To deter the rising threats against your accounting firm, your staff and your clients, it is important to know those dangers coming from and what methods cybercriminals are deploying to breach your accounting cybersecurity defences.

If you've heard of phrases like data theft, malware, ransomware and phishing before, but don't know what they meant, then this article is for you.

In this article, we'll give you the low down on the biggest concerns in accounting cybersecurity challenges, so you can begin to identify potential cyber security threats more easily.

Why is cybersecurity important for accountants?

One of the most attractive prime targets for cyber criminals is the accounting profession.

CrowdStrike, a leading cyber security company based in the US, identifies that accounting practices are prime cyber-attacks candidates because accountants hold vast amounts of sensitive financial data and personal information about their clients, such as passwords, bank account information, financial records, tax identification numbers, payroll information, and investments data.

The Australian Cyber Security Centre revealed in their 2022-23 annual cyber threat report some sobering  accounting practice cybercrime statistics:

• Annually, cybercrime costs small accounting practices an average of $46,000 medium-sized practices approximately $97,200 and large practices $71,600;

• Accounting is part of the sixth most targeted sector in Australia, with 4.7 per cent of all cyber-attacks;

• The number of cyber-attacks has risen 23 per cent in the past year, which is the equivalent to one every six minutes.

Today’s cyber criminals are acting more frequently and are motivated due to the important information held by accounting practices in Australia and New Zealand.

What is data theft?

This is where your accounting practice information security is breached, which leads to the theft of sensitive client data and clients' personally identifiable information (PII).

According to Techrepublic, the theft of sensitive materials and client information can cost accounting firms trillions of dollars globally every year.

A data breach has the potential to put accounting firms out of business, not to mention the sustained reputational damage from falling victim to information security breaches.

What is malware and ransomware?

Malware (or malicious software) is a piece of software that has been deliberately created to damage a victim’s device or take control of a network. It comes in a variety of forms, from general computer viruses through to Trojan attacks and even spyware and adware.  

One of the most devastating forms of malware, however, is ransomware, particularly for businesses such as accounting firms that have a wealth of data they need to protect.  

When deployed successfully, ransomware takes sensitive accounting data hostage by encrypting it and blocking the victim’s access to it.  

The attacker will demand payment in exchange for the return of the stolen data.  

The problem is that in many cases, even victims who pay the ransom never gain access to their data again. 

The worrying part for accounting firms, as highlighted by Accenture Security in their The Cost of Cybercrime report, is that ransomware attacks have tripled in frequency over the last few years.

What is phishing? 

Due to a lack of education about cybersecurity threats, coupled with its ease of deployment, phishing scams are running rampant across all sectors, including accounting.  

These cyber attacks, which usually come in the form of an email, are where hackers use freely available information (e.g. a firm’s name, specific individuals and their roles in the company) to impersonate a valid institution, such as a bank. They then get the recipient to click on a link to a malicious site or download a seemingly innocent file that turns out to be malware. 

And thanks to the disruption of COVID-19, the Australian Cyber Security Centre has warned of a major increase in phishing scams on financial services, including accounting firms and their clients.

One such scam came in the form of a tax-refund email masquerading as official documentation from the Australian Taxation Office (ATO). The email led to a fake myGov phishing page to steal sensitive financial information from end users.

Tax scams have been a staple for years, most commonly as robocalls, but the shift to digital means even more people, including businesses, are at risk. 

---

---

How do cyber threats affect the accounting industry?

The risks and associated exposures of a cyberattack on an accounting firm can be devastating.

Not only can an accounting firm data breach lead to reputational damage and costly first-party and third-party losses, but there is also the risk that the public eye rarely sees, the damage it wreaks inside the firm.

Below are a few cyber security risk examples:

• Direct loss of turnover.

• Increased staff churn.

• Customers fleeing to more secure competitors.

• Management spending their time on tasks that aren’t profit-generating.

• Clean-up costs.

• Change in customer perception.

• Reduced competitiveness.

Investing in accounting cybersecurity

Now that you’re aware of the threat landscape for accounting firms, it is a good idea to start to form a cybersecurity strategy about how to protect your interests, your clients and your accountants.

Investing in cybersecurity often needs to occur both internally and externally.

Internally, you’ll want to ensure you have sufficient data protection measures, such as IT controls, strong access controls, all the critical paperwork (e.g. incident response plans) and relevant cyber insurance such as business or cybersecurity insurance.

Externally, especially for small firms without internal IT resources, enlisting outside help can accounting practices develop the right cybersecurity strategy.

A provider can then deploy best practice cyber security resources (cybersecurity technology, critical infrastructure, safe business passwords, etc.) to protect clients from data breaches.

The importance of cybersecurity for accountants

It is clear from the topics we've covered in this article that cyber threats aren’t going away – on the contrary, their frequency is growing, and they are targeting the accounting industry.

The importance of cybersecurity for accounting firms means that threats have the potential to kill your business. Today is the day to start audits to form a data security strategy for the future. One that embraces cybersecurity technology, such as accounting practice management software, helps your data protection and keeps your accounting practice clients safe from external attacks.

Is practice management software best practice to protect my accounting firm? 

Our accounting practice management software has been built with accountants' security in mind, so why not talk to a specialist to find out how our technology can help your firm today.  

The risk of remote working for accounting firms

If you or your accounting practice staff are working from home, you must implement data protection measures to prevent your accounting practice from cybersecurity risks that may occur within a home office environment.

Download our employee checklist for a detailed look at how you and your accounting team can keep your technology protected from potential cybersecurity threats.

---

Download our whitepaper, how trends in cybersecurity will impact accountants to discover the tools your accounting firm needs to bolster cybersecurity defence and arm yourself against threats. 

---

Cyber security resources

• CPA Australia's cyber security resources
• Australian Cyber Security Centre (ACSC)