Accounting firms hold treasure troves of personal information and hackers can exploit a single weak spot in your digital defences.
5 essentials to keep cyber crims locked out
Recent high-profile cyber attacks have involved major companies, government utilities and critical infrastructure. Cyber criminals constantly employ new technologies to help them exploit network and system vulnerabilities, taking advantage of inefficient IT practices and the shortage of cyber security professionals. Often these attacks are used to extort payments via ransomware or to gain access to company data and sell it on the dark web.
Accounting practices are particularly vulnerable due to their vast holdings of client data, including sensitive personal information like financial and investment records, bank accounts, payroll and tax ID numbers. A single weak point in the network can allow hackers to gain access to this treasure trove of data. One personal loan and financial service provider suffered a data breach this year that affected over 14 million customers and was made possible by a single set of stolen credentials.
The Australian Cyber Security Centre received more than 76,000 cyber crime reports during 2021–22, a 13 per cent increase on the previous year. Those security breaches – which most commonly include malware, ransomware, phishing and denial of service attacks – also cost businesses 14 per cent more, on average, thanks to their ability to disrupt operations, steal valuable data, damage the brand’s image and cause companies to incur legal and regulatory penalties for insufficiently protecting user data.
As a result, it is now necessary for business leaders to proactively manage their organisations’ cyber security in order to protect them from potential breaches and safeguard sensitive data. Recognising this urgency, Prime Minister Anthony Albanese said at a government-led cyber security roundtable event in early 2023: “For businesses these days, cyber security is as important and essential as the shop having a lock on the door. We need all Australian businesses to be able to protect themselves and – just as importantly – protect their customers.”
Government regulators have shown they are taking this seriously by instituting fines for large-scale breaches, including one for $250 million in June.
With that in mind, here are six essential steps that you should take to strengthen your company’s cyber security defences.
1. Recognise the risks
Understanding the potential risks and threats is the first step towards effective cyber security management. Business leaders need to be aware of the various types of cyber threats, including phishing attacks, malware and ransomware. Staying informed about the evolving landscape of cyber crime can help you better anticipate potential vulnerabilities and allocate resources to protect your organisation.
2. Adopt mitigation strategies
A critical first step in protecting your company from cyber security threats is mitigating risk factors for the most common vulnerabilities.
However, since accountancy firms are more appealing targets than most, you might want to step up to a cyber security framework like ISO 27002 or the National Institute of Standards and Technology. Involving risk assessment, policy development, training, awareness, incident response planning, and ongoing monitoring and improvement, these comprehensive frameworks demand heavy coordination with your IT department to implement but are well worth it for high-risk firms.
3. Invest in up-to-date software
Patching software is an effective way to manage cyber security risks. In the past, patches – which fix issues such as glitches and security vulnerabilities – were often applied individually, but in the modern era of software-as-a-service, they are usually included in automatic software updates. However, those updates depend on the software possessing a genuine, active licence. Without one, it will quickly become outdated.
Outdated software often contains security vulnerabilities that can be exploited by cyber criminals to gain access to user data – or even hijack the PC and access the wider network. For this reason, using licensed, updated software is crucial for maintaining a secure digital environment. Business leaders should ensure that all software used within their organisation is licensed and regularly updated. By investing in legitimate software and ensuring your IT department keeps it up to date, you can minimise the risk of unauthorised access and potential data breaches.
4. Foster a cyber security culture
Creating a culture of cyber security awareness is essential for the overall security posture of an organisation. Less technologically literate employees make easy targets for cyber threats like phishing schemes, so business leaders should prioritise employee education and training programs to ensure that all staff understand the importance of cyber security best practices. That means regularly conducting cyber security workshops, providing resources for self-learning and establishing protocols for reporting potential security incidents. By fostering a culture of cyber security awareness, you can empower your workforce to act as the first line of defence against cyber threats.
5. Assess and update
Cyber security is not a one-time fix; it requires continuous evaluation and improvement. Business leaders must regularly assess their security measures to identify potential vulnerabilities and update them accordingly. This includes conducting comprehensive security audits, penetration testing and vulnerability assessments. Staying proactive and addressing potential weaknesses promptly will help you stay one step ahead of cyber criminals and effectively protect your organisation.
Tarun Sawney is a senior director of BSA | The Software Alliance.