Why are Accountancy Firms Targets for Cyber Attacks?
Accountancy firms face increased cyber risks as criminals switch their focus to ‘softer target’ smaller businesses. We review why accountancy firms are targets for cybercriminals and what steps you can take to minimize your risk.
Small accountancy practices (and small businesses) are not exempt from cyberattacks disrupting large organisations. Being a smaller firm can make them more vulnerable with more filings now taking place online; the risk has increased. So why would cybercriminals target accountants?
They want your client’s data
The information cybercriminals want – financial data, Tax IDs, bank account details, payroll data and employee details. Accounting firms all use similar computer software, so if a criminal can find a vulnerability, that can be exploited. They immediately have lots of potential victims. Typically there isn’t enough investment in online security, policies and procedures aren’t in place, and this can leave firms wide open to a cyber attack.
If your firm doesn’t have an incident response and business continuity procedure in place, that means accountants are more likely to pay cyber criminals money because they fear they may not be able to recover from an attack, either in the recovery of a firm’s reputation or through financial loss.
🚨 Remember: If you are currently subjected to a live and ongoing cyber-attack, please contact the police on 101.
⚠️ If you suspect you’ve been scammed, defrauded or experienced cybercrime, please report this to Action Fraud.
Many accountancy firms are making life easier for hackers by underestimating the threat they face. As we all adapt to being a more remote workforce, there has been a 300% increase in cyberattacks on accounting practices of all sizes. Attacks are sophisticated and often strike when accountants work at the year-end or when tax return deadlines are due.
“With the increase in the remote workforce and ongoing COVID pandemic, there has been a 300% increase in cyberattacks on accounting practices of all sizes.” - Accounting Today
Gateway to Information
With the amount of valuable data self-employed accountants and practices hold on their clients, hackers want to incept this information to enable them to pull off complex frauds. The more information they can find or trick you into giving up, the better a picture they can build of a business or individual whose bank account they intend to target.
Accountancy firms are viewed as a “gateway” to getting this sensitive information. They can be perceived as a soft target with fewer security barriers and little or no in-house expertise for a hacker to get past. Hackers are motivated to discover any vulnerabilities in accounting software, knowing there is a high reward to be had by exploiting the weakness and then attacking multiple businesses that use the same software.
Small but not safe
According to the Cyber Security Breaches Survey 2023, 32% of small businesses identified at least one breach or attack in the last 12 months. SMEs can face more disruption than larger businesses as they lack the processes and cyber expertise. The impact on small business operations and the inability of staff to carry out their work can have long-lasting consequences, not only for the practice itself but also for its clients.
As an accountancy firm, can you afford to pay out £15,300 dealing with a cyber attack? Cyber attacks cost businesses time and lost data and assets after a breach. The most common attack on businesses remains phishing, with 79% of businesses surveyed saying they had experienced it.
A simulated phishing exercise is one way to improve your business's resilience to phishing attacks (as well as training). We work with you to help raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats. Training your employees about what a phishing attack looks like makes them more likely to identify and report scams.
Minimise your risk – 5 steps to cyber resilience
Your business is never too small to be targeted. However, with the right measures in place, no business is too small to start to protect itself. Accountancy firms can set an example by following these top cyber-security tips:
Ensure they have a firewall and anti-virus/anti-malware solutions, and remember to install all updates and patches regularly. This stops criminals from exploiting faults in old systems or software.
Ensure all business-critical data (customer and financial information) on all company devices are securely backed up (either in the cloud or a remote device) and can be restored if needed.
Ensure a clear security policy is in place for staff, create a cyber-conscious culture in the workplace and ensure the policy is communicated to all personnel so they know their responsibilities.
Staff should undergo regular security awareness training to constantly update employees about the latest scams and ways to stay secure in the office and remotely.
Have an up-to-date incident response plan practised regularly so that employees know what to do if they suspect an attempted breach, a phishing email has been received, or a cyber incident occurs.
How can the Cyber Resilience Centre help my accountancy firm?
To help accountants and accountancy firms outsmart cybercriminals and toughen up their cyber security, the North West Cyber Resilience Centre can offer a 12-month Membership which helps you identify your risks and vulnerabilities—showing you the steps you can take to increase your levels of protection whilst also giving your staff security awareness training and testing their knowledge of the latest threats through a simulated phishing exercise.
For further information regarding the help and support we can offer your accountancy firm, you can view our dedicated support page for accountants.