How to make Cyber Security a good habit for accountants and auditors

Why should accountants and auditors care about cyber security?

Clients, trust, data, and finance are all fundamental to accountants and auditors.

IT is the key tool for delivery. Whether in the office, in the cloud, working with clients, or at home, for our teams, clients, and suppliers, cyber security is critical. This is well demonstrated in just one example of a hacking event:

In 2023, Optionis, a large accounting firm was hacked for ransomware:

• 28,000 clients’ information was shared online
• 315,000 documents were shared
• 2 weeks business interruption
• The company changed the name to Caroola Group since
• The company was reprimanded by the Information Commissioners Office (ICO)

In the reprimand, the ICO stated that the business had:

• 'failed to take organisational measures'
• 'no clear bring your own device policy’
• failed data protection measures such as multifactor authentication
• 'inadequate lock out policy’
• 'Had these been addressed sooner they would have decreased likelihood of a successful attack.'

Who looks after cyber security in your business?

As shown by the reprimand in the example above, cyber risk isn’t solely in part of an invisible network – it involves your People, Technology, and Processes. It is important to have a business owner who understands the breadth of impact.

Managing security requires a clear view of risk across all technologies from core platforms, cloud, networks and endpoints to personal devices.

• Multifactor authentication and regular updates are good behaviours to ingrain - dark web data shows that long-timers in the business, including the CEOs, are notorious for not updating passwords.
• All employees are vulnerable to phishing, the source of 90% of hacking attempts. Trials have show up to 40% of staff in a phishing have shared confidential data within 24 hours.

Compliance standards for your businesses

Federal and National cyber security standards are now published and regularly updated in USA (NIST), EU (NIS2), and UK (Cyber Essentials) to ensure that critical infrastructure, and its supply chains are secure. The supply chain element is critical – everyone is as strong as their weakest link. Consequently suppliers are required more and more to improve their security. Especially since there are frequent instances of suppliers being used to target their counterparty.

Checklist for good cyber security habits

1. Accept security as a core process - 53% of SMEs had cyber breach last year
2. Get an owner for business risk - not just IT - 90% of breaches start with phishing your people
3. Know your risks - use a dashboard of people, endpoints, network, cloud, devices, and processes
4. Track progress – Regularly review a prioritized plan of security improvement
5. Get certified – Prove your compliance, qualify for new business, support your team

For more information please contact Phil Edelin at Lupasafe -  phil@lupasafe.com 

AGA members can watch the recording of Phil and Frederik's recent webinar here. 

About Lupasafe:

Lupasafe's mission is to protect your organization’s data through automation and by demonstrating cyber risks and compliance with cybersecurity guidelines. The team provides a cybersecurity program that pre-emptively protects all parts of an organization and demonstrably reduces all attempts at cyberattacks or data loss. Read more