It used to be the case that very small businesses (VSBs) and small to midsized accounting firms could take basic measures to prevent data breaches.
This often entailed storing personally identifiable information in locked file cabinets or in-office safes. You could also store data on floppy disks or thumb drives for portability.
During this period, a threat actor would have to bypass an accounting firm’s physical security to steal its information.
Let’s fast forward to the present—the new normal…the here and now.
Today, sophisticated cybercriminals can employ several styles of cyberattacks—from phishing to malware trojans—to illegally obtain money-making info. Sadly, this information is often sold on the dark web for a hefty price, making the practice lucrative. Adding insult to injury is that many of these criminals may never be caught.
We looked at two recent surveys to understand how small and midsized accounting firm leaders feel about the security risks facing them in 2022.
The first was conducted by CNBC and includes data points from accounting firms and their small business clients.
Interestingly, or perhaps, shockingly, the CNBC|SurveyMonkey Small Business Survey found that just 5% of 2,000 small business owners found cybersecurity to be the most significant risk facing them in Q2 2022.
“The smallest of small businesses are the least concerned about cyberattacks: Just 33% of owners with zero to four employees are concerned about experiencing a cyberattack within a year, compared to 61% of small business owners who have 50 or more employees.” – CNBC Small Business Playbook
When you look at the other risks business owners were presented with (supply chain disruption, inflation, COVID-19 and labor shortage), you begin to see that maybe, in 2022, it’s not so surprising that cybersecurity is the last thing on the minds of business owners.
However, it should be on their minds, and it shouldn’t be at the bottom of the list.
The reality of the risks business and accounting firm owners face is presented in another survey conducted by AdvisorSmith.
These numbers are a bit more reassuring than the CNBC|SurveyMonkey Small Business Survey—yet, upon further digging, it doesn’t seem as though any of these surveyed businesses understand what it takes to be fully secured from cyber intrusion.
And why should they? Their expertise is in the goods or services they provide—not ransomware, Trojan horse attacks, data encryption, multifactor authentication (MFA), etc.
Of the businesses surveyed, the cybersecurity measures implemented include items such as the following:
Their cybersecurity preparations also include MFA (20%), data encryption (17%) and cybersecurity software (16%).
Every one of those preventive measures is essential, and good for the small businesses that do have some tactics in place. But the stats are still alarming.
Implementing just one of those measures won’t cut it. Every business, every accounting firm, and every accounting firm client needs to approach security holistically.
As evidenced by the above data points, accounting firms have yet to: 1) fully understand the cyber risks faced by their businesses on a daily basis, or 2) properly secure their business’s technology.
And considering the implications of threat actors stealing their clients’ personally identifiable information (PII), the aftermath of a security breach can create devastating effects that will leave a lasting consumer impression.
“Any cyberattack—even one that is quickly resolved—can have a long-lasting negative impact on a business.” – CNBC Small Business Playbook
While clients could be a bit more forgiving of a breach depending on the size of the firm, they will be hesitant about entrusting their PII to a business that failed to take steps to protect customer data.
Unfortunately, security is a day-to-day consideration, which makes it nearly impossible to “solve.” New threats emerge every day, and new variables are constantly introduced to your business, especially every time a new hire walks through the door (or, more likely in 2022, signs onto their laptop remotely).
That being said, you can lower your cyber risk by coming up with a solution before you need it—before you are ever presented with a problem.
Verizon’s DBIR (Data Breach Investigations Report) indicates that over 80% of small business data breaches occur due to their staff members’ lack of knowledge of what to look out for. This is problematic because your staff is the first line of defense when it comes to handling customer information properly.
It’s critical to provide continuous training for your staff on the numerous dangers that lurk in cyberspace.
A comprehensive training program helps teams learn how to mitigate risks associated with:
While the latter threat may sound the most ominous, the infliction of damage is done innocently in most cases. Far too often, an insider threat occurs due to a lack of knowledge of how to prevent a malicious and effective data breach.
In the rare cases where the attack is intentional, it is often the byproduct of a disgruntled employee’s access to sensitive data.
The second way to establish accounting firm security is to work—whenever possible—in the cloud.
The cloud provides a triple whammy of security, flexibility and portability, from office to home and travel.
We can’t speak for all cloud hosting providers, but our QuickBooks Desktop hosting packages offer security benefits like:
Learn more about the full benefits of working inside the cloud vs. not in “Why the cloud is an absolute necessity.”
The third way to lower your cyber risk? Secure your computer. We’ve discussed how the cloud secures your cloud-based applications and software, but what about every other program?
Chances are, you’re not accessing your Outlook from within the cloud; you may have a few applications or pieces of software that aren’t hosted (yet), which means work may sometimes take you outside the cloud environment.
But just because you’re working outside the cloud doesn’t mean you can’t get the security benefits of the cloud for your local environment, too.
Protect your local device (computer, laptop) with solutions that offer:
Cybertheft is lucrative and shows no signs of slowing down. But using solutions like cloud hosting, MFA (included in all Right Networks cloud hosting packages), local computer security and regular security awareness training will help protect client PII alongside your firm’s finances and reputation.
Join our mailing list and get all of the latest news delivered straight to your inbox.