2023 © All rights reserved
by Danyca Wallis & Casper de Waal, SmartPractice | 28 April 2022
"Accountants are well placed to advise on the steps a business should take to protect itself – cyber security isn't just about technology and computers: it involves people, information, systems, processes and culture too"
John Berriman, PwC
Today’s organizations are facing more distributed teams at a time of increased security threats and reduced IT and security staffing. Many businesses have realised the risk cyberattacks pose on their operations, reputation, and revenues. As an accountant, safeguard your client’s sensitive data not only for your compliance but also for the safety of your clients who trust you wholly with their professional and personal financial data.
We need to constantly be educated on the changing cyberattacks and security risks because when these risks affect your clients, it will affect you too.
What are some of the highest cyber security risks for accounting firms?
Although data breaches affect larger organisations, SMEs can also take quite the knock. According to the 2021 IBM Security Cost of a Data Breach Report, small businesses were affected with a 26.8% increase in data breach costs. SMEs often think they will not be targeted, but according to Minaar Fourie, “SMEs are often the weakest link as they don’t have the same level of protection as big companies”.
Accounting Firms are Vulnerable.
No matter how secure your accounting firm may be, there is always a risk of a data breach. Hackers are constantly changing their methods of attack and finding loopholes to access systems. It is important to constantly be aware of the most recent cybersecurity trends and standards and ensure that your security systems are updated regularly.
Your Clients are at Risk.
You must assure your clients that their information is safe. This goes hand in hand with the POPI Act. “Data protection of personal information is concerned with the processing of such information, which carries particular risks in terms of how it is collected, stored, and disseminated...” – Gary Epstein, Accountancy SA. If you, as an accountant, cannot protect your client’s information, there will be significant consequences.
How can you ensure you are being Cyber Safe?
Develop an effective Security Plan.
There are 8 steps to planning out your cyber security strategy including conducting a security risk assessment, setting your security goals, evaluating your technology, selecting a security framework, reviewing security policies, creating a risk management plan, implementing your security strategy, and evaluating your security strategy.
Make use of a Practice Management System that ensures data security.
SmartPractice takes data protection seriously. We make use of one of South Africa’s leading hosting companies, 1-Grid. Our 1-Grid SSL Certificate ensures our clients' information is protected and pages and logins are protected. Data is safely backup daily. We make use of End-to-end encryption with Comodo Security Solutions which adds that secure “s” behind an “HTTP” URL and makes URL encrypted data useless to hackers. We also make use of an Anti-Virus ESET File Server Security which protects the servers from viruses, malware, and ransomware. And there are separate data tables for each client, ensuring no databases can be shared. You can download our full Security Measure document here.
Make use of cost-effective online systems, which already have security in place and back up your data regularly.
Antivirus & Backups.
Besides prevention of phishing attacks and viruses, which are extremely important, anti-virus software has hidden benefits such as blocking spam on emails that can save a lot of time for employees needing to go through all emails, relevant or not and also speed up laptop performance.
Passwords & authentication.
Making use of strong passwords and third-party authentication can be one of the greatest protections you can practice in your firm. It is more difficult for hackers to figure out passwords with symbols, numbers, and different case letters.
By allowing a user to only access the information which they need to work with, you are protecting data that may not be necessary for your users to access. This also makes it easier to block accounts for staff who may leave your company.
Train your staff.
Your staff needs to be aware of security and privacy protocols. By holding frequent meetings on potential risks and new policies, you are ensuring all your employees have a good understanding of the importance of cybersecurity. Practice Protect, a cybersecurity platform for accountants, also suggests that your employees should sign a policy agreement about the do’s and don’t around cybersecurity.
Acceptable Use Policy
Acceptable/unacceptable Internet browsing and use
Acceptable/unacceptable email use
Acceptable/unacceptable usage of social networking
Electronic file transfer of confidential information
Remote Access Policy
Definition of remote access
Who is permitted (employees/vendors)
Types of permitted devices/operating systems
Methods permitted (SLVPN, site-to-site VPN)
One of the best ways accountants can simply make their firms more secure is by making use of accounting practice management systems that include cybersecurity features. These systems do most of the protecting for you, so you don’t have to.
With filing season on hand and phishing currently rampant, we created a letter for accountants to send to their clients. Have a look, add a logo or some extra information you might have and warn your clients!