Defending your practice from cybercriminals is a 24/7 job that requires stringent security measures and ongoing maintenance. It also happens to be a job which is especially relevant to accountants.
As the custodians of sensitive financial information, accountants have the responsibility of protecting what cybercriminals covet most. This means handling every threat – including schemes such as cybercriminals disguising themselves as potential new tax clients and sending infected documents which grant access to a practice’s entire network. There are also plenty of less sophisticated hacks which are just as effective and just as damaging.
Unfortunately, it only takes one slip up to be dealt a critical blow. In a survey of 500 cyber security leaders it was found that of those who’d experienced phishing attacks, 47% suffered reputational damage and 54% had lost customers and revenue as a result. The loss of reputation and customers following a breach is a lot for practices to bear and the reality is that many can’t. Forbes has reported that 60% of small businesses are forced to file for bankruptcy within six months of a data breach.
So, how can accounting practices prevent data breaches (and all the nasty consequences) even as a highly desirable target?
Document security measures
The first thing to consider is where your documents are stored and the features you have in place to keep them safe.
The solution is a secure document management system (DMS) which can do the heavy lifting on your document security needs. Prioritize features like:
Encrypted documents can’t be accessed until the appropriate credentials are given. This adds another layer of defense preventing confidential information like a client’s tax returns or financial statements getting into the wrong hands.
In 2022, compromised staff credentials made up for 19% of data breaches. The best way to address this threat is by creating a hierarchy of access levels for staff. Doing so will limit which documents can be viewed in the event a staff member’s account is hacked. For example, if you have folders which should only be viewed by an audit team, apply permissions so that only those team members are able to view and access those folders.
Having multiple versions of the same document saved to different locations increases your exposure. If your documents are kept in inboxes, on desktops and on another file sharing platform, that’s three entry points to seal off. A simpler alternative is to use a DMS with version control capabilities so you’re only editing one document — you can still restore previous copies as necessary.
Portals are a great way to instill trust with clients and prevent a hit to your practice’s reputation. In comparison to less secure sharing options like email, or complex methods like secure links, client portals offer a secure and straightforward way of gathering client information. They can often be locked down further with 2 factor authentication to verify users and session tokens to sign them out after a period of inactivity.
Educating staff on security
Remember, your documents are only as secure as the people accessing them. Support your staff by promoting awareness of cyber security — a good place to start is Google’s phishing quiz. You may also want to cover some topics like social engineering, data protection and protocols for a cyber security incident. Perhaps even writing articles to share with your team, sharing information on internal channels or running your own quizzes.
Here are some helpful cyber security resources to get you started:
Australian Cyber Security Centre – Protecting your business and employees (AUS)
National Cyber Security Centre – Small & medium sized organisations (UK)
Canadian Centre for Cyber Security – Information for small and medium businesses (CA)
Cybersecurity & Infrastructure Security Agency – Small and Medium Businesses (US)