The accountancy industry has reported a surge in cyberattacks in recent years. Moreover, a “significant blind spot” is leaving UK businesses exposed to cyber security threats, with just one in five businesses reporting having suffered a cyber security incident in the past 12 months, according to new research by UK accountancy and advisory firm Azets.
Paul Kelly, UK head of cyber services at Azets says that based on the number of cyber attacks in total last year, it’s estimated that there are more than four cyber attacks against UK businesses every minute. This doesn’t reconcile with 74% of businesses claiming not to have suffered a single incident at all in the past 12 months.
He says: “Even those reporting a single incident are likely to have been targeted more frequently than they realise. It only takes one successful attack to create serious problems. A lack of education or technical expertise around cyber security risk are often contributing factors to blind spots that leave businesses exposed to potentially catastrophic financial and reputational damage. This could impact not only their business but their customers, and their customer’s customers.”
To combat these threats it is essential for financial institutions to take robust cybersecurity measures that safeguard their data and infrastructure.
Listed below are few steps for implementing the right cybersecurity strategy:
Identify and understand your data
In order to protect data, accountancy firms need to know and understand what they have. All data must be thoroughly audited and categorised based on sensitivity and regulatory requirements to determine the level of protection needed. This includes client information, financial records, employee details, and any other sensitive data.
Moreover, to guarantee that only authorised workers can access sensitive information and that there are defined procedures for managing a firm’s data, businesses must find out each category of data’s storage location, intended usage, and authorised users. This will assist accountancy firms in mapping out their data flows and identifying any possible weak points.
Curate a written information security policy (WISP)
A written information security policy (WISP) is a formal document which outlines the company’s procedures and protocols for protecting the firm’s and its client’s sensitive information. This formal document can significantly mitigate the risk of cyberattacks and data breaches.
The WISP should include guidelines for password management, data encryption, secure file storage, and secure data transmission. This document should also be updated regularly to reflect the latest industry standards and security measures. This review should assess the effectiveness of your current security measures and identify areas for improvement. It should also consider any new threats or regulatory changes that could impact your data security.
Implement two-factor authentication and establish strong password policy
For an additional layer of security when gaining access to sensitive information and systems, enable two-factor authentication. In order to minimise illegal access, this authentication mechanism requires users to supply two kinds of identification: a password and a one-time code.
It is far more difficult for attackers to access accounts, even if they have stolen the password, because users must submit two pieces of evidence when signing in, such as a password and a code delivered to their phone.
Additionally, accountancy firms should also ask their employees to create complex, unique passwords and change them regularly.
Choose the right cybersecurity software
It is necessary for accountancy firms to choose the right cybersecurity software and firewall solutions based on their firm’s needs. Every security solution is unique and can offer features like advanced threat detection, encryption, and intrusion prevention, safeguarding sensitive financial data from breaches. When choosing a security solution, accountancy firms should assess providers, compare options, and take scalability and long-term support into account.
Additionally, antivirus software helps shield staff members from falling for phishing scams that could jeopardise important data, since accountancy businesses might receive emails requesting financial information.
Regular training and awareness programme
Human error is often the weakest link in data security. Security Magazine found that human error accounts for 95% of all cyber breaches. Companies with flexible working policies have to also be more careful as a compromised home network can pose several cybersecurity risks such as phishing emails and calls. As a result, regular training and awareness programs are essential to keep staff updated on the latest security threats and best practices.
Firms can create a training programme that includes the importance of data security, how to recognise phishing attacks, the proper use of security software, and the steps to take in case of a suspected breach. Accountancy firms must also ensure that this training becomes a regular part of the firm’s routine, and ensure new employees receive this training as part of their onboarding process.
