Cyber risks for accountants - protect your client data

By Matt Norris

17 June 2015

Matt Norris of Beazley, on behalf of Bluefin Professions, explores the potential cyber risks facing accountants and provides useful tips to avoid a data breach.

Most companies are vulnerable to data breaches due to human error or cyber attacks. However, accountants whose businesses contain large amounts of personal and business data are particularly vulnerable. In fact, accountants, along with solicitors, were recently criticised by the Digital Economy Minister Ed Vaizey as being the 'weakest link' in corporate cyber defences.

The Information Commissioner's Office (ICO), the public body responsible for enforcing a range of acts that protect customer data, ranked financial services sixth among the sectors most likely to suffer a data breach. PwC's 2014 Global Economic Crime Survey highlighted that 45 per cent of the financial services sector had been victims of cyber crime, compared with 34 per cent across all other industries.

The main cause of data breaches is human error, according to the ICO. These have occurred for a variety of reasons, including laptops being left on trains, sensitive documents not being shredded, emails sent in error and back-up hard drives being lost. While cyber attacks - when hackers target websites to steal personal information - are a less common cause of data loss, they result in a much higher loss of data.

Top five ways to avoid a data breach

While data breaches are on the rise, the majority of incidents are fully preventable. Here are the top five ways to avoid being caught out:

Encrypt your devices

Over 73 per cent of the breaches serviced by Beazley in 2013 involving portable devices could have been prevented if the devices were encrypted. Encryption is a safe harbour under virtually every breach notification law.

Automate patch management

From 2013 to August 2014, Beazley saw a 20 per cent increase in breaches due to malware or hacking. Staying on top of the latest available software patches and moving to automated patch management can protect against a breach.

Enforce password complexity

In 2014, the breaches serviced by Beazley due to hacking or malware cost 4.5 times more than the largest loss category (unintended disclosure). Computer systems can now systematically cycle through all permutations of potential passwords. Don't use 'bad' passwords that are easy to crack; dictionary words are capable of being deducted with an algorithm.

Be alert to phishing

From 2013 to 2014, Beazley say a 10 per cent increase in breaches attributable to someone inside the company, either an employee or contractor. Most breaches occur because of human error. Training is a critical step in breach preparedness. It is important to train employees to spot the indicators of a phishing email.

Double check before hitting send

Thirty-one per cent of the breaches serviced by Beazley in 2013/2014 were due to unintended disclosure. It may be simple, but double-checking the contents of a file, email address or mailing details can be really important, especially when selling data to outside clients or suppliers.

These issues are becoming more prevalent due to the current shift in the way all businesses operate. The days of visiting an accountant on the high street are disappearing fast and more businesses either operate 'virtually' or transact a large proportion of their business online or via email. Many are refocussing to becoming much more reliant on technology. Firms are also embracing the efficiencies that technology offers due to the improving economic conditions which present opportunities for growth. However, while pursuing these perceived benefits, this increasing reliance on technology is heightening vulnerability to data breaches and posing a greater challenge in protecting the personal information that is entrusted.

More information

For more information on cyber risks and the insurances available to protect your business should the worst happen visit Bluefin's website.

This article was taken from Bluefin Professions' market review publication 'Adding up the risk'. To read the full article please visit Bluefin.

Bluefin Professions are working with ICAS to provide access to exclusive insurance solutions especially for ICAS members. If you would like to find out more, visit icas.com, call Lorraine Marchetti on 0131 255 0336 or visit the Bluefin website.

About the author
Matthew Norris is the Focus Group Leader for private enterprise and technology, media and business risks at Beazley globally. In 2014, Matt led the development of an online platform that enables brokers to build and produce SME PI business. Prior to joining Beazley, Matt spent 15 years at Hiscox as Global Product Head for technology, media and cyber risks. He has also served as Chair of the London Market etrading board.

Topics

  • Public sector
  • Private sector
  • Development of the profession
  • Technology

Previous Page