by Randhir Shinde, Galaxkey CEO
Cyber-attacks are a greater threat than ever before. The National Cyber Security Centre (NCSC) has found that, in the last year alone, 40% of UK businesses have been hacked. This is concerning for any business, but more so for those in accountancy.
At Galaxkey, a cyber-security consultancy, we find that accountancy is targeted more than nearly any other industry. Worryingly, smaller firms are being increasingly attacked, with hackers viewing them as ill defended against cyber-attacks.
Why? Accountancy firms hold what hackers want: money and juicy personal information. Despite this, far too many firms still make basic cybersecurity errors. Errors that are akin to leaving your front door unlocked and a “burglars welcome” sign on the front lawn.
As a start, look around your office. Seemingly harmless, everyday objects are an easy opening for hackers. Printers and scanners look more outdated than threatening, however they are rarely encrypted and therefore present a danger. These pieces of poorly defended hardware enable cyber attackers to access sensitive information that has been printed or scanned. More damagingly, hackers often also use printers and scanners to gain access to the wider company systems.
Next, have a look around your home – or any coffee shop, shared workspace or hotel lobby. You’ll see phones, tablets and laptops used for working remotely. The NCSC’s research found that 60% of financial services firms enable their employees to work using their own personal devices.
This flexible working is fashionable, but it needs to be protected. I meet too many accountants who work on unprotected devices at home. An employee who accesses a company database on their own, unsecured laptop is leaving that data acutely vulnerable.
In addition to devices, digital signatures present a growing risk. These are used regularly by accountants to authenticate documents, but many are not secured. Digital signatures can be easily replicated, meaning that hackers can fake signatures to commit serious fraud. Thankfully, new technology exists that means that these signatures can be authenticated and encrypted.
Of course, cyber security threats are always evolving and it’s tough to stay ahead of the attackers. Technical solutions are important, but education is the real key.
Staff need to know best practice, since they themselves are the greatest everyday risk. It’s troubling, therefore, that 40% of financial services employees have not been trained in the past year. The accountants I meet tend to say that any training they do receive is a box ticking exercise, a boring process which means that lessons are soon forgotten. Instead, training should be engaging and challenging. Cybersecurity can be an exciting subject, so long as it is taught in the right way.
Far too few accountancy firms have really woken up to the threat of cybersecurity. Most, especially smaller firms, see it as an inconvenience that is far from business critical. This is wrong. One effective attack can devastate a business’ reputation and drive clients away. The risk of this is only getting more severe. It’s time for accountancy to wake up.