This is the question we've been trying to answer! How would we find out more? A survey of course. And the survey is actually still live, so if you're running an accountancy based business, please take a moment to visit the form here and update us on your views!
So yes, we've been running a survey to learn more about what cybersecurity measures accountancy firms have in place and learning more about how they feel about the security of their businesses.
The results were interesting to say the least. The answers were not whollely unsurprising, but some answers made me look twice!
For example, half of the accountants who responded said they were extremely confident in the security measures provided by their current IT support firm. The other half were "somewhat confident" and yet the results to the other survey questions told a more worrying story.
The responses gained so-far show that only a fifth of small accountancy firms have any sort of budget allocated for Cybersecurity measures.
Given the sensitivity of data that accountants are storing on their clients, this figure should really be higher.
Whilst all respondents said they have antivirus installed, some claimed they didn't even have a firewall! None used Phishing Simulations to test their teams ability to spot suspcious emails, none had device management tools to protect their devices and apply security policies.
Only a fifth carried out any form of User Awareness Training whilst none monitored internet traffic in any way and none carried out regular security testing of their businesses.
This is the process of scanning your systems on a regular basis to look for weakspots that could be exploited by an attacker, either targetted or via an automated script.
The responses that were provided were surprising with over half saying they did carry out regular scanning. But is this a misleading answer, is there confusion between regular virus scanning and regular vulnerability scanning?
Half of those responding to the survey never change their Wi-Fi passwords, with only a handful changing their passwords on a monthly basis.
Changing passwords is important when you have staff turnover or if you have disclosed your Wi-Fi password to visitors.
Over half would allow their staff to connect personal devices to the office Wi-Fi system, this is dangerous as allowing devices which might be infected or otherwise compromised onto the office network could present real dangers to the business.
Good news on the data front, 80% of those responding were confident that customer / business data only existed on company systems.
A large majority of accountants have no plans in place to deal with security related incidents, this means that on discovery of a breach, there would be a chaotic response whilst the business figures out how to deal with the situation.
It's strongly recommended that businesses have a plan in place with contact details and steps in place to help react in an orderly way.
Just under half did not know how they should respond to a lost or stolen computer.
80% did not have a business continuity plan either, another valuable exercise to carry out so that everyone in the business knows how they would continue working in the event that an office building was unavailable for use due to incidents such as fire, flooding or of course, a cyber-related issue.
As more responses come in, we will be posting updates or modifying this article. As with all things in computing, cybersecurity is an evolving process.