By giving cyber security the same priority as other business goals, accountancy firms can proudly display their security credentials
Accountancy practices are facing an increase in cyber risks as criminals switch their focus to ‘softer target’ smaller firms. Joe Collinwood, CEO at CySure explains why accountancy firms are targets for hackers and what steps they can take to minimize their exposure.
When it comes to cyber crime, small accountancy practices are not exempt from the disruption that affects large organizations. If anything, their size makes them more vulnerable as they are perceived as a softer target. In the USA for example there has been an explosion in fraudulent W-2 filings and in the UK with more filings now on-line risk is increasing. So why are accountants being targeted?
• They hold large amounts of private data
• They have the information cyber criminals want – corporate financial data, social security numbers, Tax IDs, bank accounts, payroll data, identification data for validation and reporting purposes
• Accounting firms use similar software so if a criminal finds a vulnerability that can be exploited they have lots of potential victims
• Typically there is inadequate technical protection, policies and procedures that leave firms wide open to a cyber attack
• A lack of incident response and business continuity procedures means accountants are more likely to pay a cyber criminal money because they fear they may not be able to recover from an attack and the firm’s reputation will be tarnished.
Many accountancy firms are making it easier for hackers by underestimating the threat they face from cyber attacks. There were 438(i) separate data security incidents reported to the Information Commissioner’s Office (ICO) in Q2 2018/2019 alone in the finance, insurance and credit sector. The cost to launch cyber attacks is negligible and the most likely method of breach is phishing i.e. human error. It’s time to think again.
Minimize Risk – 7 simple steps to cyber resilience
No business is too small to be attacked, however with the right approach to security, no business is too small to protect itself. Accountancy firms can pave the way to cyber resilience by following these top cyber-security tips:
• Invest in effective firewalls, anti-virus and anti-malware solutions and ensure any updates and patches are applied regularly, ensuring that criminals cannot exploit old faults or systems
• Ensure business critical data, such as customer data and financial information, on all company assets is securely backed up and can be restored at speed
• Have simple, clear policies in place to create a cyber-conscious culture in the workplace and ensure it is communicated to all personnel so they are familiar with it
• Have regular awareness training so that employees are constantly reminded of potential scams or tactics that can be used to trick them
• Review contracts and policies with suppliers to ensure they have an accredited standard for cyber-security for themselves and their partners to protect the supply chain
• Have an up-to-date incident response plan that is practiced regularly so that employees know what to do when they suspect there is an attempted breach or if an actual incident occurs
• Consider investing in cyber insurance to cover the exposure of data privacy and security. Accountancy firms should research insurance policies carefully to understand the level of coverage offered and their responsibilities to stay within the conditions of the policy.
Demonstrating confidence to the client base
Cyber security certification has many benefits; it ensures standardization and is a good differentiator for accountancy firms as it shows a diligence to information security. By giving cyber security the same priority as other business goals, accountancy firms can proudly display their security credentials and demonstrate trust and confidence to their client base.