Last year RSM International, a global accountancy firm surveyed large and small accountant businesses to get a sense of how firms were thinking about digital transformation. In Europe, the majority (80%) considered it a priority for growth. Cloud-based technologies were marked as the most significant focus.

In practise, this means accountancy firms would rather access everyday technologies such as specialised software, from the cloud, rather than run applications in-house. This also applies to functions like storage and communications. Many are already moving down this road given that cost-saving and efficiency benefits are so compelling.

However, by implication, it also means that cybersecurity needs to be ramped up. Yet, according to RSM, only 34% of businesses have adopted a cybersecurity strategy while 21% have no strategy at all. This also reflects the findings in a more recent BullGuard survey which alarmingly revealed that 43% of small business owners have no cybersecurity defence plan in place at all, leaving their most sensitive financial, customer, and business data, and ultimately, their companies, at significant risk.

Accountancy firms, like in other areas, believe the cloud services they use are protected by the providers. This is understandable given that an application provider, for instance, will fold cybersecurity into its pitch and assure potential clients that its service is protected.

However, consider the following:
  • Given that many accountancy firms use the same software systems, hackers are motivated to seek vulnerabilities in the software knowing there will be a substantial payday by exploiting weaknesses and as a result, they can attack multiple businesses.
  • Cybercriminals view accountancy firms as a 'gateway' to client information and they are seen as a soft target with few security barriers, limited cybersecurity tools, and little or no in-house expertise.
In practise, this means that most cybercriminals focus their efforts on the firms themselves, rather than trying to penetrate the cloud service at source. It’s easier, for instance, to send a phishing email that manages to extract a password and user name for a cloud-based accountancy application, rather than attack the cloud-based application at its source.

The same applies to malware. Infect a few devices belonging to accountancy practise with a keystroke logger or banking trojan and the hacker gains the keys to the treasure chest. They also potentially have access to sensitive client data.
  • Combine the fact that some of the most popular software programmes for cybercriminals to target are in the accountancy and tax space, with the fact that accountancy firms rank as one of the lowest industry sectors for cybersecurity awareness, and it’s easy to see that many small business accountants could suffer destructive cyber-attacks.
The key for small business accountancies is to recognise that ‘in-house’ cybersecurity is an absolute necessity and it’s not enough to rely on application service providers. They will do their bit by securing the actual cloud service but accountancies must also take responsibility and secure their own practises.
  • If the Covid-19 pandemic has taught small businesses anything it's the necessity for cybersecurity. Cyber miscreants have unleashed waves of phishing emails and malware related to the virus. These attacks specifically target small businesses as criminals attempt to exploit, anxieties, uncertainties, and a lack of cybersecurity knowledge.
In the face of the Covid-19 pandemic, BullGuard is offering a free 3-month license for BullGuard Small Office Security. Designed specifically for small businesses, it protects fixed workstations, laptops, tablets, and smartphones whether in the office, at home, or out and about.

Loaded onto each computing device it protects against all types of malware, including ransomware, and flags up malicious links that are hiding in emails and on websites, as well as malicious ads which are another way attackers use to try and infect devices.

The beauty of this small business specific platform is that all devices are centrally managed via a cloud-based dashboard.
  • This means that state-of-the-art cyber protection can be rolled out across all devices concurrently and within minutes, thanks to easy remote management. In turn, this removes the severe headaches many small businesses face when having to manage devices individually.
  • Built with an award-winning, triple-layer cyber protection engine and fused with advanced machine learning that instantaneously detects and blocks new malware releases, BullGuard Small Office Security is the ultimate in end device protection. You can find out more about this product and 'no-strings-attached' offer by simply clicking here.
Another point worth mentioning is GDPR and the need to protect customer data. Many accountants, and other small businesses, have suffered GDPR fatigue and have failed to meet the requirements. But the risk of non-compliance is likely to become more severe as small businesses face the prospect of further regulatory change because of Brexit.

However, protecting end devices, using VPNs (virtual private networks), and having encrypted storage and data back up in place will also go a long way to meeting regulatory requirements as well as providing strong cybersecurity defences for the business. These are not costly or difficult technologies to implement or use. Rather, they are so simple that even within a day of implementation their usage will start to become routine.

Of course, underpinning these necessary steps is the need for employees to be aware of the dangers, for instance from phishing emails. As such employee education is equally vital. It doesn't need to be long-winded or complex. A few simple rules are enough such as using strong and unique passwords to access company applications and to always question emails that seem suspicious or out of place.