Accounting software suppliers are urging their customers to create a good cyber security culture to fight the ever present threat of security breaches and data loses.
According to the government’s Cyber Security Breaches Survey 2019, over six in 10 medium and large businesses have been attacked in the past 12 months, with phishing attacks the most frequent type of threat (80%).
The survey carried out between the winter of 2018 and early 2019 found the average cost to business of lost data or assets after breaches was £4,180, almost twice as the average loss in 2017. The figure rose for charity victims of cybercrime, which lost an average of £9,470 last year.
Despite the scare stories and dramatic outbreaks, the 2019 cyber security report showed a mild improvement in cyber security. The percentage of businesses reporting cyber security breaches or attacks over the past 12 months dropped from 43% in 2018 to 32% in 2019.
This improvement could a result of GDPR, which encouraged more businesses to put a cyber security policy in place during 2019 (36% vs 21% in 2018). Three in 10 businesses said they made changes to their cyber security as a result of GDPR, with 60% of organisations creating new policies for the first time and others improving their systems and staff training.
While fewer organisations identified attacks and breaches, those that have experienced them were hit more often, with 48% identifying at least one breach or attack a month.
Culture of cyber security
Cyber security threats are always changing, which makes it difficult to implement security measures that will protect a company forever. Investing in training and education, strengthening policies and building a culture of cyber security is the best strategy, according to Ian Cooper, non-tax product manager for Thomson Reuters.
Providing clear instructions and having regular conversations about cyber security are two of the best ways to create a cyber-security conscious firm, he explained.
“I’d recommend a finding a good course on phishing. Emails will arrive and look incredibly real, sometimes even experts find it hard to tell the difference between a real and fraudulent email,” said Cooper.
He also encouraged businesses to make sure they have regular, honest conversations within their teams. “Be sure not to cultivate a blame culture,” he said. “Staff should feel comfortable to speak up if they think they may have downloaded something they shouldn’t have.”
The Access Group also encourages its clients to remain “cyber aware” in one of its latest resources. In its guide, the software developer highlights the importance of doing due diligence when choosing a provider and looking for software solutions that are automatically updated with the latest security patches as soon as they are released.