Protecting Accounting Firms from Cyberattacks
Cybersecurity Practices Must Be A Top Priority For Firms This Busy Season
By Alan Hartwell, Chief Technology Officer at IRIS Software Group
Financial service firms are a top target for cybercriminals given the highly sensitive client data they house, as demonstrated by the 268 financial services data breaches in 2022 alone. The latest was revealed by Brian Tankersley, former CPA Practice Advisor tech editor, on LinkedIn when hackers tried to request Electronic Filing Identification Numbers (EFIN) from unsuspecting users.
Cybercriminals are in no way slowing down, and we can expect attacks to continue increasing in frequency and sophistication. Cybersecurity Ventures predicts a ransomware attack will occur every 2 seconds by 2031 and cost victims $265 billion annually.
For firms looking to prevent breaches and safeguard valuable client data, cybersecurity practices must be a top priority.
Significant company impact
The latest cyberattacks targeted CPAs and tax preparers during a busy tax season, potentially allowing hackers to acquire sensitive financial data. A security breach can be extremely detrimental to firms, causing irrevocable damage to client trust and a firm’s reputation – not to mention monetary loss.
Once cybercriminals steal data from a company, reputational and monetary damage could be long-lasting. One popular technique for cybercriminals to utilize sensitive data is requesting a high ransom payment from the firm and threatening to leak the data if the ransom is not paid. Theft can also lead to a loss of intellectual property, impacting a company’s growth, and the loss of current and prospective clients.
As the cybersecurity landscape swiftly changes, cyber criminals are exploiting any weakness they can find, meaning taking the path of least resistance and keeping out-of-date security systems puts firms at high risk. On-premise systems are inherently easier to exploit than cloud-based systems, especially when firms do not have dedicated time each day to update security patches and ensure all programs are running as they should.
Protecting your organization
With trust being a vital component to a CPA-client relationship, cybersecurity must be a critical safeguard to protect your client’s data. Every cyberattack is going to be different and there is no way to know how your client’s data could be mishandled.
Less robust cybersecurity systems can be a target for cyberattacks, so it’s important to have an appointed Chief Data Protection Officer or third-party dedicated to your cybersecurity. Ensuring that your anti-virus software is consistently updated, and multi-factor authentication implemented to prevent fraudulent access is a priority. Another top concern should be digital document storage and how your firm will protect data from breaches. This is especially true if you have acquired companies, as extending all cybersecurity systems across acquisitions will minimize risk.
Educating staff about cyber risks on a regular basis is also a key way to keep your organization secure. This training should include phishing, personal data protection and cybersecurity best practices. Fostering a culture of safe cyber practices will keep employees conscious of cybersecurity best practices.
Extending this expectation to third party vendors can be the best opportunity to protect your firm from a future breach. Be sure to ask about cybersecurity protocols, data protection measures, functionality, integrations and capabilities. A cloud-based SaaS is going to be the best way to ensure the security of your data. SaaS providers often have the resources to dedicate time and personnel to ensure system security for their clients. It is often hard for firms to exert the same level of security diligence on on-premises systems due to resource constraints that inhibit hiring dedicated cybersecurity staff. Turning to cloud-based systems offers a cost-effective solution and allows you to focus on what’s most important – your clients.
While integration of cloud-based technology has been slow to adopt within the accounting industry, it is essential for safeguarding the future of a firm. With proactive protections in place, your firm can focus on safeguarding your vital corporate and customer data and focus on delivering value to your clients.
About the Author
Alan Hartwell is the group chief technology officer at IRIS Software Group. He is responsible for evolving IRIS’ cloud software offering and further developing its product engineering capabilities to support its increasingly international expansion. Hartwell brings over 25 years’ senior level experience supporting and leading the acquisition, consolidation and integration of products and technologies.
Alan can be found on LinkedIn and at our company website https://www.irisglobal.com/.