Accountants deal with thousands of pieces of data every day which makes them a high target industry for cyber crimes. The ever-changing landscape of cybersecurity means you must keep a regular check on your defences. Some sectors are higher targets than others and they may need extra measures in place. Here we list the biggest security threats an accountancy firm faces today.
Phishing is a type of cyber-attack that will try to trick people into disclosing confidential information or transferring money to an unknown source. On a base level, there are two different types of phishing attacks:
1. Untargeted 2. Targeted
An untargeted phishing attack will cast out some ‘bait’ to a large number of people trying to get anybody to click a malicious link that has usually been delivered by email. As the title suggests, the attackers will not go after a particular person or businesses. As the attack targets anybody it makes the attacks quick to create and execute. The contents of phishing attacks change on a regular basis due to them having a short life before they get compromised and blocked. The majority of the time they’re easy to spot, and have a low success rate but can catch out people who aren’t clued up on cyber security.
Targeted (Spear) Phishing
‘Targeted (spear) phishing’ is an attack that will target a particular user or businesses. These attacks can take months to plan and execute as they require extensive research. The carefully thought out attacks will be personalised looking to strike a chord with the recipient. Imagine two people are fishing at a pool. A fisherman (untargeted phishing) will be trying to catch a fish in the pool. Meanwhile, a spear-fisher (targeted phishing) will be trying to catch a specific fish.
Why cybercriminals try phishing on accountants
Accountants are a goldmine of information. Due to a plethora of 1financial data stored on their systems, it is a high target for cybercriminals. Despite this, employees quite often don’t have the correct cybersecurity training and can accidentally fall victim to an attack. Which brings us on to our next point.
The most significant threat to your data can be the people you employ. Without the correct cyber security training your business is at considerable risk. The majority of cyber security attacks happen due to human error. You should have a security protocol in place that all your employees have sufficient training in.
This protocol could include things such as secure passwords and keeping records of wi-fi usage. You could use a team training day to make sure everybody is aware of what is expected of them from a cybersecurity standpoint. Your business should also be wary of malicious insiders.
Not only are accountants a target of identity theft themselves but the records of people that they store are too. All data must be protected and now compliant with the new General Data Protection Regulation (GDPR). For any applications used, two-factor authentication should be in place as an extra level of security. If somebody was able to steal your identity how many things would they have access to at your place of work?
The Risk of Fines
If you don’t follow the guidelines of the previously mentioned GDPR, you could face fines depending on the severity of the of the infringement or lack of defences shown. These fines can be up to £20 million or 4% of your annual global turnover. What would that cost your business? While the penalties are a last resort, being proactive is the best approach to IT and security.
Working in accountancy is a high-risk business and you have to have the correct protections in place. Implementing these can be a daunting task but that’s where we can help.