The pandemic has changed the way we work. We have become much more reliant on technology and with this comes the need for enhanced cybersecurity policies and procedures. Having firm-wide cybersecurity procedures in place is essential as, without these, our data is at risk and this could be disastrous for any business.
The rise of technology
The increased adoption of cloud-based accounting software such as Xero, QuickBooks and a whole plethora of online applications (the so-called apps) has meant that the use of technology in the accountancy world has escalated over recent years. This was further fuelled by MTD for VAT and also by the move by many to digital banking. Many clients now also expect their accountant to provide technology-based services and this has further accelerated the need for accountancy firms to adopt the cloud.
In addition to this, the way we work has changed over the last year with a significant number of staff now working remotely. This was a result of Covid when, all of a sudden, we had to work from home and employers quickly had to ensure that staff could gain remote access. This need for speed of access meant that security was not always a top priority.
The risks of cyberattacks
Cyberattacks have been an issue for many years, but this was fuelled further as a result of the move to remote working and we saw a rise in attacks during 2020. These attacks have also become more sophisticated over recent years and it is now essential for organisations to have cybersecurity measures in place to reduce the risks of these attacks.
The risks for businesses include:
● phishing email scams
● management of leavers
● password theft
● invoice and online payment fraud
● poor internal policies and procedures
● malware and ransomware attacks
● greater connectivity with clients and suppliers.
The impact of a cyber-attack can be disastrous for any business and it is therefore essential that businesses address these issues so that they reduce their risks.
How do you manage leavers?
The management of leavers is a key issue for accountancy firms. With staff having access to a wide range of cloud-based systems, this means there has been a huge increase in the number of passwords and systems used per employee. Unless you have a strong system in place to manage staff access when they leave, there is a risk that staff may still have access after they no longer work for the firm - which could be disastrous.
There are online systems in place to manage staff access via the use of a single sign-on. This means that staff will log in once with their user name, password and a unique authentication code generated from an app on their phone. Then they will gain access to all their applications in one secure portal. This means that the firm know what systems the staff member has access to and so, if they leave, they can easily remove their access to all the applications.
Tips to reduce the risk of cyberattacks
It is essential to take steps to ensure that you have strong cybersecurity measures in your firm. These could include:
- Use of multifactor authentication to access cloud services. Here, as well as entering a user name and password, staff also have to enter a unique code generated via an app on their phone.
- Install firewalls and antivirus software and ensure that this is kept up to date.
- Use a single sign-on application to manage passwords and also to manage leavers and joiners in the firm.
- Ensure staff are educated not to store data on the hard drive of their laptops; instead, they have to store it on the firm’s central systems.
- Review and update policies and procedures to address cybersecurity and ensure that these are communicated to all staff.
- Have a data recovery plan in place and also review insurance policies to ensure that they are sufficient for your needs. Also, ensure regular backups of data.
- Educate staff about cyber and data security so that they are more aware of the risks.
- Undertake the Cyber Essentials training offered via the government-backed Cyber Essentials Scheme.
With the increase of cybercrime, it’s essential that businesses address the issue of cybersecurity and that they maintain strong procedures and controls. The cost of cyber-attacks can be huge and potentially disastrous so cybersecurity cannot be ignored.
Caroline Harridence – Counting Clouds
Further resources from ACCA
Cybersecurity
Data and Information Security