the user’s device and behavior. Bringing in more unique elements into decisioning, can help authenticate the users and determine the validity of the transactions.
  3. Prioritize user authentication. User authentication is a vital linchpin in any fraud defense and should receive even greater priority today. Setting strong password requirements and implementing multi-factor authentication helps curb fraud attacks from account takeover.

As well as working with your payment partners it’s more critical than ever to protect online transactions while not jeopardizing legitimate purchases. Fortunately, there are a few things you can do right now to address these concerns:

  1. Monitor warning signs

Payment verification is an important part of protecting your business. There are a variety of strategies to employ including implementing technology utilizing artificial intelligence and machine learning to help catch certain patterns. In addition to technology, here are a few other tips that may serve as warning signs. These are not a guarantee fraud is occurring, but they are flags to investigate.

o   The shipping address and billing address differ

o   Multiple orders of the same item

o   Unusually large orders

o   Multiple orders to the same address with different cards

o   Unexpected international orders

  1. Require identity verification

Finding a balance between protection and ease of purchase will ultimately help you protect your customers and your business. The following tactics can make it more difficult for fraudsters to be successful:

o   For customers that have a login, require a minimum of eight characters as well as the use of special characters in your customers’ passwords

o   Set up Two-Factor Authentication that requires a One-time Passcode (OTP) via SMS or email

o   Use biometric authentication for mobile purchases or logins

  1. Monitor chargebacks

Keeping good records is essential for eCommerce. If a customer initiates a dispute, your only available recourse is to provide proof that the order was fulfilled. Be prepared to provide all the supporting information about a disputed transaction. Worldpay’s Disputes solutions can connect to your CRM and provide you dual-layer protection against friendly fraud, first deflecting them before they arise and then fully managing chargeback defenses on your behalf.

  1. Monitor declines

Credit card issuers mitigate fraud by automatically declining payments that look suspicious, based on unusual card activity such as drastic changes in spending patterns or uncommon geolocations of spending. You can check your own declined payment history to help spot a potential problem. When volumes increase, the help of a payments fraud management partner is beneficial.

  1. Protect your own wallet

While you take the steps to protect your business, it’s also important to be mindful of your own protection—it’s incumbent on all responsible consumers to be vigilant about their data. Whether it’s simple awareness of how the fraudsters are operating today, sticking to trusted brands when shopping online, and thinking twice about what data you share and who you share it with, you’ll soon see how often you are sharing personal information about yourself.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Research exposes the £68.8 billion opportunity for UK retailers 4 Research exposes the £68.8 billion opportunity for UK retailers 5
Business14 hours ago

Research exposes the £68.8 billion opportunity for UK retailers

Modelling shows increasing the proportion of online sales by 5 percentage points would have significantly boosted retailers’ revenues during the...

Want to serve your customers better? An effective online strategy is what financial institutions need  6 Want to serve your customers better? An effective online strategy is what financial institutions need  7
Business18 hours ago

Want to serve your customers better? An effective online strategy is what financial institutions need 

By Anna Willems, Marketing Director, Mention A strong online presence matters. Having a strong online presence, that involves social media...

The rise of AI in compliance management 8 The rise of AI in compliance management 9
Technology18 hours ago

The rise of AI in compliance management

By Martin Ellingham, director, product management compliance at Aptean, looks at the increasing role of AI in compliance management and just...

Simplifying the Sector: How low code can aid digital transformation in financial services 10 Simplifying the Sector: How low code can aid digital transformation in financial services 11
Technology18 hours ago

Simplifying the Sector: How low code can aid digital transformation in financial services

By Nick Ford Chief Technology Evangelist, Mendix From online banking to contactless payments and Apple Pay, it has been well...

Why the Boom is Long Overdue (and Here to Stay) 12 Why the Boom is Long Overdue (and Here to Stay) 13
Business19 hours ago

Why the Boom is Long Overdue (and Here to Stay)

By Roger James Hamilton, CEO, Genius Group Virtually every aspect of our lives has been taken over by tech, so...

5 Sustainability Lessons That Are Crucial For Business Success 14 5 Sustainability Lessons That Are Crucial For Business Success 15
Business19 hours ago

5 Sustainability Lessons That Are Crucial For Business Success

By Michael Stausholm, founder of Sprout World (sproutworld.com) Sprout World is the eco-company behind the world’s only plantable pencil, with...

Why financial brands need to understand consumer vitality 16 Why financial brands need to understand consumer vitality 17
Business19 hours ago

Why financial brands need to understand consumer vitality

By Carolyn Corda, CMO at data consortium ADARA Our day to day lives have been turned upside down. Office workers have...

Why and how a modern marketing strategy should put customer experience first 18 Why and how a modern marketing strategy should put customer experience first 19
Business19 hours ago

Why and how a modern marketing strategy should put customer experience first

By Jim Preston, VP EMEA, Showpad In 2004, the Leading Edge Forum coined the term ‘consumerisation of IT’, defining a...

Leading from the front - why decision makers must embrace automation 20 Leading from the front - why decision makers must embrace automation 21
Technology19 hours ago

Leading from the front – why decision makers must embrace automation

By Jeppe Rindom, Co-founder & CEO, Pleo Ask any decision maker at a business about admin and you’re likely to...

Business first, not compliance only is the future for accountants 22 Business first, not compliance only is the future for accountants 23
Business20 hours ago

Business first, not compliance only is the future for accountants

By Peter Bracey, MD at Bracey’s Accountants.  The past few months have underlined the need for better business insight to reduce...

Newsletters with Secrets & Analysis. Subscribe Now