How can accountancy firms limit the risks to confidential data?by
Accountancy firms of all sizes handle sensitive client data and should look to employ a security strategy that protects this information at all costs, without being a burden on IT resources.
All confidential client information needs to be protected from malware, viruses and a whole host of external cyber threats, as well as remaining secure and confidential. However, it is also vital to consider the types of threats that can be posed by internal forces, not just external.
IT security is not something that comes as part of the job description for an accountant, but many firms have no designated IT specialist. To ensure firms remain protected, a few basic rules suffice in gaining IT protection:
Keep out malware
No accountancy firm can function without computers, and only in rare cases are their networks purely internal. Instead, communication with customers often requires an Internet connection, meaning that fewer firms can manage without one. It is therefore important that all computer systems are equipped with basic protection, i.e. an up-to-date virus scanner and a personal firewall. Rather than implementing multiple solutions which have the potential to be confusing and time-intensive to manage, all-encompassing protection packages can provide modules which work seamlessly together.
Before investing in security technology, accountancy firms should assess the historical and current malware detection capabilities of various anti-malware products on the market. Security software for all sizes of firms has in the past been expensive and confusing; however it is a vital aspect of business that cannot be overlooked in today’s troublesome cyber environment.
Accountants handle extremely sensitive customer data on a daily basis. All this information, which is not intended for third-party viewing, should be encrypted. Encryption translates data to a secret code and is the most effective way to achieve data security. To read an encrypted file, a key or password is needed to unlock the translated information.
Worryingly, the nature of the accountancy industry means that any financial data that is breached can be used for malicious, even criminal purposes. This means that there is a risk that employees who have access to a large quantity of this data also pose a risk to the firm and its clients. Although access is required for employees to do their jobs, it is possible to restrict access to data that is not directly relevant/necessary for them to carry out their role. By encrypting this data, it lowers the risk of an internal threat where someone takes liberties with their clearance.
Ensure data is backed up
Not only is this confidential data at risk from malware and the inside threat from employees, but it can be corrupted, lost or stolen. Therefore it is vital that accountancy firms back-up all forms of records safely and securely. Suffering a loss of client data could not only mean a loss in custom and sever reputational damage, but could ensue in a law suit.
Management in accountancy firms know which areas of their company need protecting, but what about their employees? In most cases, staff won’t be IT experts either. Two strategies are recommended here; firstly, clear rules should be established for using IT systems, these should specify prohibited activities such as sharing passwords; and guidelines for the use of, for example, USB flash drives. Secondly, rules should be backed up with appropriate security settings.
The accountancy sector is entirely built on trust. Just one instance of compromised information could really damage an accountant’s reputation and relationship with its clients. Most businesses have sensitive client data on file and confidential records, but the financial implications of a breach are far-reaching in this sector. By following these steps, firms can ensure that they are doing everything in their power to protect themselves and their clients.
David Emm is senior security researcher at Kaspersky Lab.