Protecting your firm from cyber threats

20 Aug 2019

Research carried out by the Federation of Small Businesses (FSB) recently revealed that cyber-attacks on UK firms cost £4.5 billion per year. One in five small businesses suffered a cyber-attack between January 2017 and January 2019, with a total of seven million attacks taking place over the two-year period. With this in mind, we consider ways in which you can help protect your accountancy firm from debilitating cyber-attacks.

Handling the risks posed by cyber threats

Accountancy firms must put measures into place to help mitigate the risks posed by cyber threats. Alongside motivation and capability, criminals need an opportunity to launch a cyber-attack on a firm. It is vital to identify any vulnerabilities in your firm's systems and take steps to strengthen them: this could help to dissuade attackers from targeting your business.

Utilising effective security controls

Accountants have a range of tools available to them to help build a robust cyber security action plan. Firms can establish network perimeter defences by installing boundary firewalls, such as web filtering, web proxy and content checking.

Meanwhile, effective firewall policies help to detect and block harmful downloads; prevent access to malicious domains; and safeguard firms' devices from communicating directly with the internet.

Accountancy firms should ensure that all software is kept up-to-date. Tech companies regularly release so-called 'patches' in their software updates – these are designed to protect devices against known vulnerabilities and malware.

Using malware protection

Accountancy firms are advised to make use of impenetrable malware protection. The most common sources of malware include email attachments, downloads and the installation of unauthorised software.

The best antivirus packages protect businesses from viruses, spyware, ransomware and rogue botnet software. In order to detect and disable malware before it has chance to do serious harm, anti-malware defences should be implemented throughout your business. Accountancy firms are encouraged to adopt the practice known as 'whitelisting' – approving and using only software you know to be trustworthy.

Controlling user privileges

Businesses are advised to limit the number of 'privileged' employee accounts they generate. Special access privileges should ideally be granted to employees in senior roles, in order to help protect against system misuse and unauthorised access to restricted files and databases. If staff members are given unnecessary user privileges, the consequences of misuse could be very costly.

Managers should consider what level of access an employee requires to perform their job successfully. Accountants may wish to create stringent user security policies and communicate these with their employees. Establishing such policies could help to prevent serious cyber security breaches and attacks.

Implementing a home and mobile working policy

With technology constantly evolving, our lives are becoming increasingly digital. However, remote working brings with it some significant cyber security concerns and challenges. Accountants should create risk-based policies that cover all types of mobile devices, as well as flexible working options.

Mobile working has many associated risks, including the loss or theft of a device; a worker being observed when using a mobile device in public; the potential loss of credentials; and the unauthorised penetration of a secure configuration.

Accountants can manage risks by generating an effective mobile working security policy, and making sure all employees adhere to it. Additionally, a sound mobile working security policy will help to determine how a mobile working device is acquired; outline the types of information that can be stored on company mobile devices; and suggest a process for granting employees permission to work offsite. A comprehensive policy also takes into account risks to a firm's corporate network from mobile devices, and sets out how remote connections are monitored.

In this blog post we have highlighted just a handful of steps accountancy firms can implement into their own business. Taking appropriate action sooner rather than later will help to safeguard your firm against cyber-attacks and cyber threats.

View more posts from our archive