Cyber criminals set their sights on accountancy firms – 7 steps to minimise risk
Cyber criminals set their sights on accountancy firms – 7 steps to minimise risk
Accountancy practices are facing an increase in cyber risks as criminals switch their focus to ‘softer target’ smaller firms. Joe Collinwood, CEO at CySure explains why accountancy firms are targets for hackers and what steps they can take to minimize their exposure
When it comes to cyber crime, small accountancy practices are not exempt from the disruption that affects large organisations. Their size can make them more vulnerable as they are perceived as a softer target. In the USA for example, there has been an explosion in fraudulent W-2 filings and in the UK with more filings now online, risk is increasing. So why are accountants being targeted?
They hold large amounts of private data
They have the information cyber criminals want – corporate financial data, social security numbers, Tax IDs, bank accounts, payroll data, identification data for validation and reporting purposes
Accounting firms use similar software, so if a criminal finds a vulnerability that can be exploited they have lots of potential victims
Typically there is inadequate technical protection, policies and procedures and that leaves firms wide open to a cyber attack
A lack of incident response and business continuity procedures means accountants are more likely to pay a cyber criminal money because they fear they may not be able to recover from an attack and the firm’s reputation will be tarnished.
Many accountancy firms are making it easier for hackers by underestimating the threat they face from cyber attacks. There were 438 separate data security incidents reported to the Information Commissioner’s Office (ICO) in Q2 2018/2019 alone in the finance, insurance and credit sector. The cost to launch cyber attacks is negligible and the most likely method of breach is phishing i.e. human error.
Gateway to Information
Self-employed accountants and accountancy practices are on the radar of cyber criminals because of the amount of valuable data they hold on their clients. This information enables hackers to pull off complex frauds at a later date. The more information they have, the better a picture they can build of the small business or person whose bank account they intend to target.
Cyber criminals view accountancy firms as a “gateway” to client information and are perceived as a soft target with few security barriers, limited cyber security tools and little or no in-house expertise. Additionally, as many firms use the same software systems, hackers are motivated to seek vulnerabilities in the software knowing there will be a substantial pay day by exploiting the weakness to attack multiple businesses.
Small but not safe
According to the Cyber Security Breaches Survey 2018, 42% of small businesses identified at least one breach or attack in the last 12 months. Depending on the severity of the attack, SMEs can suffer more disruption than their larger counterparts as they lack the processes and cyber expertise to deal with the ramifications of an attack. The impact to business operations and the inability for staff to carry out their day to day work can have longer term consequences, not only for an accountancy practice itself but also for its clients.
Minimise Risk – 7 simple steps to cyber resilience
No business is too small to be attacked. However with the right approach to security, no business is too small to protect itself. Accountancy firms can pave the way to cyber resilience by following these top cyber-security tips:
Invest in effective firewalls, anti-virus and anti-malware solutions and ensure any updates and patches are applied regularly, ensuring that criminals cannot exploit old faults or systems
Ensure business critical data, such as customer data and financial information, on all company assets is securely backed up and can be restored at speed
Have simple, clear policies in place to create a cyber-conscious culture in the workplace and ensure it is communicated to all personnel so they are familiar with it
Have regular awareness training so that employees are constantly reminded of potential scams or tactics that can be used to trick them
Review contracts and policies with suppliers to ensure they have an accredited standard for cyber-security for themselves and their partners to protect the supply chain
Have an up-to-date incident response plan that is practised regularly so that employees know what to do when they suspect there is an attempted breach or if an actual incident occurs
Consider investing in cyber insurance to cover the exposure of data privacy and security. Accountancy firms should research insurance policies carefully to understand the level of coverage offered and their responsibilities to stay within the conditions of the policy.
Where to start and what to do now
Cyber security need not be complex or prohibitively expensive. In the UK Cyber Essentials (CE) is a government and industry-backed scheme specifically designed to help organisations protect themselves against common cyber-attacks. In collaboration with Information Assurance for Small and Medium Enterprises (IAMSE) they have set out basic technical controls for organisations to use which is annually assessed.
By using an online information security management system (ISMS) that incorporates Cyber Essentials and NIST, accountancy firms can undertake a certification route guided by a virtual online security officer (VOSO) as part of their wider cyber security measures. This will help the organisation to coordinate all security practices in one place, consistently and cost-effectively. Additionally, firms can take advantage of the expertise of online cyber security consultants at a fraction of the cost of a full-time in-house security specialist.
This article was contributed by Joe Collinwood, CEO of CySure
The importance of UX in accounts payable: Often overlooked, always essentia...
10m
Kloo
The importance of UX in accounts payable: Often ov...
Embracing user-friendly AP systems can turn the tide, streamlining workflows, enhancing compliance, and opening doors to early payment discounts. Read...
Organisations can enhance their financial operations' efficiency, accuracy, and responsiveness by adopting platforms that offer them self-service cust...
In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...
8 Key metrics to measure to optimise accounts payable efficiency
10m
Kloo
8 Key metrics to measure to optimise accounts paya...
Discover how AP dashboards can transform your business by enhancing efficiency and accuracy in tracking key metrics, as revealed by the latest insight...
SMEs face increased cybersecurity risks, phishing attempts
5y
Shannon Moyer
SMEs face increased cybersecurity risks, phishing ...
Data security experts warn accountants that phishing and hacking schemes are on the rise, putting firms at risk of GDPR fines and data breaches Read M...
The value of alleged cybercrime cases reached over £1 billion in UK Courts in 2019, according to research by KPMG – showing fraudsters are becoming mo...
Martin Morris discusses the problem of IP theft, data leakage, phishing and Wi-Fi interference be addressed as mobile threat looms large for corporate...
Shoring up network cybersecurity for the 2020 tax season
5y
Sam Bocetta
Shoring up network cybersecurity for the 2020 tax ...
With 2020 tax season fast approaching, how can accountants ensure their IT networks are secure against the many cyber-threats facing businesses today?...
Value of Fraud Cases reaching UK Courts decreased in H1 2019
5y
Chris Jewers
Value of Fraud Cases reaching UK Courts decreased ...
Roy Waligora, KPMG UK head of investigations said: “We are noting a worrying move from criminals simply hacking as a means to an end to being industri...
The cyber threat never stands still, it is always evolving and will always be with us. If your business has not experienced a cyber-attack in the past...
Phone security expert lauds HMRC’s response to scam surge
6y
Dave Beach
Phone security expert lauds HMRC’s response to sca...
New statistics from HMRC reveal a surge in phone scam reports, yet telco security experts, Callsign, have praised the taxman’s counter fraud efforts. ...
AAT's tax policy adviser Brian Palmer on how to stop procrastinating and put in simple measures to protect your practice and your clients right away R...