Skip links

Exploring The Growing Need for Cyber Security in the Accounting Industry

3D rendering of a cyber hack

“There are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it.” -Ted Schlei

Accountants are known to collect an abundance of privileged information from clients that is considered valuable to hackers, making finance and accounting industries prone to cyber-attacks. Tax season is an exceptionally busy time for hackers giving them ample opportunity to access profitable information including:

  • Account Numbers
  • Transaction Details
  • Social Security Numbers
  • Credit Card Numbers
  • Bank Credentials
  • Usernames/Passwords
  • A Variety of Other Personal/Private Information

Taking steps to help prevent or solve internal and external threats are crucial in helping to protect your client’s data, safeguard your firm’s data, protect all assets, and protect the firm’s reputation and bottom line. There are a variety of cyber-attacks to be aware of but there are three common ones that the accounting and finance industry usually faces:

Ransomware – a type of malware that is designed to take computers, networks, files, and sensitive data hostage by encrypting files and blocking the owner’s access in demand for a payment to restore access.

Phishing Schemes – one of the most lucrative forms of cyber-attacks and a delivery system of ransomware, phishing schemes are one of the most frequent and popular cyber-attacks. These online scams are typically disguised as an innocent email or text from a known source but can have an attachment that is a trojan horse for malware or ask the user to provide identifying personal information.

Data-Theft – data theft can happen from the inside, it could be someone currently working under you, an ex-employee, someone who knows your passwords, or business structure, or anyone with access to your firewall and endpoint protection. This theft can lead to the leak of business bank credentials or sensitive reports.

Building A Better Strategy

Once a firm knows what to look out for, it can focus on how to detect, approach, and solve cyber-attacks. Everyone has a role in cyber security, especially if you do not have the resources to have an IT team strictly focused on it. When introducing a cyber security plan, leadership should include a number of different factors. The following six are great bases for any cyber security strategy and any sized business.

Better Password Protection

Seems easy enough but password hacking is incredibly common and when individuals use frequently used passwords or passwords with personal information in them, they are even more likely to be hacked. Ensure that employees are using strong, complex passwords that are changed often. Strong passwords include traits such as:

  1. 8-10 characters
  2. Numbers
  3. Symbols
  4. Upper and lower case
  5. No personal information

In addition, organizations can implement multi-factor authentication which adds an additional layer of protection by requiring an extra step before logging in. MFAs can be:

  • Knowledge-Based: Answers to personal security questions
  • Possession-Based:  One-time passwords generated by smartphone apps, One-time passwords sent via text or email, Access badges/Smart Cards
  • Inherence-Based: Fingerprints, Facial or voice recognition, Retina or iris scanning

Enforce Cyber Security Training

Training and educating staff on the basics of cyber security is a simple but effective way to help avoid and prevent attacks, especially phishing. Often the target of phishing schemes is the employees themselves, and organizations need to be making sure they are teaching their employees to spot phishing emails and suspicious downloads to avoid having hackers steal credentials or deploy malware inside the organization’s network.

Beyond that, this is a time to teach staff how to avoid the human error role in cyber-attacks. Human error can look like this:

  • Poor password practices resulting in password hacking
  • Email misdelivery /communication misdelivery
  • Misconfiguration
  • Mishandling data
  • Low-security awareness
  • Ineffective data access management

Stay Up To Date

Users should always remember to update software as it is available to get the latest security features. This is not limited to antivirus software and should include computer operating systems, programs, and applications. It can be easy to put off or decide to update later, but cybercriminals prey on devices without the latest software updates and outdated operating systems. Be sure all staff members’ individual hard drives have the latest systems and applications to ensure equal protection organization-wide.

Do Not Forget The Back Ups

Whether you store documents as physical files or utilize the cloud, all your data and sensitive information should always have a backup. While some organizations still use physical files, they can take up a lot of space and are easy to steal and damage, so when considering backups, using the cloud tends to be a safer, more secure choice.

Illustration of a cloud with a lock inside of it

Another advantage of the cloud also has its own protection that can identify threats and close security gaps allowing for better protection against data breaches. Taking the time to create these backups also protects important data from human error, hardware failure, virus attacks, power failure, and natural disasters – saving time and money when any of these unfortunate situations occur.

Consider VPNs

VPN or Virtual Private Network is a service that creates a secure connection between a computing device and a computing network allowing you to safely connect to another network via the internet. VPNs have the ability to:

  • Hide your location
  • Encrypt data
  • Mask your IP address
  • Connect to servers in different locations using the server’s internet connection
  • Increase security due to its secure tunnel
  • Enhance network management

Introduce Antivirus & Firewalls

Antivirus is software that runs automatically, that is used to prevent, scan, detect, and delete viruses from a computer. Its real-time protection can protect from attacks such as worms, trojan horses, and malware.

Antivirus is not enough though and multi-layer protection always wins when it comes to security, especially for industries that hold such critical data as the finance and accounting industry. Firms should also consider firewalls, which are security devices that take it a step further and protect your network from unauthorized access and begin by creating a barrier between secured internal networks and any untrusted, outside networks. This stops hackers from even getting into your network in the first place, while an antivirus can protect files and data after the fact. Together, these two make a powerful deterrent to cybercrime.

The Reality of Cybercrime

The reality of the situation is that it is almost impossible to completely prevent cyber-attacks and hackers because as our technology and security grow, so do their skills. As it stands, according to a report from the PwC, the finance and accounting industry already is at a 30% higher risk of cyber-attacks due to the nature of their work. Here are a few key takeaways to remember when addressing cyber security:

  • The accounting and finance industry is targeted due to information such as bank credentials, account information, social security numbers, and credit card details
  • Training employees to detect and handle cyber-attacks is a critical part of a strong cyber security strategy – include training on how to spot phishing schemes (a common attack on employees)
  • Better password management is a great first step to the prevention – include MFA if you can
  • Multi-layer protection prevails – use antivirus and firewall to protect your important data