By Nick Levine News How accountants can protect themselves from cybercrime 16 May 2016 Cyber crime is fast becoming a threat for governments, businesses and individuals. In 2014, a study by McAfee revealed that cyber crime’s cost to the global economy exceeded $445 billion. As an ever increasing amount of what we do and how we transact takes place online, on mobile and with contactless technology, there have been a number of high profile hacks and phishing scandals. Some of the more well-known cases have included Sony Pictures and Target, with the former suffering a malware attack which led to the leaking of confidential information of employees, and the latter resulting in a leak of the debt and credit card details of 40 million customers. This is creating both opportunities and threats for accountants. As trusted business advisers, accountants have a duty of care to safeguard the data of clients. Additionally, this also results in a potential new revenue stream of educating clients about best practice with regards to mitigating attacks. What is cyber crime? Cyber crime comprises of criminal acts associated with computers and networks. In recent years their frequency has increased due to the mass adoption of the internet and a shift towards a digital economy, whereby nearly everything that we do as both citizens and businesses takes place and is stored online in the cloud. The motivation of hackers is to extract data, money or to intentionally harm or damage the reputation of the individual or organisation that has had their data compromised or security breached. Instances of cyber crime include phishing (duping the user into revealing confidential information such as personal details and passwords), denial of service attack (an attempt to make a machine, network or website unavailable to users) and malware (a virus which results in computers being taken over by malicious software). Why should accountants be concerned about cyber crime? Whilst the majority of accountants are unlikely to ever be IT savvy enough to fully understand the intricacies of how cyber attacks work, and be one step ahead of the hackers, they do have a duty of care to safeguard the digital assets and intellectual property of their own, as well as clients data. Failure to do this could result in reputational damage to the accountant and/or accounting firm, as well as potentially becoming implicated in such crimes. Additionally, education, awareness and best practice around cyber security reflects a new revenue stream for accountants. This opportunity has not gone unnoticed by the Big Four. In January PwC acquired Praxism, an Edinburgh based consultancy which specialises in preventing cyber attacks by helping to effectively manage user identities. As well as advising on best practice, accountants have an opportunity to help businesses define a risk management strategy, advise on the latest developments of governments and regulators for countering and dealing with cyber security breaches and to help define estimates of the financial impact that cyber crime will have. Surprisingly, many accountants are not even taking the most basic precautions to prevent against attacks. Recent research from cloud accountancy software company Xero revealed that only 1.4% of their accounting partners enabled two step authentication for logging into their software. This is a relatively mainstream concept, adding an additional layer of security, whereby users have to sign in with an additional piece of information, other than their standard username and password. This data is unique in that it tends to be generated on demand to the user’s mobile phone. Best practice Other than turning on two step authentication, it is possible for accountants to mitigate the risk of being victims of cyber crime by taking the following actions and precautions: Different passwords – Assign different passwords to different pieces of software. This will limit the amount of accounts cyber criminals will be able to have access to. If all of your accounts have different passwords, and one of them has its security breached, this will limit the amount of data cyber criminals will have access to. In particular, make sure that the sign in details for your email addresses are unique. Email addresses serve as being your online passport, and if your account is taken over thieves could have access to your entire online life. Change passwords regularly – This will reduce the chance of hackers having access to accounts due to the likelihood of them having credentials which are out of date. Additionally, if you are the victim of a phishing attack you should change all of your passwords immediately. Use anti-virus software – It is a hassle but regularly running and updating anti virus software remains one of the best preventative measures. Setting aside a few minutes each week to do this will significantly reduce the risk and damage associated with viruses. Data encryption – If working with sensitive information, efforts should be made to encrypt data. There are a number of free and easy to use encryption software products on the market including BitLocker for Windows and FileVault for Apple devices. Additionally, self-encrypting hard drives may be considered as a necessary precaution for data back-ups. Be cynical – Question anything which looks unusual or suspicious. For example, be wary of clicking on links in emails requesting credentials, or responding to unusual email addresses requesting information. It is always safer to visit native websites in your browser and to call individuals on the phone to confirm their identities. Whilst it is unlikely that accountants will ever be one step ahead of the hackers, by following these steps they can severely limit the chances of themselves or their clients being victims of cyber attacks. Nick Levine is a chartered accountant and freelance journalist, with a background in fin-tech who has written for Accounting Technician magazine.