Contact us
Accountants

Cybersecurity for accounting firms: What are the biggest concerns?

Cybersecurity for accounting firms often comes under threat from cybercriminals for a variety of reasons. Not only do they hold a high volume of valuable personally identifiable information and financial data, those with a more traditional organisational structure may be less likely to have proper defences against cyberattacks.

How would Malaysian accounting firms approach this critical business need? Read on to get the low down on the biggest concerns in cybersecurity for accounting firms, and what you can do to protect yourself.

The Access Blog

Posted 29/03/2023

Image of finance data over employee working on laptop

Primarily, to deter from rising threats against your accounting firm, staff, and clients, it is important to know where those dangers are coming from and what methods cyber-criminals are now deploying to breach your firm’s digital defenses.

If you've heard of phrases like data theft, malware, ransomware, and phishing before, but don't know what they all mean or how to identify potential threats to your business and your data, then this article is for you.

Why is cybersecurity important for accountants?

One of the most attractive prime targets for cyber criminals is accounting practices.

According to CrowdStrike, a leading cyber security company based in the US, the attraction of accounting firms is due to them hold vast amounts of sensitive financial and personal information about clients. This often includes bank account information, financial records, tax identification numbers, payroll information, and investment data. It’s not hard to see why these practices are a prime target for cyber-attacks.

Based on the recently released Malaysia Cyber Security Strategy 2020-2024 report, current and new cybersecurity threats have the potential to cause up to RM51 billion in economic losses.

The report also shared specific take-aways that accountants need to be aware of:

  • Intrusion and malicious software (malware) are still at all-time highs, meaning employees are unaware of the potential danger they possess when working from their own devices
  • Telecommunication, e-commerce, and e-financial frauds are the most prevalent, with these three areas of fraud accounting for almost 10,000 cases collectively up to end of 2021
  • According to the Digital Crimes Unit of Microsoft Asia, an average of 720 people fall prey to cyber criminals every minute across the globe, which translates to more than 1 million victims every day

Today’s cyber criminals are more motivated due to the important information that accounting practices around Malaysia are managing and processing.

What is data theft?

This is where your accounting practice data is breached and can potentially lead to the theft of sensitive materials and private client data. That’s a sure-fire way to lose business.

According to Techrepublic, the theft of sensitive materials and client information can cost accounting firms around trillions of dollars, globally, every year.

The theft of data has the potential to put accounting firms out of business, not to mention the sustained reputational damage from falling victim to theft of such valuable data.

What is malware and ransomware?

Malware is a piece of software that has been deliberately created to damage a victim’s device or take control of a network. It comes in a variety of forms, from general computer viruses through to Trojan attacks and even spyware and adware. One of the latest examples of a data breach via malware is the recent Malaysian civil servant payslip data theft.

One of the most devastating forms of malware, however, is ransomware, particularly for businesses, such as accounting firms that have a wealth of data they need to protect.

When deployed successfully, ransomware takes sensitive data hostage by encrypting it and blocking the victim’s access to it.  The attacker will then demand payment in exchange for the return of the stolen data. 

Primarily, the problem is that in many cases, even victims who pay the ransom never gain access to their data again.

The most worrying part for accounting firms, as highlighted by Accenture Security in its recent report, is that ransomware attacks have tripled in frequency over the last few years. For Malaysia, ransomware attacks have grown by 16% year-on-year in 2022. This, according to a statement from Trend Micro, had been recorded from a total of 555 million attacks being blocked.

What is phishing?

Due to a lack of education around cybersecurity threats, coupled with its ease-of-deployment, phishing scams are running rampant across all sectors, including accounting. 

These attacks, which usually come in the form of an email, use freely available information – a firm’s name, specific individuals, and their roles in the company – to impersonate a valid institution, such as a bank. They then get the recipient to click on a link to a malicious site or download a seemingly innocent file that turns out to be malware.

Cybersecurity attacks are growing and this is now a significant issue for Malaysia. Based on the statistics from Cyber Security Malaysia (CSM), the country reported 4,741 cases of cyber threats last year, while already by February 2023, 456 fraud cases have been recorded.

Income tax filing scams are still trending right now and both Malaysia’s Inland Revenue Board and the National Scam Response Centre have ongoing efforts to drive awareness which is a key preventative measure.

Tax scams have been a staple for cyber criminals for many years, most commonly known as robo-calls. But the increasing shift to digital platforms and ways of doing business means even more people, and organisations, are at risk.

How do cyberthreats affect accounting firms?

The risks and associated exposures of a cyberattack on an accounting firm can be devastating. Not only can a data breach lead to reputational damage and costly first and third-party losses, but there’s also the fallout that the public eye rarely sees – the damage it wreaks inside the accounting firm.

Below are a few examples of cybersecurity fallout:

  • Direct loss of turnover
  • Increased staff churn
  • Customers fleeing to more secure competitors
  • Management spending their time on tasks that aren’t profit-generating
  • Clean-up costs
  • Change in customer perception
  • Reduced competitiveness

Investing in cybersecurity for accounting firms

Now that you’re aware of the cyber threats facing accounting firms, it’s a good idea to form a strategy about how to protect your interests, your clients and your accountants.

Investing in cybersecurity often needs to occur both internally and externally.

Internally, you’ll want to ensure you have sufficient IT controls, strong access controls, all the critical paperwork – like incident response plans, and relevant insurance, such as business or cybersecurity insurance.

Externally, especially for small firms without internal IT resources, enlisting outside help can illuminate your accounting practice’s specific cybersecurity needs.

A provider can then deploy the necessary resources, such as cybersecurity software, hardware, critical infrastructure, and data recovery capabilities, to keep your clients’ data secure.

How can I protect my accounting practice from cyber attacks?

Cyber threats aren’t going away – on the contrary, their frequency is increasing, along with the severity of attacks on susceptible industries, such as accounting.

With the cost of not investing in cybersecurity having the potential to bring a business to its knees, today is the day to start formulating a plan for the future. Accounting firms with their sights set on tomorrow, must embrace cybersecurity tools and accounting practice management software, to keep their data safe from the wrong hands.

Our accounting practice management software has been built with accountants' security in mind, so why not talk to a specialist to find out how we can help your firm today. 

The importance of data safety when working remotely

If you or your accounting practice staff are working from home, you must take care to protect your firm from risks to cybersecurity that may occur within a home office environment.

All it takes is one click on a link or attachment from a phishing email to infect and compromise an employee’s personal device and data. And if they’re connected to your network, it could very likely impact your critical business data too. 

Providing your employees with guidance on keeping their data secure while working from home is imperative for ensuring the security of your valuable business and customer data. 

Educate your employees now about how to work from home safely

Download our employee checklist for a detailed look at how you and your accounting team can keep your data protected from potential cybersecurity threats.

Check out other relevant articles on accounting and discover how The Access Group can help improve and optimise your business processes and data protection functions.