If you are an accountant, you’ve either been hacked and you know about it – or you’ve been hacked and don’t know it!
Either way, it’s inevitable, and it’s a huge threat that could destroy your business….or at the very least give you a bad day/week/month/year.
Here at Pro Drive, we’ve put together a list of what some of your peers are saying and why you shouldn’t be saying it too:
1. We don’t need protection as we have never had a data loss or breach
This is the cyber security equivalent of, “I’ve never had a car crash so I don’t wear a seatbelt!” – Just because it hasn’t happened yet, doesn’t mean it won’t happen in the future, and it’s much smarter to be prepared and ahead of the game.
2. Our email is already secure enough
Unless you have actively implemented advanced email protection systems and your staff always follow best practice, you are vulnerable.
In fact, the truth is that even if you take the necessary precautions you are still vulnerable…but just less so!
3. Of course we are fully protected, our IT guys sort all that out
There will be times when this is true… and there will also be times when it’s not.
Most cyber crime involves some form of social engineering, which has been defined as “the clever manipulation of the natural human tendency to trust.” It relies on a user to be caught unaware – e.g. by clicking on a link that looks genuine.
It seems a bit unfair to expect your IT guy to compensate for the failings of human nature doesn’t it?
4. If we implement security for our customers they will go elsewhere
This isn’t something we’ve ever heard of happening; simply put, implementing security that protects your customers only demonstrates that you are thinking about their security as well as yours. How could this ever be a bad thing?
If a hacker does manage to get their hands on your client’s sensitive data or their money, then that client is no longer likely to be doing business with your firm.
5. We have added a disclaimer to our emails
This won’t stop you from being hacked, and it certainly won’t stop you from losing your clients if their data is stolen.
6. We are insured, so it doesn’t matter
No two cyber policies are the same and they rarely cover all eventualities, which unfortunately means they range from being useful to, to being completely useless.
If you lose your best customer as a result of a cyber attack, the fact is that your policy is unlikely to cover that loss; ultimately, spending your money on technology, refining internal processes and awareness training is a much better idea.
7. Nobody is interested in our data
Everybody has data that is valuable to a cyber criminal. Accountants have all sorts of sensitive client information, and it could be catastrophic if a cyber criminal got their hands on this. And more importantly, many cyber attacks are indiscriminate, which makes this point entirely redundant.
8. Our board won’t spend the money
At the end of the day, cyber crime has only become a serious threat in a number of years. Meaning that the people at the top didn’t have to worry about this until relatively recently.
However, by failing to act and not investing in cyber security, you are committing self sabotage on a large scale and potentially an act of gross negligence that could cost you your job or even ruin your firm.
The list of mistakes and misconceptions around accountants and cyber crime is actually far longer, but ultimately there is a common theme here; the biggest dangers are a failure to assess the risk and a failure to act upon it.
If you would like to learn how to protect your firm, join other accountancy professionals at my cyber crime workshop in London and Surrey or email me firstname.lastname@example.org