I talk to lots of bookkeeping professionals who worry about many different things: their families, the success of their business, the well-being of their team, and even the general state of the economy. If you’re looking for a stress-free job, leading an accounting firm may not be the best path forward!
Not enough firm owners worry about the security of their data—especially in an age when so many accounting and bookkeeping firms do their work by transmitting information digitally. Cybersecurity breaches are harder to control but can still be extremely costly to a business.
Your firm is especially at risk if you’re running a small to medium-sized business (typically defined as one that employs under 500 people). According to stats from the National Cybersecurity Institute, about half of all small-to-medium-sized businesses have experienced a cybersecurity attack, and more than 60% of those attacked have been forced out of business.
Fortunately, the right preparation methods can prevent these types of critical security failures. The first step is understanding the most common kinds of security breaches and how to prevent them.
Despite the fact that most people have had to create accounts and passwords for many years, security breaches due to guessable passwords are still quite common. According to data by LastPass, over 80% of all confirmed breaches happened due to stolen, weak, or reused passwords.
To prevent this situation, be sure to have guidelines in place for how your team should set passwords and how frequently they should change them. It can also be helpful to set up automated reminders that encourage your staff to set a new password every two to four weeks.
This kind of breach happens when a malicious party physically accesses a place or device. The classic example is someone stealing a USB thumb drive to access sensitive information, but a physical breach could also include someone watching over an employee’s shoulder while they enter their password.
In other cases, a physical data breach can happen because of employee lapses. In 2010, Apple created a major news story when an engineer accidentally left a prototype for the unreleased iPhone 4 at a German beer bar in San Francisco.
These kinds of breaches are tougher to stop since you or your staff may not even realize they are happening. However, you can train your team to stay vigilant about physical cybersecurity vulnerabilities and instill best practices that help protect your devices and work locations, like always locking up their devices and their office when they leave for the day.
The frequency of emails that extract sensitive information like passwords and credit card numbers has increased dramatically in recent years. By some accounts, cybercriminals send 3.4 billion malicious emails every day.
Many of them incorporate an element of social engineering, which IBM defines as “attacks that manipulate people into sharing information that they shouldn’t share,” or deceive them into committing other, similar missteps.
This kind of attack usually involves a malicious party pretending to be a new business partner or client. Sometimes, they will impersonate an official organization, such as your email service provider or a social media network like Facebook or LinkedIn. Whatever the exact method, the goal is to get victims to divulge sensitive account information or visit malicious links that can harm their computer.
There are a few basic elements to reinforce with your team to ensure they avoid these kinds of emails. Always check the sender of an email that seems suspicious and read the text closely.
Hackers sometimes set up clever domains to mimic legitimate organizations, like “microsoftsupport1.com.” Also, you and your employees should never click on links received in an email from an unknown sender unless you can verify that they are legitimate.
Phishing emails often go hand-in-hand with another common cybersecurity risk: malware. Malware (short for “malicious software”) can be downloaded from an email attachment or a dangerous website. Once the malicious files are installed, they can do lots of harmful things, from logging keystrokes to tracking user activity.
A more recent twist on this kind of attack is ransomware, which involves a specific kind of malicious program that locks a computer until the victim pays a set amount of money—typically in cryptocurrency, so it’s more difficult to track.
To protect your firm from a malware security breach, ensure your staff knows never to download any files that aren’t officially approved by your IT team. It’s also a good idea to use secure file sharing platforms and set up anti-virus tools that can eliminate these files if they do get downloaded onto your team’s devices or, worse, your company-wide network.
No matter how prepared you are for a security breach, your firm will likely face one at some point. Your firm’s collective level of preparation and training will determine how serious an impact the breach has on your business.
If your employees are trained properly on identifying and reporting security breaches and you have the right software protections in place, you can mitigate the negative effects of a cybersecurity issue before they snowball into a more significant disaster.
Choosing the proper accounting practice management software suite will also help you safeguard sensitive data and minimize the chance of a breach at traditional vulnerability points like client file transfers and payment processing.
Sponsored Content: This article is generously brought to you by one of our valued sponsors. Their support enables us to continue delivering expert insights and the latest industry trends to our dedicated community of accounting professionals.