Brought to you by
pandle logo

Pandle is cloud bookkeeping software made with real people in mind.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Pandle’s Guide to Cyber-Securing Your Accountancy Firm

2nd Oct 2017
Brought to you by
pandle logo

Pandle is cloud bookkeeping software made with real people in mind.

Save content
Have you found this content useful? Use the button above to save it to your profile.

Accountants are increasingly diversifying into the fields of not just financial, but business advice. One of the key pieces of advice you may have given a business is to invest wisely in cybersecurity.

But it seems some accountancy firms need to take their own advice, as one of the ‘big four’ accountancy companies has admitted it’s been the victim of a cyber-attack.

Sensitive Emails Leaked

Global accounting giant Deloitte has confirmed it has suffered a cyber-attack and that some sensitive client emails may have been leaked as a consequence. In a statement, it said very few clients had been affected.

However, it’s rumoured that the hack was achieved by someone who accessed the firm’s global email server through an administrator’s account – which surprisingly only required a single password rather than a 2-step authentication process. In theory, this gave them unrestricted access to all emails, including those containing sensitive information such as health data and architectural plans.

The hack is believed to have been discovered in March, although it’s unclear when it actually occurred.

No Disruption

A Deloitte spokesperson said:

“In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte.

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators.

“The review has enabled us to understand what information was at risk and what the hacker actually did, and demonstrated that no disruption has occurred to client businesses, to Deloitte’s ability to continue to serve clients, or to consumers.

“We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. We will continue to evaluate this matter and take additional steps as required.

“Our review enabled us to determine what the hacker did and what information was at risk as a result. That amount is a very small fraction of the amount that has been suggested.”

People in Glasshouses…

Ironically, Deloitte has a Cyber Intelligence centre offering cybersecurity services, and in June announced it had been ranked #1 for the fifth year running in Gartner’s ‘Market Share Analysis: Security Consulting, Worldwide’ report, based on revenue.

Responding to the accolade at the time, Sam Balaji, Deloitte Global Risk Advisory Business leader said: “As cyber threats rise and security breaches multiply, companies increasingly turn to Deloitte for our unmatched talent, technology, and experience. Deloitte’s worldwide network of Cyber Intelligence Centers provide around-the-clock advanced threat intelligence that help clients become and stay secure, vigilant, and resilient.”

Their own website reminds potential clients that “cyber risk is more than a technology or security issue, it is a business risk.”

Exactly what the impact on businesses may have been is likely to remain a mystery. However, a spokesperson for the NCSC (National Cyber Security Centre) said:

“We were made aware of a cyber incident involving Deloitte and engaged with the organisation to better understand the threat. Based on current information we understand that there has been minimal UK impact.”

Is Your Firm Cybersecure?

Next time you’re discussing investment in cybersecurity with a client, remember Deloitte – it’s worth considering if there is anything you can do to improve your own firm’s cyber security.

Even the smallest accountancy firm can hold sensitive data, and your client email addresses alone are valuable data that can be acquired for phishing scams and further hacking operations. Cybersecurity needs to be constantly reviewed to make sure your clients’ financial dealings – and yours – remain secure.

At Pandle we constantly review and refine our security measures as more and more features are released. We believe security is something which needs to be constantly assessed especially as code and systems evolve. If you have any questions about your own systems then please get in touch: www.pandle.co.uk

Tags: