All industries have cybersecurity risks that are common between them like patching issues, keeping customer data private and keeping the external-facing parts of their systems hardened and secure. At the very least, every industry needs to uphold these basic standards, otherwise they are letting their customers and themselves down.
There are specific risks within accountancy that need to be considered and the right policies, procedures and protections need to be in place. Let’s outline a few of these risks:
Data Privacy and the Risk of a Breach
Extremely valuable data is held in accountancy firms systems, making them a high-level target for a malicious actor looking for a big payday.
Accounting Firms Deal with a Large Number of Accounts and Funds Transfers
This is a massive risk. Companies dealing in a high volume of transactions across a number of clients are prime targets for malicious actors. Their access to highly sensitive information means having the correct precautionary procedures in place is essential. As a malicious actor, something as simple as getting them to change account details for my payment would be disastrous. It is simply done and in many cases it would not be picked up for weeks. The money would be long gone. Account or financial changes need to be validated and rechecked to reduce the likely hood of an attack.
Delivering Files via USB Drives
The main concern here is, do you know where that USB drive has come from? The drive could have been given to the client with malicious code or programs on it, completely unbeknownst to them.
Importing Files from many External Sources
In our experience, many accountancy clients bring in copies of their data files that have been exported from accountancy packages like Reckon, MYOB etc. Any of these files could be infected with malicious code and most organisations don’t ensure these files are clean.