Accounting Firms at Risk for Cyber Attacks

As cyber attacks on businesses intensify in regularity and scope, accounting firms become increasingly likely targets for online security breaches. Learn why accounting firms of all sizes are at high risk for cyber attacks and discover how companies can best prepare for and guard against these breaches.

Why Accounting Firms Are at High Risk for Cyber Attacks

An accountant learns about cybersecurity vulnerabilities.

Online security breaches frequently appear in the headlines, but the most commonly-cited victims tend to be major retailers and financial institutions. Cyber attacks directed toward accounting firms may not grab headlines regularly, but businesses in this industry are at risk due to the type of work they do and the level of protection they have.

They Hold Immense Amounts of Private Data

Cyber attackers understand that accounting firms hold much of the same private data that banks do. In many cases, accounting practices have even more in-depth information. In addition to tax documents, Social Security numbers, and direct-deposit information, accountants may serve as repositories for years of private data. In fact, some accounting firms hold virtually complete personal histories of their clients, turning these practices into invaluable targets.

Recent increases in fraudulent tax returns suggest that this type of theft may become more common. Since many accounting firms have legal duties to inform clients of breaches that affect their personal data, accountants must make every attempt to remain aware of the state of their firm’s security.

They Have Lucrative Corporate Information

While many public accounting firms deal exclusively with tax documents and related personal and business paperwork, other practices handle high-stakes corporate matters. Accounting firms that deal with mergers, acquisitions, and corporate restructuring often hold data that may be of even greater interest to cybercriminals.

As the Financial Times reports, in late 2016, three traders were charged with using hacked data to commit securities fraud. Though in this case, the hackers took information from major American law firms, an identical security breach within an accounting firm could produce similar results.

Small Firms Tend to Have Inadequate Protection

While you may assume that major international accounting firms have the most high-profile assets and therefore experience the highest risk of cyber attacks, small and midsize firms are not immune from these threats. In fact, some criminals specifically target small accounting firms because they often have fewer security procedures in place.

Some hackers use forceful, sustained attacks on small, poorly protected firms until they breach the company’s limited defenses. Once they obtain access to a company’s network, cybercriminals can often steal virtually any type of file, from financial records to emails.

Small Accounting Practices May Not Recover From Hacks

Recovering from a corporate crisis is rarely easy, no matter the size of the company. For small accounting practices, however, recovery may prove impossible. Clients pay accountants for their expertise, but they also expect trust and discretion. Once a firm has proven that it can’t provide adequate data security or ensure clients’ privacy, the company may never be able to return to its prior level of business.

Some data breaches are severe enough to warrant legal action against the accounting firm. Small practices may not have the financial or legal resources to respond, however, and they may be forced to declare bankruptcy. As Accountancy Age explains, security breaches cost small businesses an average of $40,000 per incident, and nearly 60 percent have no contingency plan.

How Accounting Firms Can Implement Security Measures

No matter how large an accounting firm is, it must assess risks and take appropriate precautions. Firms of all sizes can implement the following security measures to protect the business, its data, and its clients from cyber attacks.

Firm-Wide Education

Since many accounting practices believe that only major firms are at risk, a firm-wide educational initiative is often the first step. As the Journal of Accountancy suggests, firms of all sizes should accept that they are likely targets of online attackers and should take measures accordingly.

Next, firms should educate all staff members about potential online risks. Staffers should be taught the basics of malware, and how to subvert attacks with such tactics as using strong, unique passwords, and learning to identify and avoid phishing emails.

Risk Assessment

For most accounting firms, a thorough assessment of the risk at hand is essential. Whether a company functions as a sole proprietorship or it employs dozens or hundreds of professionals, it must assess the types of information that each employee handles and how exposed each computer is. While it may be necessary to hire a security expert to take this step, professionals who have both an online master’s degree in accounting and technical experience may be equipped to manage risk assessment.

Technology Updates

Small accounting firms with modest budgets may opt to use computer equipment for longer periods of time or rely on free or consumer-grade products to save money where possible. However, they must understand the risks that they could encounter by failing to update software or by using applications that are inadequate for corporate security.

Purchasing the latest computers may not be necessary, but firms should make every attempt to upgrade security measures, given their available budgets. As Entrepreneur explains, simply updating operating systems and antivirus software can significantly improve a firm’s protection from cyber attacks.

Email Encryption

Many accounting firms rely on email to communicate with clients, even to send tax documents or personal data. As email hacks have become increasingly common, it is more necessary than ever for businesses to secure professional email accounts, especially when transmitting such important documents.

Email encryption may offer a reliable and affordable solution, even for small accounting firms. Once configured, employees can automatically encrypt all of their electronic communication, which can add substantial online protection.

As you work toward your online master’s degree in accounting and expand your technical knowledge, cyber security will become important.  Especially if you are interested in an accounting leadership position, cyber attacks will likely be high on your list of concerns. To learn more about advancing your leadership potential, visit New England College’s Master of Science in Accounting Online program. Once you are a leader in the industry, consider implementing some of the recommended security measures and strive to follow industry best practices to protect your firm, your clients, and your career.

Sources:

https://www.accountancyage.com/2017/04/07/why-an-accountant-is-a-cybercriminals-favourite-target/

https://www.entrepreneur.com/article/206656

http://blog.aicpa.org/2016/03/5-cybersecurity-precautions-for-small-cpa-firms.html

https://www.aicpa.org/InterestAreas/ForensicAndValuation/Resources/ElectronicDataAnalysis/DownloadableDocuments/Top-5-CyberCrimes.pdf

http://www.cgma.org/magazine/2016/feb/weak-passwords-top-cyber-security-problems-201613887.html

http://www.journalofaccountancy.com/issues/2016/apr/how-to-fight-computer-hackers.html

https://www.ft.com/content/f52f6fee-ccf4-11e6-864f-20dcb35cede2