Accountants, CPA firms, tax preparers, and bookkeeping services are all high-value targets for cyberattacks like ransomware attacks or phishing attacks. We’re seeing more accounting firm data breaches each year, but those are only the ones published in the news; most probably slip under the radar. So, in today’s blog, we’ll go over the top cybersecurity threats accountants face today and what they can do to defend themselves.
Phishing Attacks
Phishing is when an attacker attempts to steal sensitive data, usually by pretending to be someone else and tricking individuals. This is by far the most common cyberattack any business will face. In 2021 alone, 20% of the cyberattackstargeting accountants, law firms, and architects were phishing attacks. With attackers impersonating clients, banks, or even the IRS.
These attacks become increasingly more prevalent during busy periods like tax season. The IRS themselves have listed phishing attacks and smishing as the 2nd most common scam related to taxes.
Ransomware Attacks
Ransomware is a form of malware that can lock up files until a ransom is paid. Imagine your firm that works with hundreds or thousands of clients; all it takes is one slip-up for your firm to be compromised.
The average downtime from a ransomware attack can range from 14 to 21 days, with the average ransom exceeding $300,000. There’s also no guarantee your files will be returned after you pay the ransom, as some hackers will still delete them once they are paid.
Photo by Practice Protect
Accounting Firm Data Breaches
Accounting firm data breaches do happen, but are often not reported on. In one story, however, a 200-client CPA firm was the target, but only 40 of those clients were exposed in a data breach.
A part-time employee’s account was compromised through a fake employee portal. When they logged in, it gave the attackers the credentials for that employee. With that, they were able to extract data from some of their clients. The owner of the firm caught on and quickly cut off access to everything from that employee’s account and contacted those affected.
Although some of their clients’ data was leaked, they reportedly “thought of her and her staff even more as trusted advisers.” In situations like these, prevention is key, but isolation and speed to contain it is the second-best option. This story, however, isn’t the majority in accounting firm data breaches.
Outdated Technology
Whether that be hardware, software, or both, there are a large number of businesses still operating on older technology. Not only is this a cybersecurity issue, but it’s also a productivity and even a reputational issue.
Not investing in up-to-date hardware or updating software can leave a business vulnerable to attacks. The point of a software update is to patch holes that hackers have found or will find. That may also require faster and more advanced hardware to run that software. Both increase the defenses of a business’s IT infrastructure.
Compliance Obligations
Being non-compliant with data protection regulations in the accounting world can result in not only reputational risk but also significant fines. The GLBA is a statute stating that financial institutions must have a comprehensive and written information security plan to protect customer and client information.
Fines can range up to $100,000 per violation, and fines for officers and directors up to $10,000 per violation. There could also be criminal penalties with up to five years in prison and revocation of licenses.
Photo by WallStreetMojo
What Accountants Can Do to Stay Safe
The top cybersecurity threats facing accounts are phishing attacks, ransomware attacks, data breaches, outdated technology, and compliance obligations. All highlight the truth that firms cannot afford to ignore cybersecurity. Protecting client data isn’t just about avoiding fines or protecting a reputation, but safeguarding client trust and ensuring long-term success for your stakeholders. That’s why we recommend partnering with a Managed Security Service Provider (MSSP).
We at Kirkham IronTech work with accountants and firms of all sizes to protect their IT infrastructure. We implement tools such as our 24/7 monitoring, email filtering, employee training, data backups, and more.
Our goal is to keep you working without the headache of a cyberattack. We want to reduce your risk while giving you predictable costs and a positive ROI.
Tom Kirkham brings more than three decades of software design, network administration, and cybersecurity knowledge to organizations around the country. During his career, Tom has received multiple software design awards and founded other acclaimed technology businesses.
