Accountancy firms face an increase in cyber risks as criminals switch their focus to ‘softer target’ smaller businesses. We review why accountancy firms are targets for cybercriminals and what steps you can take to minimize your risk.

Small accountancy practices (and small businesses) are not exempt from the disruption of cyberattacks that affects large organisations. Being a smaller firm can make them more vulnerable with more filings now taking place online, the risk has increased. So why would accountants be targeted by cybercriminals?

They want your client’s data

The information cybercriminals want – financial data, Tax IDs, bank account details, payroll data and employee details. Accounting firms all use similar computer software, so if a criminal can find a vulnerability that can be exploited. They immediately have lots of potential victims. Typically there isn’t enough investment in online security, policies and procedures aren’t in place and this can leave firms wide open to a cyber attack.

If your firm doesn’t have an incident response and business continuity procedure in place, that means accountants are more likely to pay cyber criminals money because they fear they may not be able to recover from an attack. Either in the recovery of a firm’s reputation or through financial loss.

Remember: If you are currently subjected to a live and ongoing cyber-attack then please contact the police on 101.

⚠️ If you suspect you’ve been scammed, defrauded or experienced cybercrime, then please report this to ,Action Fraud.

Many accountancy firms are making life easier for hackers by underestimating the threat they face. As we all adapt to being a more ,remote workforce, there has been a 300% increase in cyberattacks on accounting practices of all sizes. Attacks are sophisticated and often strike when accountants are working at the year-end or when tax return deadlines are due.

“With the increase in the remote workforce and ongoing COVID pandemic, there has been a 300% increase in cyberattacks on accounting practices of all sizes.” ,- Accounting Today

Gateway to Information

With the amount of valuable data self-employed accountants and practices hold on their clients, hackers want to incept this information to enable them to pull off complex frauds. The more information they can find or trick you into giving up, the better a picture they can build of a business or individual whose bank account they intend to target.

Accountancy firms are viewed as a “gateway” to getting this sensitive information and can be perceived as a soft target with fewer security barriers and little or no in-house expertise for a hacker to get past. Hackers are motivated to find out any vulnerabilities in accounting software knowing there is a high reward to be had by exploiting the weakness and then attacking multiple businesses who use the same software.

Small but not safe

According to the Cyber Security Breaches Survey 2022, 39% of small businesses identified at least one breach or attack in the last 12 months. SMEs can then be faced with increased disruption than larger businesses as they lack the processes and cyber expertise. The impact on small business operations and the inability of staff to carry out their work can have long-lasting consequences, not only for the practice itself but also for its clients.

Can you as an accountancy firm afford to pay out £4,200 dealing with a cyber attack? Cyber attacks cost businesses time lost data and assets after a breach. The most common attack on businesses remains phishing, with 83% of businesses surveyed saying they had experienced a phishing attack.

One way to improve your business's resilience to phishing attacks (as well as training) is a ,simulated phishing attack. We work with you to help raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats. By training your employees about what a phishing attack looks like, they are more likely to identify and report scams.

Minimise your risk – 5 steps to cyber resilience

Your business is never too small, to be targeted. However, with the right measures in place, no business is too small to start to protect itself. Accountancy firms can set the example by following these top cyber-security tips:

• Ensure they have a firewall and anti-virus/anti-malware solutions and remember to install all updates and patches regularly. This stops criminals from exploiting faults in old systems or software.
• Ensure all business-critical data, (customer data and financial information), on all company devices, are securely backed up (either in the cloud or a remote device) and can be restored if needed.
• Ensure a clear security policy is in place for staff, create a cyber-conscious culture in the workplace and ensure the policy is communicated to all personnel so they are aware of their responsibilities.
• Staff should undergo regular ,security awareness training so employees are constantly updated about the latest scams and ways they can stay secure both in the office and working remotely.
• Have an up-to-date ,incident response plan that is practised regularly so that employees know what to do if they suspect there is an attempted breach, a phishing email has been received or a cyber incident occurs.

How can the Cyber Resilience Centre help my accountancy firm?

To help accountants and accountancy firms outsmart cybercriminals and toughen up their cyber security, the North West Cyber Resilience Centre can offer a 12-month ,Membership which helps you identify your risks and vulnerabilities. Showing you the steps you can take to increase your levels of protection, whilst also giving your staff ,security awareness training and testing their knowledge of the latest threats through a simulated phishing exercise.

For further information regarding the help and support, we can offer your accountancy firm you can view our ,dedicated support page for accountants.