Of all the things keeping accountants up at night – and yes, sadly there are many – few concerns weigh heavier than cybersecurity. A quick glance at the data surrounding this subject reveals why. According to the government’s department for Culture, Media and Sport, 39% of businesses have been affected by cyberattacks or security breaches in the last 12 months; a figure which rises to an astounding 66% for large businesses.
For the accountancy sector, this threat is particularly acute. Accountants handle extremely sensitive, valuable information; the kind of data that cybercriminals dream of. Payroll information, bank details, addresses and the like can all be wielded by criminals to devastating effect.
It’s not surprising then that research suggests accountants are 30% more likely to be hacked than the average professional.
The risks for practices can be fatal. Disruption to service, non-compliance, fines, reputational damage and ransoms truly are the stuff of nightmares.
And to make matters worse, the changing nature of the industry – specifically, the way accountants work – is increasing the risk. Remote working, digitisation and multi-device access are just some of the things providing criminals with more opportunity to carry out attacks. For instance, a 300% increase in cybercrime was reported at the outbreak of the pandemic when working habits shifted so dramatically.
If all this is giving you heart palpitations, I must apologise. To make amends, I can offer 5 pieces of simple advice that can help keep your practice on the right side of this statistical picture.
1. Train your staff: Analysis of ICO data showed that a whopping 90% of all data breaches in 2019 resulted from human error. Therefore, arming your teams with the knowledge and tools they need to keep your clients’ data safe is probably the single most impactful measure you can take. The right kind of processes, structure, habits and mentality can be fostered through an ongoing training programme, as can a security approach that evolves with the changing threat.
2. Consider outsourcing your security management: Understandably, many firms would be reluctant to outsource something as important as information security. Equally, some accountancy practices would question the affordability of procuring an external supplier. However, it’s important to remember that the expense of hiring expert support in this field can far outweigh the cost of a breach. For small businesses, the worst breaches cost somewhere between £65,000 and £115,000 on average.
Direct costs aside, you should also consider how you can best use your resources as a practice. External help on security can free up you and your teams to focus on what it is you do best: accountancy.
3. Implement a standard: Standards, which can be applied at the discretion of your business, are a great way to embed a best practice approach to data security. Created on the consensus of academics and security industry experts, a standard such as ISO 27001 can be described as a how-to-guide for developing a robust Information Security Management System (ISMS). You may also wish to gain accreditation for a standard, which is a great way to signal your commitment to cybersecurity to prospective clients.
4. Examine cyber insurance options: Even practices that take an unfailingly meticulous approach to cybersecurity cannot guarantee invulnerability. The best you can do is to stack the odds in your favour. To protect yourself from the worst-case scenario, a cost-benefit analysis may reveal that cyber liability insurance is worthwhile. However, it is important to remember that insurance does not diminish your practice’s responsibility to manage its own security.
5. Adopt cloud-native accountancy solutions. Cloud-native solutions – such as those provided by IRIS – offer the safest environment to run your mission-critical operations. Utilising industry-leading encryption and ISO-accredited best practice, there is no better way to protect your practice and your clients.
Learn more about cloud-based accountancy solutions from IRIS and discover how you can get your teams working as securely as possible whether they’re in the office, at home or out in public.
By Steve Cox – head of Market Insights, IRIS Software
Steve Cox is Head of Market Insights at IRIS Software Group. He has more than 19 years’ experience in the accounting and IT sector and is an expert on software, technology, legislative analysis and customer service within the accountancy industry.