Since the beginning of 2021, there has been a 102% increase in ransomware attacks compared to the beginning of last year according to cyber security firm Check Point Software. Unfortunately, small and medium-sized accounting firms are a primary target for these attacks given their lack of sophisticated security infrastructure.
Given this reality, it’s critical that every employee in your firm is educated about these security threats and how they can be prevented. This article will cover some of the most common security mistakes accounting firms make and some helpful solutions to solve them.
1. Using weak or insecure wireless networks
The first thing you should do to improve the security of your wireless network is to change the default administrative password to something complex and unique. Second, change the name of your wireless network so that it is not personally identifiable. Your network name, or SSID should not be named after your firm’s business. Also, be sure to use WPA-2, or Wi-Fi Protected Access 2, with Advanced Encryption Standard (AES) enabled. Your firm should not be using WEP, which is easy to hack. Lastly, use a VPN when accessing confidential information over public Wi-Fi outside of the office.
2. Poor or inconsistent approach to terminated employees
When terminating employees, it’s crucial that you deactivate their accounts immediately. All passwords and usernames should be deactivated from all apps and platforms to prevent customer information from being stolen. Have a structured off-boarding checklist to prevent cyber attackers from finding loopholes in your firm’s security. Be sure to backup and save any information from former employee accounts before deleting them.
3. Running outdated or unpatched software
Running software that is outdated, or worse, unpatched is a recipe for disaster. Unpatched software means that the program has vulnerabilities that the manufacturer is aware of and has released an update for, but that update has not been installed yet. Keeping software up to date requires vigilance and consistency. A security breach can affect even the latest software so it is important to regularly check for software updates which will patch these security holes.
4. Haphazard backups
Daily cloud backups are the standard for all accounting firms, and they should include all your business data and ideally images of your computer's hard drives to speed recovery in the event of a ransomware attack. Routine backups ensure that your files will not be inaccessible in case of a ransomware attack, natural disaster, hardware failure, or theft. The easiest way to backup your firm’s data is in the cloud which provides security, encryption, and can be fully automated. You can augment a cloud backup with a local backup which can decrease the time to recovery in the event of a catastrophic data loss event.
5. Allowing employees to put company and client information on their own personal devices
Employees should never have company and client information on their personal computers or other devices that are not company-owned and company-managed. A common misconception is that mobile devices are not susceptible to ransomware attacks, but this is far from true. In fact, in the year 2020, over 4.2 million Americans were victims of a mobile ransomware attack (Kasperky, 2020). It only takes one click on a hazardous link for attackers to access information that they shouldn’t have. It might seem expensive to provide and manage devices for your employees, but it will cost a lot less than a security breach. Plus, you can have these devices returned when an employee leaves reducing the likelihood of residual data being leaked.