country manager and head of sales at VIPRE
Blogger
Share this content
igital background depicting innovative technologies in security systems
istock_cybersecurity_MF3d

Fortifying fiscal data for accounting services

by

Accountancy firms handle highly confidential information like fiscal transactions and financial data, typically shared via email. Andrea Babbs examines how to secure confidential resources to protect data and image.

2nd Jun 2021
country manager and head of sales at VIPRE
Blogger
Share this content

A crucial business tool that organisations across all sectors are utilising more than ever is email communication. Especially due to the pandemic and the increase in remote working, companies are relying heavily on email to relay messages both internally and externally.

Roughly 306.4 billion emails were sent and received each day in 2020, with the figure expected to increase to over 361.6 billion daily in 2024. With this, there is great potential to make a mistake, whether that be sending an email to the wrong address, or with an incorrect attachment.

Particularly for the financial industry, the personal and sensitive information dealt with by accountants makes them extremely vulnerable, as this is the type of data cybercriminals prey on. If this was to fall into the wrong hands, the consequences could be catastrophic, including notable losses of money and breaking trusted relationships.

However, by investing in technology solutions and ensuring accountants are aware of the responsibility they have to keep information safe, these risks can be mitigated. 

Financial repercussions 

On average, organisations spend an average of $3.85m recovering from security incidents, with the usual time to identify and contain a breach being 280 days, the Ponemon Institute found. And the latest research finds that there has been a 300% increase in cyber attacks across the accounting profession. 

While examples of external threats seem to make the headlines, such as the Canadian accounting firm MNP LLP, which fell victim to a ransomware cyberattack last year, unintentional breaches don’t always garner as much attention. Yet, they can be as dangerous as each other, with human errors being twice as likely to result in confirmed data disclosure. 

Unquestionably, the costs will vary depending on the scale of the breach, however, at a minimum, there will be financial repercussions, costs for audits to understand why the incident happened and what additional protocols need to be put in place to ensure prevention going forward. In addition, there could also be large costs involved in compensating customers who may have been affected by the breach.

Damage to brand reputation

Financial penalties and additional costs are not the only problem accountancy businesses will face when dealing with a data breach. Most importantly, the reputation of accounting firms is fundamental in order to maintain a loyal customer base.

Those that do not protect their customers’ confidential information will have to handle the negative press and mistrust from existing and potential customers, which could, in turn, have the potential to affect the organisation as a whole. Within such an exceedingly competitive market, customers have the choice to take their money elsewhere, meaning that the customer service experience is crucial. 

Strategies for safeguarding 

A stratified cybersecurity approach is essential to minimise the risk as much as possible and to secure private information within accounting services. With this, three critical factors must be contemplated:

  1. Verification and encryption: Security protocols are constructed to prevent most instances of unauthorised interception and email spoofing. For example, hackers may attempt to attack systems directly or intercept emails via an insecure transport link. But by adding a specific email to an encryption service within your email security suite, it strengthens business protection in this area. Despite this, it is critical to remember that encryption and authentication do not safeguard you against the human errors made, as well as the misdeliveries. 

  2. Data loss prevention solutions: Accounting firms can implement security measures for the detection, control and prevention of precarious email sending behaviours through DLP solutions. This tool provides users with a double check to verify the accuracy of email recipients and contents of attachments where a simple incorrect email address or a cleverly disguised spoofed email would likely be missed. Users can be prompted based on several specific parameters – for example, accountants in different departments exchanging confidential documents with one another means that the TO and CC fields are likely to have multiple recipients where a spoofed email could be lurking. This alert can be a fundamental factor in an organisation’s cybersecurity efforts. 

  3. Training for employees: It is crucial for accounting businesses to provide cybersecurity awareness training to reinforce security guidelines and rules regarding the circulation and storage of confidential financial information. Employees should undergo training when they first join an organisation and should continue to be enrolled on an ongoing programme with quarterly or monthly short, informative sessions. This training should include phishing simulations, as well as simulated phishing attacks, to educate users on how to spot and flag such threats. 

Conclusion

Accountancy organisations remain a key target for cybercriminals, as the desire for hackers to get hold of personal information and financial transitions will never diminish. Therefore, it is vital that these firms prioritise cybersecurity and take a dynamic and layered approach.

With a stratified system in place consisting of awareness training, regularly evaluating risks and deploying innovative solutions, accountants can be confident in their workplace’s security methods when sending personal information via email.

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.