Ian Cooper’s 5 tips to create a cyber-security conscious firm
Ian Cooper, non-tax product manager for Thomson Reuters explains why accountants are considered firmly in the target zone for cyber criminals. See his five tips to help you create a cyber-security conscious firm.
Most of us are aware of the dangers associated with a lack of awareness around cybersecurity. We’re constantly being tested by cyber criminals who use increasingly sophisticated methods to access our data. As soon as we easily recognise one malicious technique, they source new methods that test our habitual assumptions. As accountants, you hold incredibly valuable personal data in your systems.
The Cyber Security Breaches Survey 2017 (published in a joint report by the Department for Digital, Culture, Media & Sport and National Cyber Security Centre) identified companies holding Personal Data as more likely to be targeted than companies than those that do not (51 percent compared to 37 percent). This puts accountancy practices firmly in the target zone for cyber-criminals. The most common attacks took the form of fraudulent emails, followed by viruses and malware.
Here are five top tips to create a culture of cyber-security:
- Provide clear instructions
Explain the habits you’d like your team to use when thinking about cybersecurity. If you don’t give explicit instructions such as not to download a file or click on a link from an unknown sender, then you’ll have a greater chance of a breach in your firm.
Make sure your guidelines are clear and concise. Try not to use jargon, make sure your remove ambiguity wherever possible. Providing in-depth training for new staff and regular refresher training is one way of proving clear instructions.
- Discuss it regularly at team meetings and meetings with your bosses
Just because you’ve provided clear instructions on best practice, education doesn’t stop there. The more you discuss threats associated with cyber security, the greater their awareness and likelihood of recognising a potential attack.
The more stories your team can share about things they’ve read and seen, the greater the engagement levels across the firm. You’ll be surprised how quickly this becomes part of a conversation piece with customers.
- Have open and honest conversations
Everyone is a potential target, and nobody is completely infallible. Accidents happen and if they do, business owners need to be aware of this as soon as possible. The more time that goes by after any malware downloads, the greater the potential damage.
Be sure not to cultivate a blame culture by encouraging your team to report anything suspicious, however small. Staff should feel comfortable to speak up if they think they may have downloaded something they shouldn’t have.
- Password complexity and reset frequency
I know, everyone hates creating and remembering passwords. But this is a key weapon you have in your defence arsenal. Make sure you have clear guidelines on the frequency and complexity of passwords. If you can enforce regular password resets on your IT systems it is well worth considering.
There are several low-cost/no-cost online training tools for you and your staff. I’d recommend a finding a good course on Phishing. Phishing is a tool that uses email to try and gain sensitive information. Emails will arrive and look incredibly real, sometimes even experts find it hard to tell the difference between a real and fraudulent email.
My recommendation is to maintain conversation and training around this topic to incorporate it in to your firm’s culture. By protecting your firm from a data breach, you’re doing your best to help protect your clients against fraud.
Thomson Reuters Onvio offers secure online file storage and client portal software for accountants. Benefit from a more streamlined process for client communication, easily share files and documents with your clients online and gain online approval from clients with e-signing.
For more tips on cyber-security, see how Lucy Cohen and Olly Evans approach risk management within their successful accountancy firms.
Ian Cooper is responsible for all aspects of cloud delivered workflow tools for UK accountants, within the Tax & Accounting business of Thomson Reuters. He specialises in data security has over 20 years’ experience helping accountants benefit from technology, with a focus on the cloud, workflow, data, and reporting. Find Ian on Twitter and LinkedIn.