Cyber criminals set their sights on accountancy firms – 7 steps to minimise risk

When it comes to cyber crime, small accountancy practices are not exempt from the disruption that affects large organisations. Their size can make them more vulnerable as they are perceived as a softer target. In the USA for example, there has been an explosion in fraudulent W-2 filings and in the UK with more filings now online, risk is increasing. So why are accountants being targeted?

Many accountancy firms are making it easier for hackers by underestimating the threat they face from cyber attacks. There were 438 separate data security incidents reported to the Information Commissioner’s Office (ICO) in Q2 2018/2019 alone in the finance, insurance and credit sector. The cost to launch cyber attacks is negligible and the most likely method of breach is phishing i.e. human error.

Gateway to Information

Self-employed accountants and accountancy practices are on the radar of cyber criminals because of the amount of valuable data they hold on their clients. This information enables hackers to pull off complex frauds at a later date. The more information they have, the better a picture they can build of the small business or person whose bank account they intend to target.

Cyber criminals view accountancy firms as a “gateway” to client information and are perceived as a soft target with few security barriers, limited cyber security tools and little or no in-house expertise. Additionally, as many firms use the same software systems, hackers are motivated to seek vulnerabilities in the software knowing there will be a substantial pay day by exploiting the weakness to attack multiple businesses.

Small but not safe

According to the Cyber Security Breaches Survey 2018, 42% of small businesses identified at least one breach or attack in the last 12 months. Depending on the severity of the attack, SMEs can suffer more disruption than their larger counterparts as they lack the processes and cyber expertise to deal with the ramifications of an attack. The impact to business operations and the inability for staff to carry out their day to day work can have longer term consequences, not only for an accountancy practice itself but also for its clients.

Minimise Risk – 7 simple steps to cyber resilience

No business is too small to be attacked. However with the right approach to security, no business is too small to protect itself. Accountancy firms can pave the way to cyber resilience by following these top cyber-security tips:

Where to start and what to do now

Cyber security need not be complex or prohibitively expensive. In the UK Cyber Essentials (CE) is a government and industry-backed scheme specifically designed to help organisations protect themselves against common cyber-attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) they have set out basic technical controls for organisations to use which is annually assessed.

By using an online information security management system (ISMS) that incorporates Cyber Essentials and NIST, accountancy firms can undertake a certification route guided by a virtual online security officer (VOSO) as part of their wider cyber security measures. This will help the organisation to coordinate all security practices in one place, consistently and cost-effectively. Additionally, firms can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full-time in-house security specialist.

This article was contributed by Joe Collinwood, CEO of CySure

 

Share
Exit mobile version