Check the news any given day and you might see a report about hackers accomplishing a data breach, or of a ransomware attack encrypting all company data until it pays up. These are the well-known types of cyberattack, but there are less common cyberthreats accountants should be aware of, as well.
There is almost a malware malaise now. You’ve heard so much about the threat of a virus invading your networks or systems. Someone clicks on a perfectly innocent looking email, and the result is computing chaos? It’s not fair!
You also know to put a firewall around your technology; it’s as if you’re in a military movie. You have to “protect the perimeter.” Ensure no one can breach your cyber protections to secure personal data and intellectual property.
Still, a watchful eye for phishing emails and social engineering attempts isn’t enough. Installing security tools and upgrading anti-virus software also won’t cover everything.
Knowing where less common cyberattacks are coming from could help, though.
Less Common Modes of Cyberattack
You may not believe it possible of the people you work with, but they are a real vulnerability.
One problem is that we’re eager to help, especially when it comes to clients. There is a pre-established relationship, as your business has visibility into their financials. People are less likely to think twice about providing information to a client.
Yet cybercriminals do their homework and have enough information to be credible. Then they play on urgency and emotional appeal. They might call or email someone at your firm pretending to be an admin assistant for someone at the client. They might spin a tale of the CEO needing emergency cash in a far-flung location. Can’t you please help get it to them? Or they send a malicious file asking you to look at this complicated tax document for them (posing as the client). By the time you realize it wasn’t actually the client, it’s too late.
Insider attacks are a problem, too. Employees know your company’s infrastructure and are familiar with your cybersecurity tools. They also know where the sensitive data or confidential information is kept. Additionally, they may not act maliciously all the time. If a disgruntled worker is patient, rather than going out in a blaze of glory, it can be harder to detect the breach.
According to the Ponemon Institute, insider-related incidents cost $11.45 million in 2019. Establishing role-based access credentials can help limit exposure. With this approach, people can get only to the information they need to do their jobs.
Other Forms of Insider Threats
Humans also lose things. This is unintentional insider vulnerability. Perhaps they use their personal device to log into the business systems. Laptops, external drives, and mobile devices allow mobility and simplify data access, but what if that mobile device is lost or stolen? If you’re not protecting remote access, you could end up having to tell clients their data is in unknown hands. Encryption can help.
Then, there are the simple mistakes. It’s a good idea to review how you share and publish information. Information goes back and forth regularly between team members, the business, and clients. Don’t lose track of the information or where it is stored. You need to be sure that location is compliant with financial regulations.
If you’ve ever “replied all” when you meant to send to one person, you know how easy it is to mistake sharing privileges. You may intend to share only data with a client, yet you send it out with permissions where everyone can see it. Major oops!
Accountants can prevent, detect, and react effectively to these less common attacks. Don’t be complacent. Thinking it won’t happen to your firm can lead to disaster.
Partner with a managed service provider (MSP) to enhance your user activity monitoring and access management practices. These IT experts can set up alerts and incident response plans, too. Avoid the worst happening to your business. Be proactive.