Accountancy firms will always be a serious target for cyber criminals due to their sensitive client information and the significant funds they handle. Extensive data consumption means they need to ensure they have the right technology in place to protect client information with the increasing threat from cyber criminals.
In addition, the sudden move to flexible working has resulted in many firms rushing to implement software and services to support remote working but are yet to properly secure even them 2 years down the line. A report by PwC, found finance & accounting firms are already at a 30% higher risk of becoming victims of a cyber-attack, making the need to improve their cyber resilience all the more important.
The pandemic has also pushed firms across the globe to speed up their transition to the cloud which presents further opportunities for attackers to exploit software vulnerabilities and insecure systems.
According to Accounting Today, since the start of the pandemic, accounting firms have seen a 300% increase in cyber-attacks. Action needs to be taken for 2023 and beyond, so here is a list of 3 key threats you need to be aware of;
- People (flexi working & human error)
One of the main risks of remote working that is often glazed over is using personal devices for work purposes. It’s been found that 43% of employees use personal devices without permission from IT, and another 20% have no idea if they are allowed to. Not only can it lead to serious data loss and breaches, but it leaves room for use of unsecure apps to be used such as WhatsApp, which cannot be tracked, leaving data unaccounted for.
Another risk is employees using insecure Wi-Fi networks to connect to work systems and access sensitive data. Public Wi-Fi is notoriously insecure, meaning that data being sent or received on such networks is vulnerable to interception by cybercriminals. Encouraging or enforcing the use of tools such as VPNs can help tackle this.
Training is also highly important when it comes to human threats and is something that is again often overlooked. According to IBM, 95% of cyber security breaches are a result from Human Error. Taking the time to properly train your users can instil a positive environment around Cyber Security and using tools that regularly provide nano training can be helpful to keep staff up-to-date and hyper aware of what to look out for. With the correct training and support, employees are more likely to report incidents when they happen (it’s only a matter of when) allowing them to be dealt with promptly and efficiently.
- Ransomware attacks
Ransomware is malware that encrypts files on a user’s computer, preventing them from access until a ransom is paid. Sometimes the attacker will also threaten to publish the victim’s data online if a ransom is not paid by a specific deadline. Unfortunately, there’s no guarantee that paying the ransom will ensure the files are decrypted and often results in additional costs.
This type of attack can be incredibly damaging for firms, particularly if the attack prevents them from accessing critical data or essential systems needed to operate. In addition to downtime and reputation, firms could also face an average fine of £15,000 if the necessary measures to protect their client’s sensitive data were not taken.
By implementing tools that help prevent against ransomware, before the file is even downloaded, you can easily protect against this.
- Email Phishing
Most ransomware attacks start with the human element via email. Email is notorious for lacking security, being clunky and leaving room for human error.
Phishing is a scam where an attacker sends an email or message purporting to be from a trusted source to trick the recipient into revealing sensitive information such as passwords. Many attackers are now increasingly sophisticated and will use social engineering techniques to get recipients to open emails, by using familiar terms or mentioning colleagues’ names. Once a phishing email is clicked on, the attacker can easily install malware on their computer or gain access to sensitive data.
One of the most impactful ways to combat phishing attempts is through staff training, phishing tests and by using intelligent technology that can filter and highlight suspicious emails and activity.
Whilst these aren’t the only 3 threats, it’s a great place to start or improve your cyber defence against attackers.