Accountants deal with thousands of pieces of data every day which makes them a high target industry for cyber crimes. The ever-changing landscape of cyber security means you must keep a regular check on your defences. Here at Superfast IT we’ve been helping accountants as well as other industries for over 15 years with their IT systems. We understand that some sectors are higher targets than others and they may need extra measures in place.
In short, phishing is a type of cyber-attack that will try to trick people into disclosing confidential information or transferring money to an unknown source. On a base level, there are two different types of phishing attacks untargeted and targeted.
An untargeted phishing attack will cast out some ‘bait’ to a large number of people trying to get anybody to click a malicious link that has usually been delivered by E-mail. As the title suggests, the attackers will not go after a particular person or businesses. As the attack targets anybody it makes the attacks quick to create and execute. The contents of phishing attacks change on a regular basis due to them having a short life before they get compromised and blocked. The majority of the time they’re easy to spot, and have a low success rate but can catch out people who aren’t clued up on cyber security.
Targeted (Spear) Phishing
As you’ve probably guessed already ‘targeted (spear) phishing’ is an attack that will target a particular user or businesses. These attacks can take months to plan and execute as they require extensive research. The carefully thought out attacks will be personalised looking to strike a chord with the recipient. Imagine two people are fishing at a pool. A fisherman (untargeted phishing) will be trying to catch a fish in the pool. Meanwhile, a spear-fisher (targeted phishing) will be trying to catch a specific fish.
Why cybercriminals try phishing on accountants
Accountants are a goldmine of information. Due to a plethora of 1financial data stored on their systems, it is a high target for cybercriminals. Despite this, employees at accounts quite often don’t have the correct cyber security training. Which brings us on to our next point…
The most significant threat to your data can be the people you employ. Without the correct cyber security training your business is at considerable risk. The majority of cyber security attacks happen due to human error. You should have a security protocol in place that all your employees have sufficient training in. This protocol could include things such as secure passwords and keeping records of wi-fi usage. You could use a team training day to make sure everybody is aware of what is expected of them from a cyber security standpoint. Your business should also be wary of malicious insiders.
Not only are accountants a target of identity theft themselves but the records of people that they store are too. All data must be protected and now compliant with the new General Data Protection Regulation (GDPR). For any applications used, two-factor authentication should be in place as an extra level of security. If somebody was able to steal your identity how many things would they have access to at your place of work?
The Risk of Fines
If you don’t follow the guidelines of the previously mentioned GDPR, you could face fines depending on the severity of the of the infringement or lack of defences shown. These fines can be up to £20 million or 4% of your annual global turnover. How much money would that cost you? While the penalties are a last resort, the best thing to do is sort your defences out now.
Working in accountancy is a high-risk business and you have to have the correct protections in place. Implementing these can be a daunting task but that’s where we can help. Our technology and cyber security assessments can see how secure your data is. Want to know more get a free consultation below.