In this article we shall discuss why E-mail Security and Web Security is important for Accountants and Accounting Firms irrespective of their size.
When it comes to security breaches, many small businesses believe threats are reserved for banks and large corporations. In reality, nothing could be further from the truth. Web security is important to all companies, regardless of size. Any business that handles sensitive, personal client information via the Internet is at risk of security breaches. Among the most at-risk businesses are accounting firms — even small firms. When it comes to businesses that are handling the most sensitive personal information, they certainly top the list.
On a daily basis, accountants are in possession of clients’ social security numbers, tax ID numbers, income information, addresses, dates of birth, death certificates, medical information, credit card numbers, bank account numbers, etc. Any one of those pieces of information in the wrong hands could have devastating implications — and a breach of all that information could be downright devastating for an Accountant and/or an Accounting firm.
While identity theft is widely perceived as the top threat — largely due to the amount of publicity it generates — in reality, it represents just one piece of the bigger puzzle in terms of potential threats to accounting firms. As more and more business is conducted online with greater amounts of sensitive information shared via the Internet, it is imperative for accountants to make network security a top priority.
Aside from an ethical obligation to safeguard clients’ private tax information, accounting firms are bound by certain regulations with which they must comply, including protecting personal information from unauthorised access, managing sensitive information and keeping personal information secure. The Payment Card Industry – Data Security Standards (PCI-DSS) also requires the secure transmission of cardholder data to prevent interception and unauthorised disclosure, as well as protection against malware and other threats to the integrity of cardholder data.
Regulatory compliance requires a significant amount of time and resources for which owners need to budget. Federal regulations are often believed applicable only to large public companies, but regulations have elements that apply to private and small firms, as well. Regulations can also change quickly and require significant resources for firms of all sizes to understand and implement compliant procedures and infrastructure.
“All of these regulations contain sections and standards that small firms can’t afford to ignore,” said Scott Paul, Senior Director for AppRiver’s Microsoft Alliance. “If it’s a piece of regulation that is officially written to apply to publicly held financial services firms, it can also apply to small ones.”
These regulations are not the only motivation for accounting firms to protect personal client data. If sensitive data is lost to hackers or client data is encrypted by ransomware, other consequences may be encountered, including:
Within the complexity of identify theft, many types of attacks can occur, including cyber extortion (where data is essentially held for ransom), third-party attacks, mobile attacks, phishing attacks and targeted malware attacks.
It has been well-documented recently that security attacks are shifting from large corporations to smaller businesses. Even though smaller targets do not potentially represent as large of a payoff for hackers, smaller businesses are often better targets that are much easier to breach. The primary reason for this shift is that many SMEs don’t have the necessary security in place because they do not believe that they are large enough to attract an attack. The fact that hackers are aware of this mindset actually makes smaller firms the perfect target because these “bad guys” know that proper security measures are not likely to be in place. Security software provider Symantec reports that 70 % of all attacks target small businesses. Spear-phishing campaigns targeting employees increased 55% in 2015 (Source: National Cyber Security Alliance), and it is ever-increasing. Ransomware is another favourite tool because it allows cyber-criminals to access a system quickly and extort a small amount of money, typically an average of £3,500.
According to The Guardian, a UK survey found that 74% of small organizations — with less than 350 employees — reported a security breach in 2015. Meanwhile, the Attorney General of California reported that the financial business sector claimed the
second-largest number of breaches behind retail businesses. With the advent of chip cards, retail breaches are on the decline, making it feasible that the financial sector could soon account for the largest number of breaches.
“Accounting firms will remain targets regardless of where the threat or trends are because of the large amount of sensitive information they’re handling,” said Paul.
The sad reality is that attacks on small firms are more often catastrophic than for their larger counterparts. In fact, 60% of small companies that suffer a security attack are out of business within six months. With an average cost to recover from a cyber attack hovering around $36,000 (Source: securitymagazine.com), it is not surprising that firms simply cannot recover from
such a capital loss.
Smaller firms are vulnerable to any number of threats, and it is largely due to the fact that they are far less likely to have even the most basic safeguards in place, e.g. small accounting firms are less likely than their larger counterparts to:
Another, even more catastrophic vulnerability to consider is that end users who do not secure their devices or fail to accept or prioritise discipline related to company security policies. It is imperative that security becomes a habit and part of a firm’s daily routine.
Human error is the largest single cause of data loss. Security starts with an end-user. It is estimated that more than 75% of employees leave their systems unsecured. Adding to the problem is the fact that only 22% of SMEs have prioritised security concerns that were identified within the previous year. (Source: Symantec)
They know they are under-resourced, under-prepared and unprotected, but they have difficulty adding it to their budget when preparing for the future. The bottom line is that small firms under-estimate security exposure and grossly under-estimate the costs of a breach.
The Cloud is more secure than On-premise systems. Small Accounting firms fail to realise that cloud-based systems offer the best and most secure options for safeguarding sensitive client information. When security is in place in conjunction with on-premise systems, they are typically poorly maintained on site. But cloud-based security systems offer extra layers of security that in-house servers and other on-premise systems cannot match. Embracing the technology of moving to the cloud enables small firms to secure their roles as trusted advisors and heightens security as more employees work remotely. Cloud-based systems also provide more efficiencies for automating processes and services, and often reduce the cost of an in-house infrastructure and the personnel necessary to maintain it.
Not all cloud solutions are created equally, however. “Microsoft is going to spend more than smaller firms, obviously,” Paul said. Ultimately, if a company is touting low-cost as its main selling point and security is not mentioned early on, that is generally a red flag that they are not a reputable or secure company to work with. The problem for small Accounting firms is that Microsoft’s cloud-based security can be extremely cost-prohibitive for SMEs. That is where Microsoft partner providers like Nishtha come into play. Nishtha, in partnership with AppRiver, offers a complete library of compliant resources and has demonstrated time and again that small firms can benefit from the enterprise grade security that Microsoft offers through an affordable partner.
“We are all in this cloud situation together,” Paul said. “The good news is that cloud beats the bad guys most of the time — whereas small, lightly maintained, on-premise machines are much easier to get into.”
So what are small Accounting firms to do when it comes to addressing their security needs? First and foremost, SMEs need to abandon the mindset that they are too small to be targeted and make the necessary investments to protect themselves and their clients.
Firms of all sizes must make security a top priority. If needs have been identified, they must be addressed. If no security measures have been taken yet, these firms must conduct an audit of vulnerabilities and immediately take steps to close those gaps.
When responding to a data breach or to avoid a potential breach, it is crucial to use industry best practices and procedures. At the minimum, every firm should take the following security measures:
The many aspects of securing data can often feel overwhelming to smaller firms that lack IT staff, but firms do not have to go it alone. For the majority of small vendors, the best way to address all of these security needs and put a secure infrastructure in place is by partnering with a third-party provider, such as Nishtha.
To find more about how Nishtha can help strengthen your E-mail and Web Security needs, please Contact Us now.
Introduction A pledge or intention to reduce waste in business is of no consequence if…
Introduction Businesses are always faced with key decisions at every point in their operational as…
Search Engine Optimisation (SEO) is an ongoing activity that seems never-ending. This is the first cardinal…
The importance of developing a robust Digital Strategy is not lost on most organisations. After…
Introduction Over the course of my professional career, I have been part of various esteemed…
One of the key challenges of any SEO project is to address the Traffic Vs…
This website uses cookies.