What is the world coming to? It is bad enough to hear about governments and mega-corporations letting data get away, but a Big Four firm of accountants?
I was quite shocked to read that Deloitte has managed to fall victim to a hacker. Throughout my career, I have been aware of people in assorted firms trying to protect data but never been that concerned about serious breaches.
I may sound cynical but frankly, who would be interested enough in any of my colleagues or clients to invest the time and effort it takes to break into a well-protected computer system?
That is the first question that comes to mind in this case. Is the perpetrator a spotty teenager, the Chinese government, a rival Big Four firm, an aspiring mid-tier practice (those last two were jokes – I hope) or a criminal gang of blackmailers? I doubt we will ever find out.
From Tom Herbert’s report on AccountingWEB yesterday, it appears that the firm failed to implement industry-standard protections, which suggest that heads should roll. Ignoring the embarrassment factor, the idea that blue-chip clients should have secret information inadvertently shared with the world could quite possibly lead to loss of business.
The fact that there was then an apparent six-month cover-up begs its own questions. Possibly Deloitte was trying to ascertain exactly what had happened and discuss it with those affected before going public? In any event, this doesn’t look good.
For most of us, the idea that a large firm has egg on its face will not be that much of a concern.
The real issue here is whether our own practices are at risk from similar cyber-attacks. As I have suggested above, with all due respect to accountants, we are hardly likely to be in the front line of those targeted. However, in order to reassure clients, it may be necessary to take additional steps to ensure that we are not the victims of something similar in the future.
From my own experience, firms are very keen to tick boxes when it comes to security matters but do not necessarily take all of the practical steps that are possible to give maximum confidence that they are not likely to fall foul of this kind of scam.
My guess is that the only real way to make life difficult for potential hackers is to spend some money on some serious consultants who understand the way that these fiendish criminals’ minds work and can put in place sufficient protections. Perhaps the Institute (and equivalents) should require this and, given the pace of change, such an exercise will probably need to be repeated on an annual basis.
I realise that nobody needs extra costs but if the alternative is a wrecked reputation and the loss of major clients there may be no choice.
About The Imprudent Accountant
Someone who should know better, but can't resist the occasional rant about the more exasperating aspects of the accountancy profession.