Accounting Businesses & Cyber Security: What to Do
Accountancy is a high-risk industry for cybercrime, due to the daily processing of a lot of sensitive and potentially valuable data which proves to be very attractive for cyber criminals. According to UK cyber company Bromium, there are breaches in cybersecurity accounting for more than $1.5 trillion in lost revenue every year and everyone is at risk.
With more accountancy businesses having to work remotely due to the ongoing pandemic restrictions, cybersecurity and system security should be at the top of every accountancy firm’s agenda. It is not just large firms which are targeted by cybercriminals, but rather smaller firms with larger gaps and more weaknesses in their cyber security systems.
However, through careful planning, and by putting robust measures in place, you are able to protect your clients’ data, your company’s reputation and remain legally compliant.
Strategise a Response Plan
However, even with the most rigorous cyber security measures in place there is still a possibility that your company could fall foul of a cybercriminal. But it doesn’t have to be a disaster. By ensuring you have an IT response plan in place you can minimalise the damage caused. An IT response plan is an important weapon in the fight against cybercrime as it is a dedicated set of instructions which will help the IT team within your organisation respond quickly and effectively to an IT incident. Such incidents can include:
- Cyber attacks
- System outage
- Data loss
An IT response plan will not only ensure you are prepared should the worst happen but will also highlight any weaknesses in your processes or systems which can then be dealt with. A response plan should outline:
- Key contacts
- Escalation policy
- Processes for tracking and managing the incident
- Guidance on regulatory requirements
If you would like some guidance on putting a response plan in place, we can help; simply contact the team at CiS.
Hire a Security Architect
If your organisation does not have the capability in-house it is a good idea to hire a security architect, who can offer business IT support whilst assessing all your IT systems identifying the strengths and weaknesses. Their assessment will include penetration testing, risk analysis and ethical hacking in order to identify the best way of enhancing your IT system security.
Utilise Cloud Security
With the majority of remote work being carried out via cloud services, it is important to ensure that cloud security is utilised. The most basic form of cloud security is ensuring there are robust passwords and multi-factor authentication as well as ensuring all anti-virus, anti-ransomware and anti-malware software is up to date.
Additional security measures can include ensuring:
- All staff use VPNs rather than home or public WIFI networks.
- End to End Encryption (E2EE) is used which encrypts all data sent meaning it cannot be infiltrated by third parties.
- A private rather than public cloud is used
Top Tip: Why not check out our blog, Is the Cloud Safe?
If you are uncertain about the best way of keeping your cloud data secure speak to the team here at CIS. Our friendly experienced team can offer tailored cloud managed services depending on your needs.
Train employees with security principles
The weakest link when it comes to security is often the staff – the human element. That is why, staff training and rigorous security policies are a key factor in keeping your data safe.
Staff should be trained on:
- Spotting and avoiding Phishing attempts – knowing the dangers of clicking on links or sharing personal details with unknown senders is essential as well as how to identify suspicious emails which appear legitimate (eg.an email from Paypa1@btconnect.com).
- Protecting accounts – Simple behaviour changes like not leaving sensitive data applications logged in on shared computers, not writing passwords down, and not leaving a PC unlocked when away from the desk.
- Protecting sensitive data – When sending sensitive data via email staff should be trained to password protect it and then to send the password to the recipient via another communication method.
By having clear policies in place, which staff are regularly trained on, and a clear process to follow can help ensure that there is another layer of protection against being hacked.
Accountancy firms hold a lot of sensitive data, which if lost or infiltrated by ransomware for example can cost you and your clients a lot of money, not to mention reputation loss and compliance implications. Data stored by an accountancy firm can also lead to identity theft, fraud, and property theft. According to an IBM and Ponemon report (2019), each file lost can cost a company $150 which can add up if thousands of records are breached. As a matter of routine, you should be backing up your data on a regular basis – or at the least the data you can’t afford to lose.
Data back-ups, however, don’t just protect your systems from ransomware or other cybercrime but can also protect your data from a network or server malfunction. But only if the backups are stored off-site and not on company servers. Without backed-up data and a disaster recovery plan, accountancy firms can fall victim to ransomware or data loss and may therefore have to start again from scratch – which could threaten the liability of their business.
You can find out more today about our disaster recovery solutions and how our team can help you.
Use robust passwords
The first line in online security for accountancy organisations is having a robust password policy. The days of having your pet’s name or your favourite TV show as a password are far behind us as they are too easy for the cybercriminals to crack.
Every organisation has their own policy on passwords but as a general rule they should be:
- More than eight characters long.
- A combination of upper and lower case, numbers and special characters.
The more random a password the better, so replacing a letter with a number in a TV show is still too easy to crack.
Strong passwords could look something like:
It goes without saying that passwords shouldn’t be written down, unless they are kept in a very secure place.
If you would like information on our cyber security services or advice on keeping your data and your IT networks safe from cyber criminals speak to the team at CiS today or discover our range of cyber security solutions today.
How can we help?
Whether you have a project to discuss or just need some friendly advice, we'd be happy to help.Get in touch
Keep up to date
Join our mailing list and stay up to date with all the latest in the IT world