Your small accountancy practice (or small business) is not exempt from the disruption of a cyber attack. We often think cyberattacks only affect large organisations. But, by being a smaller firm you are more vulnerable with more filings now taking place online, the risk has increased. So why would accountants be targeted by cybercriminals?
They want your client’s data
The information cybercriminals want – financial data, Tax IDs, bank account details, payroll data and employee details. Accounting firms all use similar computer software, so if a criminal can find a vulnerability that can be exploited. They immediately have lots of potential victims. Typically there isn’t enough investment in online security, policies and procedures aren’t in place and this can leave firms wide open to a cyber attack.
If your firm doesn’t have an incident response and business continuity procedure in place, that means accountants are more likely to pay cyber criminals money because they fear they may not be able to recover from an attack. Either in the recovery of a firm’s reputation or through financial loss.
Many accountancy firms are making life easier for hackers by underestimating the threat they face. As we all adapt to being a more remote workforce, there has been a 300% increase in cyberattacks on accounting practices of all sizes. Attacks are sophisticated and often strike when accountants are working at the year-end or when tax return deadlines are due.
Gateway to Information
With the amount of valuable data self-employed accountants and practices hold on their clients, hackers want to incept this information to enable them to pull off complex frauds. The more information they can find or trick you into giving up, the better a picture they can build of a business or individual whose bank account they intend to target.
Accountancy firms are viewed as a “gateway” to getting this sensitive information and can be perceived as a soft target with fewer security barriers and little or no in-house expertise for a hacker to get past. Hackers are motivated to find out any vulnerabilities in accounting software knowing there is a high reward to be had by exploiting the weakness and then attacking multiple businesses who use the same software.
Small but not safe
According to the Cyber Security Breaches Survey 2020, 39% of small businesses identified at least one breach or attack in the last 12 months. SMEs can then be faced with increased disruption than a larger business as they lack the processes and cyber expertise. The impact on small business operations and the inability for staff to carry out their work can have long-lasting consequences, not only for the practice itself but also its clients.