Safeguarding Your Accountancy Firm by Michael Rooney
A cyber breach can have far-reaching and severe consequences, such as the theft of sensitive data, financial loss, damage to reputation, and legal and regulatory ramifications.
Accounting firms are far from immune from such attacks. In fact, to the contrary, accountancy firms are a rich target for hackers because of the types of information they handle. Beyond the normal personally identifiable information (PII) that they store for clients and employees, firms also handle sensitive information dealing with financial transactions, payroll information and sensitive business information.
Without a good cyber security strategy, firms can suffer serious costs, including remediation of the security breach, reputation damage, and data privacy compliance penalties.
The steps you take after a breach can either increase or reduce the impact. Not having a cyber security response plan can lead to increased ramifications and costs due to a delayed reaction.
At a recent webinar we conducted a poll and asked two key questions of the accountancy firms attending, the results were:
- Have experienced a phishing attempt/attack – 73% said yes.
- Are you confident you know what to do in a cyber-attack – 70% said no.
In our experience working with professional services firms, we anticipate that the percentage of firms who have experienced a phishing attempt/attack to be closer to 100%, it’s concerning that firms are not aware of the threats facing them.
Below we’ll discuss the vital steps that your accountancy firm should take immediately following the discovery of a data breach, ransomware incident, or another cyber-attack.
(Cyber as a Service)
Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files through the use of encryption.
As soon as you discover that a breach has occurred, you should disconnect the infected device(s) from your network to try to contain the spread. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections and other systems including syncing cloud services.
You don’t necessarily want to shut off the device’s power until you have spoken to a trusted IT security professional.
2. Have a Professional Assess the Damage
Don’t try to deal with a cyber breach yourself. Unfortunately, people can make things worse if they do things like try to go online to download some free virus scanning tool (that could actually be a malware trap). Also, Attackers will always leave a backdoor open allowing them re-entry onto the firm’s systems. It is crucial the attack is treated and remediated appropriately.
Instead, once your machine has been isolated, contact a trusted IT Security Expert that can come and assess the damage and provide guidance. We have expertise and years of experience dealing with all types of data breaches and malware infections. This allows us to assess the issue and formulate a remediation strategy as fast as possible.
3. Remediate the Infection
Remediation of the infection is next. You don’t want more of your client files being stolen while you are dealing with the fallout. Once the breach is assessed, your IT Security Expert will begin remediating the breach to secure your network.
4. Determine Whether Client Data Was Breached
Find out what type of data was compromised. Did the attacker gain access to a client database with names, addresses, phone numbers, client files or personal information.
This is not usually a pleasant task to determine the extent of the breach, all information held is sensitive so it’s important to identify and notify impacted clients or third parties.
5. Contact GNCCB and The Data Protection Commission
Not every business will contact Garda National Cyber Crime Bureau (GNCCB) enforcement when hit with a data breach, even though they would not think twice about doing so if this was a physical break-in. But data breaches are break-ins too and should be reported within 72 hours to the Data Protection Commission.
This helps create a record for potential insurance claims, assists in tracking the breach, and demonstrates responsible action by your firm.
Reporting the incident has benefits:
- You have a record of the incident for any potential insurance claims.
- Garda National Cyber Crime Bureau (GNCCB) can track the breach, which may connect to others that have been reported.
- Your report can be referred to in data privacy compliance reports and shows responsibility on the part of your organisation.
6. Carry Out a Notification Plan According to Data Privacy Requirements
You will need to review the data privacy regulations that your firm is subject to, such as GDPR, and make notifications to third parties according to their guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your firm by those you need to contact.
7. Improve Defences to Stop Future Breaches
After addressing the immediate priorities mentioned earlier, the next crucial step involves fortifying your defenses to prevent any future attacks. The most effective step is to conduct a comprehensive Cyber Security Audit, so you understand your firm’s true unbiased position.
We recommend all firms at a minimum should understand their vulnerabilities by having a Cyber Security Audit conducted.
1. Cyber Security Audit –
During a Cyber Security Audit, we proactively search for and identify credible cyber threats to help firms discover and remediate potential risks. Our team undertakes a systematic evaluation of your information systems, processes, and controls to identify vulnerabilities, assess risks, and ensure compliance with security policies and regulations. The purpose of a security audit is to determine the effectiveness of the firm’s security measures and to provide recommendations for improvement. A Cyber Audit can be carried out fully remotely.
2. Cyber Remediation Process –
A key deliverable from the Cyber Security Audit is a report detailing the findings, including any identified vulnerabilities and non-compliance issues. The Remediation Process involves taking appropriate actions to mitigate the identified risks and strengthen the business’s security posture. This can include us carrying out the remediation, managing the process or overseeing the process that is being carried out by the existing IT Partner.
3. Cyber Management –
Ongoing monitoring of your firms Cyber Security is wise. This provides firms access to a wide range of Cyber Security solutions and expertise. This service allows clients to choose the specific Cyber Security Services they need based on the result of the audit. It provides the flexibility to scale up or down as needed, depending on changes in the firms size, operations, or threat landscape.
Don’t wait until you’ve had a breach to have your security posture assessed.
Managing Director, FutureRange