Blog Security, Business
View All

20/10/2020

read

Accounting Businesses & Cyber Security: What to Do

Accountancy is a high-risk industry for cyber crime, due to daily processing of a lot of sensitive and potentially valuable data which proves to be very attractive for cyber criminals. According to UK cyber company Bromium, there are breaches in cyber security accounting for more than $1.5 trillion in lost revenue every year and everyone is at risk.

With more accountancy businesses having to work remotely due to the ongoing pandemic restrictions, cyber security and system security should really be at the top of every accountancy firm’s agenda. It is not just large firms which are targeted by the cyber criminals, but rather smaller firms with larger gaps and more weaknesses in their cyber security systems.

However, through careful planning, and by putting robust measures in place, you are able to protect your clients’ data, your company’s reputation and remain legally compliant.

Strategise a Response Plan

However, even with the most rigorous cyber security measures in place, there is still a possibility that your company could fall foul of a cybercriminal. But it doesn’t have to be a disaster.

By ensuring you have an IT response plan in place you can minimalize the damage caused. An IT response plan is an important weapon in the fight against cyber crime as it is a dedicated set of instructions which will help the IT team within your organisation respond quickly and effectively to an IT incident. Such incidents can include:

  • Cyber attacks
  • System outage
  • Data loss

An IT response plan will not only ensure you are prepared should the worst happen but will also highlight any weaknesses in your processes or systems which can then be dealt with. A response plan should outline:

  • Key contacts
  • Escalation policy
  • Processes for tracking and managing the incident
  • Guidance on regulatory requirements

If you would like some guidance on putting a response plan in place the team at CIS can help you – simply contact us here

Hire a Security Architect

If your organisation does not have the capability in-house it is a good idea to hire a security architect, who can offer business IT support whilst assessing all your IT systems identifying the strengths and weaknesses.

Their assessment will include penetration testing, risk analysis and ethical hacking in order to identify the best way of enhancing your IT system security.

Utilise Cloud Security

With the majority of remote work being carried out via cloud services, it is important to ensure that cloud security is utilised.

The most basic form of cloud security is ensuring there are robust passwords and multi-factor authentication as well as ensuring all anti-virus, anti-ransomware and anti-malware software is up to date.

Additional security measures can include ensuring:

  • All staff use VPNs rather than home or public WIFI networks.
  • End to End Encryption (E2EE) is used which encrypts all data sent meaning it cannot be infiltrated by third parties.
  • A private rather than public cloud is used 

If you are uncertain about the best way of keeping your cloud data secure speak to the team here at CIS.

Train employees with security principles

The weakest link when it comes to security is often the staff – the human element. That is why staff training and rigorous security policies are a key factor in keeping your data safe.

Staff should be trained on:

  • Spotting and avoiding Phishing attempts – knowing the dangers of clicking on links or sharing personal details with unknown senders is essential as well as how to identify suspicious emails which appear legitimate (eg.an email from Paypa1@btconnect.com).
  • Protecting accounts – Simple behaviour changes like not leaving sensitive data applications logged in on shared computers, not writing passwords down, and not leaving a PC unlocked when away from the desk.
  • Protecting sensitive data – When sending sensitive data via email staff should be trained to password protect it and then to send the password to the recipient via another communication method.

By having clear policies in place, which staff are regularly trained on, and a clear process to follow can help ensure that there is another layer of protection against being hacked.

Backup data

Accountancy firms hold a lot of sensitive data, which if lost or infiltrated by ransomware for example can cost you and your clients a lot of money, not to mention reputation loss and compliance implications. Data stored by an accountancy firm can also lead to identity theft, fraud, and property theft. According to an IBM and Ponemon report (2019) each file lost can cost a company $150 which can add up if thousands of records are breached.

As a matter of routine, you should be backing up your data on a regular basis – or at the least the data you can’t afford to lose.

Data back-ups, however, don’t just protect your systems from ransomware or other cybercrime but can also protect your data from a network or server malfunction. But only if the backups are stored off-site and not on company servers.

Without backed-up data and a disaster recovery plan, accountancy firms can fall victim to ransomware or data loss and may therefore have to start again from scratch – which could threaten the viability of their business.

For more information on disaster recovery solutions click here.

Use robust passwords

The first line in online security for accountancy organisations is having a robust password policy. The days of having your pet’s name or your favourite TV show as a password are far behind us as they are too easy for the cybercriminals to crack.

Every organisation has its own policy on passwords but as a general rule they should be:

  • More than eight characters long.
  • A combination of upper and lower case, numbers and special characters.

The more random a password the better, so replacing a letter with a number in a TV show is still too easy to crack.

Strong passwords could look something like:

  • yacht_cat_276_milkshake_slice*%$
  • AkjhlKShg#sh(kjk)onmgk*79&

It goes without saying that passwords shouldn’t be written down unless they are kept in a very secure place.

What next?

If you would like information on our cyber security services or advice on keeping your data and your IT networks safe from cyber criminals speak to the team at CIS today https://www.cisltd.com/contact-us/  or go here for further cyber security information https://www.cisltd.com/services/cyber-security/.

Share

How can we help?

Whether you have a project to discuss or just need some friendly advice, we'd be happy to help.

Get in touch

Keep up to date

Join our mailing list and stay up to date with all the latest in the IT world

Cookies

Cookies

This site uses cookies to help improve user experience. For these reasons, we may share data with our analytics partners. By using CIS, you accept our use of cookies. Find out more