Last month accountancy firm Deloitte confirmed that it had been a victim of a cyber attack that breached the company email system and has potentially compromised usernames, passwords, IP addresses, architectural diagrams for businesses and health information, and sensitive client information contained in email attachments.
The breach was discovered in March this year, but it is believed that the attackers had access to the company email system since October or November 2016.
If you work for a smaller accountancy firm, perhaps based in a market town in the UK rather than London or New York, you may be thinking that, “it won’t happen to us.” Cyber criminals go after the ‘big’ boys, the firms that can give them access to data on multinational businesses and the world’s billionaires.
Small Firms Are Easy Pickings
Unfortunately, you would be wrong. Cyber criminals or hackers are after easy pickings and that makes all businesses vulnerable. In fact, research by the Federation for Small Businesses (FSB) shows that two thirds of their members have been a victim of cyber crime; costing on average £3,000 per business. Government figures put the odds of a breach even higher, with 75% of SMEs reporting a breach in the last year, and in the worse cases it costs businesses between £75,000 and £310,000.
Self-employed accountants and accountancy firms are on the cyber criminal’s radar. Your business collects and stores highly desirable data and information on your clients. You may not have many multinationals and billionaires on your books, but you will have many individual clients and companies (and their employees) who collectively could make a cyber criminal very wealthy.
While it is always shocking when a well known brand is successfully attacked – we imagine that they will have highly sophisticated cyber security tools in place – it demonstrates how easy it can be to gain access to a company’s systems and data. Many breaches are down to human error, such as opening an attachment in an email or poor password hygiene. While it is not known exactly how the hackers breached Deloitte they were able to access data through an ‘administrator’s account’ and that was only protected by a single password, not two-factor authentication.
That’s why smaller firms are also targets. It’s unlikely your business will have the cyber security tools that Deloitte had at their disposal, or cyber security experts within your team (Deloitte has a ‘CyberIntelligence Centre’). If Deloitte can be breached, how easy is it to breach your firm?
Could Your Firm Recover From A Breach?
As we have seen over the years, data breaches and cyber attacks may wound a large enterprise but generally they do recover. That’s because they have the resources to put remediation plans into action quickly, including rebuilding their damaged reputation after a breach.
However, SMEs in the financial services sector don’t always have this resilience. Clients lose confidence in you and your operations, and question whether they can trust your business with confidential data and financial information. Prospects will also question whether it’s wise to use the services of company who has been a victim of an attack, and instead go to the competition. The cost of remediation, including fines which are set to rise dramatically with the introduction of GDPR next year, and the cost of downtime as a result of a breach, can damage some businesses terminally.
Fortunately, you can protect your business and minimise the impact if an attack does happen. With the right cyber security tools; robust policies for prevention, incident management and disaster recovery; and training and awareness strategies to ensure that everyone in your businesses is proactively protecting its assets, you can do something about it.
As a starting point if your business is in London or Surrey you can join us for a free cyber security workshop. We run regular discovery workshops for business leaders to help them understand the threat landscape and identify where their businesses are vulnerable to attack.