Accounting Firms Fall Victim to Cyberattacks: Lessons Learned
It’s a story we’ve heard too many times: an accounting firm falls victim to a cyberattack, costing the firm its reputation, clients, and of course, money. Unfortunately, experts warn cyberattacks are not slowing down. In fact, criminals continue to get more sophisticated with time. Below we share two examples of accounting firms that experienced cyberattacks. Their stories emphasize the importance of following key cybersecurity best practices around employee training and access controls.
Human Error Cost Accounting Firm $84,000
When an employee at a small accounting firm opened an email attachment – which they believed was an invoice – they became victim to a ransomware attack. While the email and its attachment appeared normal, the document contained CryptoLocker, a ransomware virus that immediately encrypted the data on the computer’s network.
Within minutes, all the computers on the network – so all the computers associated with the accounting firm – froze. A message demanding $8,000 in Bitcoin was displayed on the screens, with the added threat that the criminals would increase the fee to $1,200 per day until the accounting firm paid the ransom.
The small accounting firm spent nearly $84,000 to recover from this ransomware attack. The firm had to pay the ransom fees, and costs associated with business interruption, notifying their customers and suppliers, and rebuilding their computer systems. One of the biggest takeaways from this attack: It’s critical that everyone involved in your practice — yes, that means full-time, part-time, and seasonal employees, as well as contractors and vendors — understand cybersecurity risks and their responsibilities in protecting data. After all, you’re only as strong as your weakest link.
A “Big Four” Accounting Firm Unknowingly Compromised for Months
Experts warn you should expect criminals to try to hack into your systems. This attack on Deloitte – one of the world’s “big 4” firms – proves that it doesn’t matter how big or small your company is: We’re all susceptible to attacks, and no company is 100% perfect at stopping criminals.
The attack allegedly went unnoticed for months. It started when a hacker accessed the company’s global email server through an “administrator’s account,” which reports claimed didn’t require two-factor authentication. The hackers potentially had access to usernames and passwords and some email attachments containing sensitive information.
It’s a hard but valuable lesson to learn. Don’t underestimate the importance of following cybersecurity best practices like two-factor authentication.
Keep Your Data Safe on the Cloud
Protecting your clients’ data from cyber-attacks is crucial to maintaining your reputation, retaining your customers, and avoiding costly downtime due to breaches. “We need to ensure that we are handling all of our client data in a way that meets all regulations while giving ourselves and our clients peace of mind,” advises Robin Johnson, owner of TaxAssist Accountants Norwich North.
Johnson’s firm – among 30,000 other businesses – use SmartVault’s cloud-based document management system to securely store, collect, manage, and collaborate on documents online. The cloud is the most secure place to store your data for numerous reasons. Find out why in this free guide: Moving to the Cloud is Right for Your Firm. Here’s How to Get There.
To learn more about SmartVault, schedule a demo today.