Primarily, to deter from rising threats against your accounting firm, staff, and clients, it is important to know where those dangers are coming from and what methods cyber-criminals are now deploying to breach your firm’s digital defenses.

If you've heard of phrases like data theft, malware, ransomware, and phishing before, but don't know what they all mean or how to identify potential threats to your business and your data, then this article is for you.

Why is cybersecurity important for accountants?

One of the most attractive prime targets for cyber criminals is accounting practices.

According to CrowdStrike, a leading cyber security company based in the US, the attraction of accounting firms is due to them hold vast amounts of sensitive financial and personal information about clients. This often includes bank account information, financial records, tax identification numbers, payroll information, and investment data. It’s not hard to see why these practices are a prime target for cyber attacks.

Based on the recently released cybersecurity 2021 trends report from Singapore's Cyber Security Agency, businesses must take note of the following trends:

• The growing number of ransomeware attacks
• Singapore being a favoured location for crypto-scams
• Command and control for malicious bot servers have grown by 3x – from 1,026 to 3,300

As is, intrusion and malicious software (malware) are still at all-time highs, meaning employees are unaware of the potential danger they possess when working from their own devices. In fact, telecommunications, e-commerce, and e-financial frauds are the most prevalent, with these three areas of fraud accounting for almost 10,000 cases collectively up to 2021.

Notably, according to the Digital Crimes Unit of Microsoft Asia, an average of 720 people fall prey to cyber criminals every minute across the globe, which translates to more than 1 million victims every day.

Today’s cyber criminals are more motivated due to the important information that accounting practices around Singapore are managing and processing.

What is data theft?

This is where your accounting practice data is breached and can potentially lead to the theft of sensitive materials and private client data. That’s a sure-fire way to lose business.

According to Techrepublic, the theft of sensitive materials and client information can cost accounting firms around trillions of dollars, globally, every year.

The theft of data has the potential to put accounting firms out of business, not to mention the sustained reputational damage from falling victim to theft of such valuable data.

What is malware and ransomware?

Malware is a piece of software that has been deliberately created to damage a victim’s device or take control of a network. It comes in a variety of forms, from general computer viruses through to Trojan attacks and even spyware and adware. One of the latest examples of a data breach is the one Eatigo experienced last year when it lost the personal data of up to 2.8 million users.

One of the most devastating forms of malware, however, is ransomware, particularly for businesses, such as accounting firms that have a wealth of data they need to protect.

When deployed successfully, ransomware takes sensitive data hostage by encrypting it and blocking the victim’s access to it. The attacker will then demand payment in exchange for the return of the stolen data. 

Primarily, the problem is that in many cases, even victims who pay the ransom never gain access to their data again.

The most worrying part for accounting firms, as highlighted by Accenture Security in its recent report, is that ransomware attacks have tripled in frequency over the last few years. For Singapore, the number of ransomware and phishing attacks have continued to grow. 

What is phishing?

Due to a lack of education around cybersecurity threats, coupled with its ease-of-deployment, phishing scams are running rampant across all sectors, including accounting. 

These attacks, which usually come in the form of an email, use freely available information – a firm’s name, specific individuals, and their roles in the company – to impersonate a valid institution, such as a bank. They then get the recipient to click on a link to a malicious site or download a seemingly innocent file that turns out to be malware.

Cybersecurity attacks are growing and this is now a significant issue for Malaysia. Based on the statistics from Singapore Cyber Security Agency, the country reported bout 55,000 unique Singapore-hosted phishing URLs – with a “.SG” domain have been observed in 2021. This was an increase of 17% compared to the 47,000 URLs seen in 2020. Incidentally, social networking firms made up more than half of the spoofed targets. 

Income tax filing scams are also a trending issue for Singapore and both the Inland Revenue Authority of Singapore had deployed ongoing efforts to drive public awareness as it is considered a key preventative measure.

Tax scams have been a staple for cyber criminals for many years, most commonly known as robocalls. Of course, the increasing shift to digital platforms and ways of doing business means even more people and organisations are at risk.

How do cyberthreats affect accounting firms?

The risks and associated exposures of a cyberattack on an accounting firm can be devastating. Not only can a data breach lead to reputational damage and costly first and third-party losses, but there’s also the fallout that the public eye rarely sees – the damage it wreaks inside the accounting firm.

Below are a few examples of cybersecurity fallout:

• Direct loss of turnover
• Increased staff churn
• Customers fleeing to more secure competitors
• Management spending their time on tasks that aren’t profit-generating
• Clean-up costs
• Change in customer perception
• Reduced competitiveness

Investing in cybersecurity for accounting firms

Now that you’re aware of the cyber threats facing accounting firms, it’s a good idea to form a strategy about how to protect your interests, your clients and your accountants.

Investing in cybersecurity often needs to occur both internally and externally.

Internally, you’ll want to ensure you have sufficient IT controls, strong access controls, all the critical paperwork – like incident response plans, and relevant insurance, such as business or cybersecurity insurance.

Externally, especially for small firms without internal IT resources, enlisting outside help can illuminate your accounting practice’s specific cybersecurity needs.

A provider can then deploy the necessary resources, such as cybersecurity software, hardware, critical infrastructure, and data recovery capabilities, to keep your clients’ data secure.

How can I protect my accounting practice from cyber attacks?

Cyber threats aren’t going away – on the contrary, their frequency is increasing, along with the severity of attacks on susceptible industries, such as accounting.

With the cost of not investing in cybersecurity having the potential to bring a business to its knees, today is the day to start formulating a plan for the future. Accounting firms with their sights set on tomorrow, must  embrace cybersecurity tools and  accounting practice management software,  to keep their data safe from the wrong hands.

Our accounting practice management software has been built with accountants' security in mind, so why not talk to a specialist to find out how we can help your firm today. 

The importance of data safety when working remotely

If you or your accounting practice staff are working from home, you must take care to protect your firm from risks to cybersecurity that may occur within a home office environment.

All it takes is one click on a link or attachment from a phishing email to infect and compromise an employee’s personal device and data. And if they’re connected to your network, it could very likely impact your critical business data too. 

Providing your employees with guidance on keeping their data secure while working from home is imperative for ensuring the security of your valuable business and customer data.