Cybersecurity is a significant concern for accounting firms, as they hold a vast amount of sensitive financial data.
Last year, an alarming 39% of UK businesses fell victim to cyber attack, yet only 14% of small businesses have comprehensive measures in place to mitigate threats. These figures are concerning given the increasing sophistication of cyber crime methods.
For instance, with the widespread adoption of generative AI, cybercriminals can launch attacks on a large scale and analyse threat intelligence databases and repositories to create malware that’s more challenging to detect and defend against.
In this article, we will highlight five cyber threats accounting firms need to be aware of and offer tips on how you can optimise cybersecurity for accountants. We also introduce www.lupasafe.com , our INAA partner for cyber security to help identify and prioritise risks for you to take action.
Cybersecurity: Accounting risks and controls
Phishing/Vishing
Phishing attacks see criminals attempting to trick accounting professionals into revealing sensitive financial information and passwords by posing as legitimate entities via email and other messaging services. Vishing is a portmanteau of ‘voice phishing’ and refers to criminals spoofing phone numbers, and sometimes using AI to generate ‘deepfake’ voice recordings of people the victim trusts to request user credentials over the phone.
In the past year, phishing attacks have increased by 50%, and vishing attacks have risen by 554% due to the prevalence of phishing-as-a-service technologies available on the dark web. These services provide AI tools that can mimic a person’s voice and clone legitimate websites in seconds, lowering the barrier to entry for criminals who wish to exploit accounting firms.
Tips for combatting phishing/vishing accounting threats
Investing in third-party cybersecurity services or internal security professionals will help your accounting firm stay ahead of threat actors. Security teams deploy Endpoint Detection and Response (EDR) tools, monitor systems, mitigate threats, and stay up-to-date with the latest threat intelligence research to help you counter evolving threats.
Implementing multi-factor authentication (MFA) provides an extra layer of protection, stipulating users verify their identity multiple times before granting system access.
Business Email Compromise (BEC) attacks
BEC attacks involve threat actors sending fake emails or messages to dupe accounting professionals into handing over sensitive information.
Attackers can pose as supervisors, senior company leaders or vendors, sending seemingly genuine requests for business payments. BEC attacks are challenging to detect as attackers don’t necessarily need to send malicious links to meet their demands. For example, a criminal posing as a company’s CEO can email an accountant asking them to transfer funds to the attacker’s account.
Tips for combatting BEC accounting threats
Investing in advanced cybersecurity tools can help filter out messages from threatening external sources.
However, educating employees on BEC threats is even more crucial, as traditional antivirus tools, spam filters and email safelisting systems are not always effective against social engineering techniques.
Often, criminals create a sense of urgency in their messages or prey on the victim’s willingness to please authority figures, causing them to drop their guard and accept the request. Therefore, informing your accounting teams on unusual, high-priority requests is crucial.
Malware/ransomware
Malware is a broad term that refers to malicious software capable of damaging, disrupting and gaining unauthorised access to IT systems.
Ransomware is malware that encrypts an accounting firm’s data and demands a ransom payment in exchange for the decryption key.
Attackers will scan a company’s IT systems to find vulnerabilities it can exploit to access the company information and install the malware. Alternatively, they will use social engineering techniques to encourage users to click malicious links to grant them access.
Thanks to the prevalence of remote work, accounting firms without secured IT infrastructure can often fall victim to malware attacks if they, for example, allow accountants to access sensitive data from personal devices or use weak passwords to protect systems.
Tips for combatting malware accounting threats
As with the previous cyber attack methods mentioned, training teams to be cautious of clicking links is vital. Likewise, investing in the latest cybersecurity tools will help you safeguard your digital estate.
In addition, ensuring that your processes are up-to-date with the latest financial compliance regulations will also go a long way in helping you bolster your data protection capabilities.
INAA partner for cyber security
Lupasafe is our INAA partner for cyber security, audit and compliance. Lupasafe’s platform provides visibility across your people, technology and processes to identify and prioritise all your cyber risks for people, passwords, software, networks, or devices. Lupasafe also provides phishing training and testing – 90% of cyber attacks start with phishing, and Lupasafe can help reduce the volume of people sharing information from up to 40%.
INAA members take action with Lupasafe
Schuiteman Accountants and Advisors in the Netherlands use Lupasafe to support their security and client risk audit. Lupasafe provide a clear overview of prioritised risks and actions. At Sobell Rhodes in the United Kingdom Lupasafe provides continuous monitoring for the team, devices, and network security, as well as phishing training and testing.
Questions about Lupasafe? See https://lupasafe.com or email the team at inaa@lupasafe.com
INAA empowers accounting firms to safeguard against risks
Here at the INAA, we provide a platform for accounting professionals worldwide to share their advice for protecting their businesses from evolving threats.
We’re here to empower you in all aspects of career and business development. So, if you want to learn more, become a member of the INAA today.