67% of cyber breaches and attacks are successful due to human error or a password being weak and then compromised. Cybercriminals aren’t looking just at large accountancy firms; they are looking for vulnerabilities in your network and your staff.
As an accountancy firm, you will regularly store, manage, and oversee valuable financial data from your clients. You’re entrusted with sensitive business data, so accountancy professionals must take extra precautions and be aware of the threats.
What Cybersecurity threats do accountants face?
Whilst the number of cyber-related risks and threats continues to evolve and become even more sophisticated, anything that compromises the integrity of your service's integrity needs addressing.
Cybercriminals want – financial data, Tax IDs, bank account details, payroll data and employee details. With many accounting firms all using similar computer software, if a criminal can find a vulnerability, then this can be exploited by several potential victims.
Accounting Today said in 2020 that with the increase in the remote workforce and the ongoing COVID pandemic, there was a 300% increase in cyberattacks.
Many accountancy firms are making life easier for hackers by underestimating the threat they face. Whilst often sophisticated, attacks are often phishing emails (or text messages) sent at the year-end or when tax return deadlines are due.
Accountancy firms are also viewed as a “gateway” to sensitive information and seen as a soft target with fewer security barriers. If your firm has little or no in-house IT/Security expertise to stop a hacker, your staff must be trained as the first line of defence.
The Register reported in January that Parasol group had disclosed a "cyber security incident" to customers by email, having previously made vague references to a "system outage”. The company is part of three firms owned by Options Group, a "family" of "award-winning tax, umbrella and accountancy solutions" aimed at contractors.
This recent cyber security incident knocked out key systems, also causing significant disruption to the services of SJD Accountancy and Nixon Williams. Whilst details of the incident are scarce, both firms were forced to draft in external specialists to tackle the ongoing situation. The attack on Parasol affected the firm's ability to run payroll systems and caused a flurry of negative PR, with customers reporting a lack of payment to Twitter.
If your firm is unsure how to respond to a cyber incident, our Cyber Incident Response pack will show you how to prepare for, respond and recover from cyber incidents.
How can training help accountants protect themselves?
As mentioned, 67% of cyber breaches and attacks are successful due to human error or a password being weak or repeated and then compromised. Giving your team regular training on the evolving world of cybersecurity and the latest tactics criminals are using is critical.
Cyber security is not just a responsibility of your IT department; everyone within an accountancy firm must have a general level of knowledge about the topic. With the scams in cyber and technology evolving daily, training staff regularly is one way to mitigate the risk of cyber-attacks.
For small to medium-sized accountants, we recommend you sign up for our Business Enhanced Membership. This includes; Security Awareness Training, a Simulated Phishing Exercise, Cyber Security Policy Templates and 12 months of support from our team.
Jade Hutchinson FCCA, Forensic Accountant, GMP, said:
“It is important to ensure that your employees receive ongoing training in identifying scams, particularly those working in accounts payable, as the consequences of falling for attacks like Invoicing fraud can inevitably result in redundancies and the closure of businesses."
Here at the North West Cyber Resilience Centre, we offer Security Awareness Training that introduces cyber security, why it’s difficult, the latest threats and who it can affect. Our security experts can deliver the training virtually or at your offices. Each module is delivered to suit the knowledge levels of those attending the training, with the content broken down for all knowledge levels.
Our training has been designed so you can transfer the behaviours to both your personal and business activities. Suppose a cyber-attack has happened to your business previously. In that case, we can help further educate your team to understand better how to protect your organisation and minimise the risk of this happening again.
Security Awareness Training features prevention techniques and includes managing the situation if you do suffer an attack. If you feel our Security Awareness Training could benefit your business, alongside our Simulated Phishing Exercise, you can contact us to discuss how we can support your business today.
Further support for Accountants
For further information regarding the help and support we can offer your accountancy firm (including fully-funded support), you can view our dedicated support page for accountants.
