Let's start with the bad news: Cybercrime activity is increasing each year and continues to get more sophisticated. Estimates have put the average cost of a data breach at anywhere from
And while big tech names make headlines during high-profile cyber attacks, it's not just large companies that are targeted — all businesses face these risks. A November 2021 Bill webinar,
Cybercrime remains a very active — and potentially very costly — threat, and this puts pressure on accounting professionals. In addition to safeguarding their own personal data, they must also maintain security at their firms, and keep client data secure.
Consider the confidential client information you have on file, like Social Security numbers, company financial data, and bank information. Now, consider the ramifications for your clients (and your firm's reputation) if this information got into the wrong hands. This paints a clear picture for the importance of staying one step ahead of potential cybercriminals.
So what can you do about this? The good news for accounting firms is that cybersecurity tactics continue to evolve and become more sophisticated as well. Here's a checklist for how you can protect your firm and clients.
What proper protection looks like
Accounting firms should treat client data like the crown jewels. Think about the different types of data your firm handles, where it is stored, and who has access to it. You might be using a mix of apps, cloud-based solutions, physical servers, and even papers on a desk. Each data location comes with its own security risks, both physical and virtual.
1. Understand your risk. Start by developing a risk profile for your firm that includes each of your data sources. Then come up with a strategy for mitigating risk. This strategy could include (but is not limited to) investing in:
- Better email security;
- Multi-factor authentication; and,
- Malware and vulnerability scanning.
Once you have a strategy in place, make sure your security protocols are kept up to date and reviewed for potential gaps and enhancements on a regular basis.
2. Pick the right solution. For firms with limited resources, it may be instinctual to go with the most cost-effective solutions. But this is an area where a smart and long-term investment in a proven solution is worthwhile. You need a cybersecurity solution that delivers the full range of protections to safeguard your firm. In the long run, this will save you time and money, and help maintain the trust of your clients.
3. Identify security gaps. Security should also be an essential consideration when you are engaging with third parties or partners. You should look at their security practices as part of your decision-making process. If client data is compromised because of a chosen partner's lax security, the implications can flow through to you and your firm.
4. Explore ways to simplify. When determining which solutions to implement, keep in mind that simplicity can enhance security. Rather than storing data across multiple locations and platforms — and having to vet each of their security practices — using a unified, comprehensive platform keeps all your data in one location with multiple layers of protection. This provides peace of mind, and removes vulnerabilities that come from having multiple solutions. As an added bonus, it also means clients have fewer passwords and logins to maintain!
5. Plan for the worst. Despite your best efforts, no firm can say with 100% certainty that they will not be a victim of cybercrime. This means it is important to not just create a preventative plan, but also a contingency plan that accounts for response, recovery, and continuity.
Security starts with people
Now that you have a cybersecurity security solution in place, how do you stay safe?
Implementing the proper systems and solutions at your accounting firm is only half the battle. Human error is the overwhelming cause of cybersecurity intrusions.
Just as Tim Cook once said everyone should learn programming before graduating high school, I believe data privacy and security should be taught from an early age.
If your employees don't have a good foundation knowledge, proper training is essential. All employees should have a baseline understanding of potential cybersecurity threats and the measures in place to deter them. As a team, you should revisit this regularly, as threats and prevention methods change.
Outside of your own employees, clients also need to have protections in place.
If your clients are in that 20%, this is an opportunity for your firm to serve as a strategic advisor. Have an open and honest dialogue about the risks they could face and the value of investing in cybersecurity. In some instances, clients may adopt a "That won't happen to us" mindset; for these conversations, it is worthwhile to be prepared with statistics or an anecdote that makes the scenario feel more real.
An ongoing priority
There has been a lot of innovation in recent years in cybersecurity, especially in identity protection and threat detection. Companies are increasingly aware of the importance of having strong cybersecurity protocols in place, and security solutions are now readily available to help keep enterprises and SMBs safe.
But cybersecurity isn't set-and-forget. To truly combat the risks, you need to invest in the right solutions and work with your employees, your partners and your clients to stay safe online.
