The largest ever ransomware attack spread around the world over the weekend and accounting firms in Australia are just as at risk as any company.
KPMG forensic partner Stan Gallo said that the most important thing for accountants to do at this stage is raise awareness across their firms.
“The [initial] step is to be aware of how this is happening. It’s still being distributed via malicious email, and essentially what organisations, accountants and otherwise need to do is make sure that all of their staff are aware of the importance of what’s happened,” Mr Gallo said.
“I would be sending out an organisation-wide note to let people know that they should be extra careful about opening emails from people that they’re unaware of. Don’t click on links or attachments in the email unless they’re absolutely sure that they know what it is.”
Mr Gallo said this particular attack should serves as a reminder to firms to check and update their security systems.
“From the IT perspective, whether it’s in-house or outsourced, they need to look at a process whereby IT systems are kept up-to-date in terms of patches for repairing identified weaknesses,” he said.
“They need to make sure that their backups are regularly updated and segregated from the system because I’ve seen examples where the backups get encrypted as well because they’re on the same network or linked to it.”
Not only do firms need to have a security and prevention plan, but they also need to have a response plan according to Mr Gallo.
“Also check the plan for if something goes wrong, if something does sneak through, how quickly can we get the business back up and running from the backup,” he said.
“Not only have a plan but test it, run scenarios and do tabletop tests and things to make sure that people know who to call or if they accidentally click on the link, who do they report it to, because time is critical.”