According Verizon’s 2020 data breach statistics by industry, financial firms had even more data security incidents reported (1,509) than the healthcare industry (798), which has traditionally been a popular victim of ransomware and other cyberattacks..
This shows a trend towards accounting firms, banks, and others in the financial industry becoming larger targets for online crime.
Due to the sensitive financial data that accountants and tax preparers collect, transmit, and store every day, they’re particularly at risk of having that data stolen.
71% of data breaches reported in 2019 were financially motivated.
IT security is one of the most important parts of any accounting firm’s technology infrastructure and it should include protections from a variety of threats that can impact:
- Networks
- Computers
- Cloud stored files
- Mobile devices
- Remote workers
- IoT devices
Beyond the standard best practices that include anti-malware, patch management, and firewalls, knowing which threats to watch out for is also important.
If you know that cyberthreats are coming, then you can be properly prepared.
Cyberthreats to Prepare Your Accounting Firm for in the Coming Months
There are certain threats that remain dangerous year after year and those that are new attacks on the upswing. We’ve taken a look at the threat landscape for accounting firms in Treasure Valley and the rest of the country and following are the biggest cybersecurity dangers to be on the lookout for in the coming months.
Insider Threats
In the past two years, the number of insider security incidents has increased 47%, and there are about 2,500 internal security breaches a day experienced by US companies.
Internally caused security breaches typically materialize in three different forms:
- User errors
- Malicious user intent
- Compromised login credentials
Each of these types of insider threats require a different approach when it comes to protecting against them.
For user error, you would want to improve your employee cybersecurity training and safeguards like anti-phishing protection.
For malicious user intent, you would want to have solid document security and user authentication controls in place.
To protect against compromised credentials, multi-factor authentication should be in place.
Email / Data in Transit Breaches
Many accounting firms use email as a way to communicate and send files back and forth with clients. While they may have solid security for data “at rest” (i.e. in a cloud storage app or on a server), data can also be compromised “in transit” when sent over unsecure email.
Email encryption and security policies that can prevent emails from being forwarded can help protect data in transit from being compromised.
Remote Data Access Incidents
Due to the coronavirus pandemic, more accountants and their teams are working from home than ever before. This often means logging in remotely to a server or workstation at the office to access files, which can leave an open door for hackers.
28% of data breaches are the result of weak remote access security.
Accounting firms need to ensure they are using strong security when enabling remote access to files, such as designating approved users that can connect to a specific resource.
Email Spoofing
One issue that accounting firms can face can be particularly dangerous to their clients. If a phishing attacker sends out emails to an accounting firm’s clients and spoof’s the firm’s email address as the sender, this can lead to multiple clients having security breaches.
While this isn’t a direct breach of your firm’s files, you can end up losing customers simply because your email address was spoofed.
Protections against this include adding email authentication to your mail server with SPF, DKIM, and DMARC.
Phishing Attacks
Phishing is one of the top threats each and every year because it’s so prevalent and is the number one cause of data breaches.
Phishing ploys are always changing, so one type of phishing may be a danger one year, and an entirely new set of scams are seen the next.
Currently, due to the pandemic, there are multiple phishing scams tied to the virus, which include:
- Spoofs of the CDC and WHO websites
- Emails purporting to provide new “company infectious disease policies”
- Maps of “outbreaks in your area”
- Warnings that your email account will be deleted due to COVID security measures
Mobile Device Breaches
Every year more of the office workload is transferred from desktop computers to mobile devices. The ease of use, accessibility, and the continued sophistication of mobile apps are all contributing factors.
But mobile devices are often well behind when it comes to cybersecurity, malware protection, and device management. Mobile devices are also often attacked due to the rise in mobile payment tools and online banking apps.
Mobile devices used for work should be protected by using a mobile device manager that can do things like:
- Track device access to business data
- Grant or revoke access remotely
- Lock or wipe a lost or stolen device
- Push through security updates automatically
- Enforce companywide security policies
Is Your Technology Infrastructure Fully Protected?
Connect2Geek specializes in helping accounting firms with the strong and diverse cybersecurity protections they need to keep their networks and data safe.
Schedule a free security consultation today! Call 208-468-4323 or reach out online.