Cybersecurity for Bookkeepers & Accountants

Apr 05, 2022

Accounting and Bookkeeping firms, and business owners, are prime targets for cyber crime, due to the high level of identification data and financial information we hold. 

It is imperative to treat cyber security  with utmost importance across your planning, strategic and operational functions. 

Even if you operate a small business, or don’t collect payment information, your company, your clients, and your employees could still be at risk. So, be aware of vulnerabilities in your system and take the steps to mitigate risks.

Conduct a Cyber Threat Assessment

Most business owners simply don’t know if they have enough cyber security – or the right solutions – to protect their digital assets.

A thorough threat assessment is the ideal first step to knowing precisely where and how your business may be vulnerable to cyber intruders.

Consider contracting a cyber security specialist to help you analyse your digital ecosystem and data storage practices, in order to identify weak areas and create a security action plan.

You may also want to be looking at a product like LastPass or Practice Protect.

Consider Going Cloud-based

The benefit of cloud-based systems is that they are updated and backed-up regularly. This means that security and antivirus software is kept up to date, and it will be easier to recover backups more easily if you do experience a security breach.

As with any service provider - it is important to fully understand the details of the contract and the services you will be provided. Seek the advice of a third party professional if you are unsure.

Install a Firewall and Anti-virus Software

Seems like a no brainer right! Though I have heard many a story where subscriptions were not renewed or the set-up was not completed correctly, resulting in vulnerabilities. Cyber attackers use highly sophisticated automated software to seek out and infiltrate poorly defended networks.

Ensure your business doesn’t get caught in their net, by installing a firewall that can control incoming and outgoing data and help prevent unauthorized access to your network.

Other practical steps you can take to protect yourself include:

  • Ensuring your anti-virus software is always up to date.
  • Updating your browser and applications like Java and Flash to the latest version.
  • Protecting your WiFi by making it invisible to outsiders, encrypted and secure.

Educate You Employees

The unfortunate truth is that human error is one of the portholes through which hackers can attack your business. Employees are constantly hooked up to your network, whether that’s through email, company-provided computers, or working from home.

Make sure you have security protocols for accessing your network, and ensure your employees are aware of them. Keep a checklist handy that your employees—and anyone who accesses your network—can access. Regularly update your policies to reflect the new techniques cybercriminals develop. Train your staff on how to spot suspicious looking emails and what to do if they are unsure about an email.

Here are some questions to ask:

  • Are there rules about when employees can be connected to your network or what they can do while connected?
  • Do you have policies about password protection?
  • Are employees allowed to take company laptops and tablets home with them?
  • If so, what are the rules around doing so?

Ensure your staff understand and follow best practice when it comes to cyber awareness:

  • Develop an easy-to-read cyber security guide so employees are better equipped to identify and deal with malware, dangerous email attachments, phishing attempts and other digital threats.
  • Meet regularly to discuss new potential online threats so team members know what to watch for.
  • Encourage each team member to speak up immediately if they notice suspicious behaviour.
  • Change passwords regularly, or use a password management system, such as Password Protect.

Prepare and Update Your Systems, Processes and Network Regularly

Your computers, network and system should be updated regularly. These updates provide additional protection for your company. As developers become aware of new threats, they create programs designed to prevent the latest hacker techniques and spread those through updates. Old, outdated networks are easier for hackers to access.

In addition to updating your network, take the time to regularly inspect your system for weaknesses and take the steps to address those vulnerabilities.

Also, for your smart devices, ensure you action the prompts to install updates straight away, as these often contain security updates to cover your devices from the latest threats.

Check For & Report Data Breaches

It isn’t just credit card information that hackers are after. Personal information, passwords, and other sensitive data can be sold and used for fraudulent purposes. Your business may not collect credit card and other payment information, but that doesn’t mean you don’t have data that’s valuable for hackers.

If you have any information that could be bought, used for fraud or identity theft, or used for extortion, you need to take steps to protect that information.

Once your network has been hacked, you risk losing your customers’ trust. Once that trust is gone, it’s hard to get it back.

Under the Notifiable Data Breaches scheme, you need to notify the Office of Australian Information Commissioner, and clients, of eligible data breaches that are likely to result in serious damages. 

Keep Informed of the Latest Threats & Industry Movements

Monitor the media and security sites to keep informed about the latest security threats and techniques so you can take measures to protect yourself.

The government has some great resources to follow, as listed below.  We  also recommend scheduling a regular security audit with your professional IT service provider or threat assessor, and seek professional guidance on existing or emerging risks that may face your industry or business. 

Cyber Liability Insurance

Cyber security can pose a big risk for any financial services, and I recommend considering cyber insurance. Many insurance policies cover items such as cyber extortion, public relations expenses, business interruption, first party hacker damage, third party cyber liability, data breach notification costs.

There are many insurance providers, and brokers out there, so do your research and select a package with the features most relevant to your business.

 

Register for Martine's Next Free Webinar

Designed to help you build a scalable and profitable bookkeeping business (that you actually enjoy rocking up to every day).

Learn More >

Stay connected with news and updates!

Subscribe to Martine's newsletter to receive her latest news, tips and insights.

We value you too much to spam you, and won't share your details with any third party.