Making your accountancy practice safer
What would you do if your client data was lost or stolen?
Your reputation is everything. As an accountant your clients are trusting you with some of the most important data about their business. Not only do you have access to very sensitive information about your clients, but you’ve also spent years working hard to become known as a reliable, honest and professional business.
What would you do if you suddenly found that your accountancy business had been compromised?
You’ve been locked out of your own systems, unable to access company or client data as a result of a ransomware attack.
Have you got regular backups in place? Many businesses don’t test whether or not they can restore from backups, meaning that when the worst happens, they still can’t get their data back.
Even if you do have reliable backups of your most critical data, cybercriminals are evolving their tactics, having learnt that many companies would rather wipe their systems clean and restore from backups than pay a ransom; they are now using their tools to extract the data from businesses and threaten to release it publicly unless a fee is paid.
How would your clients react if they found their data was suddenly available to all?
What can we do to help accountants to be more secure?
We started off thinking about how we’d like our own accountants to be secure. Not just a little bit secure, but really secure. They have access to all kinds of data belonging to us. Which means they will have access to vast amounts of data belonging to other clients too.
What would the impact be, if accountants found their systems compromised? Data leaked? Credentials exposed? The information which could be made public may well be very damaging for the businesses involved.
Then we began to ask accountants about their views on security, what measures they had in place. The results were interesting to say the least.
Here are some statistics from our own survey of accountants:
- 80% of Accountants don’t have a budget set aside for Cyber security
- None of the accountants we asked carried out any form of regular security testing within their businesses
- None carried out regular phishing simulations
- None carried out regular cyber awareness training of their employees
- 60% have never changed their office WiFi passwords
- 60% allowed staff to connect personal devices to the office WiFi network
- 80% did not have a defined cyber security incident plan
- 80% did not have a business continuity plan
Some of the other answers to our questions contradicted one another, meaning that it was possible that there was a general lack of understanding about cyber security measures and issues.
To keep accountancy businesses like yours safe, it’s our mission to work with accountants to change the level of knowledge and awareness within the industry.
We will work with existing IT providers to help implement any technical measures needed.
It is vital that non-technical steps are also understood and implemented within the businesses to reduce the impact of any cyber incidents and, ideally, to prevent them occurring in the first place.