4 Ways You're Making Your Accounting Firm Vulnerable to a Cyberattack

One of the most effective ways to safeguard data is to recognize how you and your staff are putting it at risk.  

Cybersecurity is ultimately about the people and the decisions they make. How often have you opened an attachment without looking at the email first or postponed a system update because it’s not the right time?  

Decisions like these and the ones below may seem minor – mostly because you can make them quickly and without much thought – but they put your firm at greater risk.  

1. Avoiding System Updates  

Too many people put themselves at risk by ignoring software updates. “Take Microsoft Windows, for example. Over 10% of global Windows computers are running unsupported operating systems. This means no updates to protect [them] from new, malicious attacks like ransomware, viruses, [or] cryptomining, [and] no fixes for incompatible software,” Patrick Schreiner, a business cybersecurity risk advisor at one of America’s Big Three Index Fund Managers, explains.  

Ten-percent may seem small, but over 1.4 billion devices are running Windows today. That means an astonishing 1.4 million people are putting themselves and their data at greater risk for cyberattacks.  

2. Not Training Staff  

Schreiner warns that cyberattacks frequently start when someone clicks a malicious link in an email or downloads an attachment. Remind your team members to examine things like emails carefully. And while people are the weakest link, they’re also the strongest – as long as they know how to report concerns. 

“Reporting a suspicious email to your IT department may alert them to remove it from other colleagues’ inboxes, help update their spam filters, and learn the tactics of attackers,” Schriener says.  

3. Not Following Simple Best Practices  

Make good security hygiene a regular part of your routine. Use strong, long, complex passwords in addition to multi-factor authentication (or MFA).  

“MFA in general is a really easy win for a lot of people… [because it can] prevent bad actors from accessing your accounts even if they have your password,” says Schreiner. You should also protect yourself against malware by installing recognized, commercial antivirus software.  

4. Using Email to Share Sensitive Data  

Email is one of the most common and riskiest tools used in businesses today. Many of the documents that accountants require for tax returns include at least one data point that should never be sent via email. Form W-2, for example, has the person’s name, Social Security number, address, income, and more. This gives criminals exactly what they need to steal identities or make money selling the information to other criminals. 

Continue Learning About Cybersecurity for Accounting Firms

It’s difficult to protect your data when you don’t understand how you’re putting it at risk in the first place. Download this brief whitepaper, Are You Making Your Firm Vulnerable to Cyberattacks?, to learn: why hackers love to target firms like yours, how to meet your clients’ expectations around data security, and the warnings that you’ve been hacked.