In association with
Save content
Have you found this content useful? Use the button above to save it to your profile.
How to protect your practice from the increasing cyber-threat |AccountingWEB | image of a cyber security specialist in a server room

How to protect your practice from increasing cyber threats


With data breaches and cyber-attacks becoming more common, Steve Cox, head of market insights at IRIS Software, offers five practical steps you can take to improve cyber security within your accountancy practice. 

29th Apr 2022
In association with
Save content
Have you found this content useful? Use the button above to save it to your profile.

A large number of businesses (39%) have been affected by cyber-attacks or security breaches in the past 12 months. Among large businesses, that figure rises to 66%, according to data from the government’s department for culture, media and sport. 

If these figures weren’t alarming enough, the cybersecurity picture is likely to be even worse for the accountancy sector in particular. Given the highly sensitive and valuable nature of the data that accountancy practices handle, it comes as little surprise that accountants are 30% more likely than other professionals to be targeted by hackers. 

Increased cybersecurity risks

New ways of working, made possible by technology and proven viable by pandemic lockdowns, exacerbate the issue. That’s because (unless the proper security measures are put in place) remote working and multi-device access to software exposes a wider range of vulnerabilities for cybercriminals to exploit.  

The stakes are extremely high. Breaches can bring fines, ransoms, disruption to service and reputational damage to any firm. My belief is that it is safest to think in terms of when, not if, your practice will be exposed to an information security threat.  

How to mitigate your risks

Understanding the risks is half the challenge; mitigating those risks is what really matters. In no particular order, here are my top tips for keeping your practice safe and secure: 

Tip 1: Standards

Standards can provide your business with a consensus-based best-practice approach to a host of business challenges. In the simplest terms, a standard such as ISO 27001 can be described as a how-to guide for embedding a rock-solid information security management system (ISMS) at the heart of your organisation. Standards are not mandatory, and it’s up to you how you apply the processes or ideas contained within ISO 27001. However, if you seek certification of your firm’s adherence to the standard, it can help you build trust among prospective clients.

Tip 2: Insurance

All practices, even the most careful, are at risk of a data breach or cyberattack. Alongside a robust ISMS, a cyber liability insurance plan can help to mitigate the potential financial impact of a worst-case scenario. However, it is important to mention that insurance does not absolve your company of its responsibilities. In fact, failing to take proper information security measures could invalidate your cover. 

Tip 3: Training

The majority of breaches (90%) are a result of human error according to the ICO. Therefore, giving employees the knowledge to eradicate such errors is one of the most effective ways that leaders can protect their businesses. Training should take place regularly so that information stays top of mind for your team members and so that security measures can evolve at the same pace as the outside threat. 

Tip 4: Outsourcing

Trusting an external supplier with something as important as cybersecurity is, understandably, a tricky thing for some practices. But, if you do your homework and find the right partner, the contributions of an expert can have a massive impact on reducing the overall threat level. As an added bonus, it will also allow people within your practice to focus on their own areas of expertise where they can deliver maximum value for your clients. Although the cost of hiring expert support can be high, it’s important to remember that the cost of a breach can be far higher. For small businesses, the worst breaches cost somewhere between £65,000 and £115,000 on average.

Tip 5: Cloud-native accountancy solutions

Cloud-native solutions – such as those provided by IRIS – offer the safest environment to run your mission-critical operations. Utilising industry-leading encryption and ISO-accredited best practice, there is no better way to protect your company or your clients. 

Learn more about cloud-based accountancy solutions from IRIS and discover how you can get your teams working as securely as possible whether they’re in the office, at home or out in public.  

Replies (1)

Please login or register to join the discussion.

By Hugo Fair
29th Apr 2022 18:14

Pity, this was going so well (if unexcitingly) until Tip 5 ... when the overt Advert breaks cover.

That might seem fair enough (if "In association with" means this is paid-for Advertising?), but not when it's at best a non sequitur to the rest of the article.
Near the start, it says "New ways of working, made possible by technology and proven viable by pandemic lockdowns, exacerbate the issue" ... which seems to be a roundabout way of saying that Cloud solutions exponentially increase the risk - a remark with which I wholeheartedly agree.

Thanks (4)