If we were to ask you to think about the roles and responsibilities of accounting and bookkeeping practitioners today, we’d hazard the guess that cyber security isn’t the first thing that comes to mind. If it comes to mind at all.
And why would it? Our business is in spreadsheets and tax submissions – cyberspace is a tech expert’s affair. Or so we thought.
At the Understanding the 3 Pillars of Cyber Security webinar, held on May 5, our general manager for ANZ, Stephen Watts, sat down with Practice Protect’s Head of Growth, Jon Melloy, to discuss the implications of cyber security for firms and team members. And while it may seem like a distant and deeply complex topic, it turns out that cyber security is both pertinent for us all and a fundamentally human issue.
Why you should ensure that you’re cyber-secure
Cyber security should always live in the back of an owner’s mind. That’s not to say it should cause restless nights, but rather be a simple consideration for all your day-to-day practices. Because, at the end of the day, your firm is a business like any other, and scamsters target indiscriminately. Moreover, your firm can also be a gateway into your clients’ business, meaning that hackers can – and have – used unsecured firms to hold whole networks to ransom, and to great effect.
Sure, it’s an alarming thought, but don’t feel overwhelmed. Apprehension tends to fuel inaction, and inaction is arguably the worst thing you could do as an owner. So, let’s get to grips with some of the threats and look at a few practical solutions that you could start capitalizing on from the get-go.
Cyber security is a human issue, not a technical one
You don’t need to talk to IT to start your cyber security journey, you just need to speak to your people. Most of today’s cyber breaches exploit carelessness and not security systems, as many of us have been led to believe. In fact, as of our webinar, 62% of all Practice Protect’s monitored attacks came as a result of staff and stakeholders not following simple online safety protocols.
Which is easier than you may think. For example, how many of these digital faux pas are you guilty of?
- Opening untrustworthy emails
- Forwarding emails from unverified accounts
- Reusing passwords across multiple platforms
- Using the same passwords for longer than 90 days
We’re not judging; we encourage you to use these missteps as a caveat for setting a new cyber standard with your staff.
Phishing scams unfortunately work
You’ve seen them before: “You’ve been awarded $X on your Amazon account for Y, please get in touch to claim before Z” etc. While these types of scams may seem fairly conspicuous, it’s important to remember that scamsters still use them because a few get through – and they are becoming harder to spot.
We’ve seen fraudulent emails circulate organisations – ostensibly from CEOs and management – issuing invoices for third-party accounts. Others can appear to come from reputable banks, organisations, or subscription services, thereby making even seemingly trustworthy sources a threat.
Stay alert and make doubly sure of every email’s true intention.
Hacks can come from anywhere
A particularly pertinent point in the new age of remote working: using unsecured laptops, computers, smartphones, and other devices can expose a company to the dangers of cyber breaches – especially if they’re also used by other family members with a penchant for downloading pirated media.
Today, cyber security needs to extend outside of the office.
Learn the three pillars
Protecting your digital borders is as much of a mindset adjustment as it is a procedural one. At TOA Global, we were fortunate enough to have the foresight to see cyber security as a must-have early on. So, in partnership with Practice Protect, we began to leverage three key pillars to greater cyber security for our business and those of our clients offshore. They are:
1. People
We start by outlining the red flags for everyone under the TOA Global umbrella. Our team is educated on the threats and consequences of today’s most prominent hacking strategies.
Staying vigilant stops breaches before they even happen, and it’s a crucial first step in ensuring the confidentiality of our business and the clients we serve.
2. Process
We also ensure that stringent practice guidelines exist for both in-office and at-home team members. These are designed to be straightforward to implement, and include password management practices, setting up secured working devices, and follow-up protocols. At TOA Global all staff take the extra security measure of locking away personal phones and other storage devices before entering their office space, plus we run a ‘clean desk’ policy where any sensitive information is stored out of sight.
This is crucial in a worst-case scenario event as many insurers require companies to follow strict guidelines in the event of losses incurred as a result of cyber breaching.
3. Technology
Lastly, we take the steps necessary to realise a watertight technical aspect for our business. Systems are kept securely locked and require various authenticators to access. Password management naturally comes into play here too, as well as secured devices, all to ensure the most monitored and controlled access to firm information possible.
We also run a popular data and cyber security short course through our learning arm, the Ab2 Institute of Accounting that covers the latest techniques in firm protection and awareness.
But let’s talk about you
Of course, the observations above only scratch the surface of the world of cyber security. If you share our reverence for it or are aware of the fact that your firm needs greater protection, we would strongly recommend that you check out the full recording of the Understanding the 3 Pillars of Cyber Security webinar.
Or get in touch with TOA Global if you’d like to take advantage of our existing security protocols in expediting an outsourcing solution for your accounting firm. We’re always eager to continue this conversation face-to-face.
And don’t forget to explore more from the cyber security experts at Practice Protect. They offer an extensive list of services and leading best practices that keep the hackers well within arm’s reach. Find them here.