4th October, 2023
If you’re running a business based on trust, honesty and safeguarding sensitive customer data, cybersecurity should be a top priority.
Despite that, many small business owners — including accounting practices — choose to ignore the risks.
According to the Australian Cyber Security Centre (ACSC), 65% of small and medium businesses spend less than $1000 a year on cyber protection.
The lack of investment in cyber protections can be a disaster when things go wrong.
Thanks to the cost, disruption and ongoing reputational damage that come with a cyberattack, more than half of small businesses close within six months of an attack or leak.
As cybercrime becomes more sophisticated and AI enters the picture, the smaller accounting firms approach cybersecurity needs to change.
The good news?
While investing in tech has a part to play, changing your culture and training employees is just as important.
Cyber threats are rising, with Australia and New Zealand both reporting increases in incidents recently.
The type and sophistication of attacks have also increased, as tactics like ransomware and spyware, distributed denial-of-service (DDOS) attacks, sophisticated phishing and identity theft emerge.
It’s important to remember that just as us end-users get access to ever-evolving tech, so too do the bad actors.
Tools like AI can be a great help for accountants and bookkeepers as they free up time and streamline processes, but they can also be used by bad actors to write code that gets around security systems.
Some platforms collect and on-sell data, so it’s important to be always-ready when it comes to updating your security processes.
Evolving cyber threats are a particular concern for small-to-medium accounting firms.
SMEs tend to be more vulnerable to malicious attacks because, unlike their bigger business counterparts, they often have less resources to dedicate to constantly reviewing and renewing cyber-security systems.
While a smaller firm may not offer huge volumes of data or the prospect of a massive payout, its lack of thorough protection makes it an easy target — and that’s appealing for opportunistic attackers.
Most cybercrime isn’t committed by criminal masterminds but by attackers aiming for a quick, easy win.
Cybercrime can disproportionately affect smaller firms because they tend to run on tight margins.
If you’re close to the line at the best of times, even a minor attack or data breach can have serious consequences — loss of cash flow and productivity for days or weeks and damage to your standing with clients.
Finally, because they deliver financial services and have access to client data and client funds, accountants should have a vested interest in protecting themselves from cybercrime.
Any data leak risks exposing you and your clients to financial loss, and dents your clients’ faith in your services.
If there were a single piece of tech that could protect your business against all possible cyberattacks, it would sell like hotcakes.
Sadly, that’s not the case. With a multitude of pathways into your business and continually evolving technology, there’s no one way to guarantee complete protection.
Instead, it’s about creating a network of protective measures to get as close as possible to that goal.
This includes using technology and — perhaps more importantly — creating a proactive culture of security awareness and knowledge in your business.
Here’s how:
Simple-but-effective technology may be more defensive in the long run than ultra-sophisticated security systems.
Self-managed tools like a password manager, multi-factor authentication and a virtual private network (VPN) put layers of protection between your data and malicious actors, making it difficult for attackers to get into your systems.
It’s also important to choose your tech providers carefully — and consider shifting to a fully integrated platform.
Every piece of tech that has access to your financial data is a potential way into your business, so check the fine print, ask the right questions, and don’t hand over your data to just anyone.
This is particularly true for open-source AI tools like ChatGPT, which could potentially expose your data to third parties.
According to Harvard Business Review, human error is behind 80% of leaks and cyber breaches.
This includes employees sending data to the wrong person, using an easily-hackable password, or accidentally clicking a malicious link.
Training and awareness can go a long way towards mitigating this risk.
Create a top-down culture focused on cybersecurity, invest in phishing training and other cybercrime awareness, and build tech tools into your day-to-day processes so your people use them every time.
It’s about being proactive and thoughtful about the risk to your business — not burying your head in the sand.
It’s crucial to create a solid cybersecurity strategy and a detailed incident plan to guide you and your staff.
As always, the better prepared you are, the easier it will be to bounce back from an incident.
Dealing with cybersecurity can feel overwhelming.
The landscape is constantly evolving, with new threats emerging every day, making it difficult to know where to start.
The good news? While you’ll never completely safeguard yourself or your clients, the more time you invest in protection, the better.
This is true not only in actual protection but in showing your clients that you take their data security seriously.
If a breach happens, you want them to know you made the right tech choices, trained your team thoroughly, and minimised the impact on your clients.
Want to know more about cybersecurity for accounting firms? Sign up for our free webinar now.