The Tech Take: Businesses aren’t focusing enough on cybersecurity

Register now

Although the story didn’t become publicly known until September, which made the event that much more egregious, one of America’s largest credit bureaus, Equifax, was hacked in March 2017. Although hacking events occur on an almost constant basis, and with increasing frequency as the years since the Internet was invented march on, this breach was particularly notable because it targeted one of the largest harbors of sensitive financial information in the world — and the owners of that information did not necessarily have much say in whether the bureau collected that information or not.

It is in this insecure environment that only 39 percent of organizations consider cybersecurity among its top concerns. Fifty percent solidly place the topic in the “moderate concerns” pile, and the rest aren’t that concerned, according to a new survey of businesses conducted by Nexia International and CohnReznick LLP. Nexia analysts said in the report that this shows there is “still considerable education and investment required to reduce the level of cyber risk and improve organizational preparedness and responsiveness across most industries and geographies.”

There also, analysts said, is a “significant need for many organizations to improve their overall understanding of the cybersecurity risk landscape.” As advisors to industry, accountants should be making it their business to educate their clients about this risk. Doing so could be the difference between a small business’ success or failure.

While this survey looked at companies around the world, the United States is home to almost 30 million small businesses, most of whom use accounting software of some kind. While the majority of those users have chosen a desktop software, the number of business moving to cloud-based solutions is growing at a breakneck speed. The desire for flexibility and mobility is taking over the business world, especially as Millennials, concerned with differentiating their work practices from the more traditional Baby Boomer model, make their mark as entrepreneurs.

But while the thoughts of cybersecurity weigh moderately heavy on the minds of businesses generally, the visibility of that concern dwindles with company size. Startups, solopreneur operations, and companies struggling to get on their feet are mostly concerned with perfecting their actual businesses, and issues like cybersecurity couldn’t be farther from their minds. The good news is that if a company is using a suite of software products to store customer or client financial information, the burden of security falls on those companies, and accounting software companies take that directive seriously. The bad news is that by the most recent estimates, a full 43 percent of cyber attacks target small businesses.

Cyber attacks don’t just take the form of snake-like hackers sliding directly into the software that houses sensitive information. Rather, as cybersecurity expert Kevin O’Brien of Greathorn recently told me, many attacks take the shape of socially engineered phishing attempts that persuade company employees to divulge passwords, or to send sensitive information directly over email by posing as banks, clients or even co-workers. If cybersecurity is not a top concern within a business, employees are easy targets for such attacks.

The result of a ransomware attack, for example, in which hackers hold information for a price, could mean a major financial loss for a business, not to mention the goodwill of its customers. For a young company, this could stop business in its tracks before it really even gets going.

While our readers can and do try to keep their clients in the know about how to protect their information, the fact is that most small businesses don’t even hire an accounting professional in their early stages because they don’t see the value in doing so. As the profession makes the transition from numbers-crunchers, to value-drivers, to trusted advisors, cybersecurity should be making its way to the top of the list of client education priorities.

For reprint and licensing requests for this article, click here.
Cyber security Network security Device security Data and information management