ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight series 2022
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Charities
    5. Coronavirus
    6. Corporate and financial reporting
    7. Business and governance
    8. Ethics
    9. Insolvency
    10. ICAS Research
    11. Pensions
    12. Practice
    13. Public sector
    14. Sustainability
    15. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Cybercrime: Why CAs must be more vigilant than ever

cybercrime header
  • LinkedIn (opens new window)
  • Twitter (opens new window)
By CA magazine

31 March 2022

The growth in remote working and the proliferation of cloud software have increased opportunities for cybercrime. David Fleming, Chief Technology Officer at Mitigo, tells Fraser Allen why CAs need to be vigilant

Read April's CA magazine now

Cybercrime has been one of the few areas of the global economy to flourish during the pandemic. As businesses scrambled to transfer office-based staff to homeworking, digital criminals seized on the fresh opportunities it presented to create havoc.

Government figures show that an astonishing 27% of UK businesses were attacked at least once a week in 2021. The average annual cost to firms which lost data or assets after breaches was £8,460 – and, for many, it was much higher than that. “A cyber-attack can be devastating, both in terms of its financial and emotional impact,” says David Fleming, Chief Technology Officer at ICAS partner Mitigo. “This is a global criminal industry. Attacks are automated, indiscriminate and high volume, and as soon as the attackers see something that’s working, the impact rapidly accelerates.”

Fleming warns that there are essentially three types of cyber-threat that businesses need to guard against.

1. Ransomware

Many in the UK became aware of the dangers of ransomware through the Wannacry attack of 2017, which paralysed parts of the NHS. The attackers seized and encrypted data, demanding a bitcoin ransom to release it.

Fleming remembers being called into one organisation where extensive data had been seized and encrypted by criminals who initially gained access through one compromised laptop. “We advised them on their obligations to the regulators, to their customers and to the police,” he says. “And then we had to help them with some serious conversations about the ransom deadline. The standard advice is never to pay up but, as a business, you have to think carefully about the sustainability of your business and your responsibilities to your clients.”

2. Phishing

Email phishing has become even more dangerous with the move to cloud-based email accounts. It takes just one person in your organisation to click unwittingly on a compromised email link for criminals to access all the folders and files associated with the account. For an accountancy firm, this could prove particularly disastrous.

3. Software vulnerabilities

Software vulnerabilities are a particular area of concern for Fleming. Often, the creation of a software patch by a supplier can alert criminals to the existence of a weakness – and then they can begin to target businesses that aren’t on top of their software updates.

Staying on top

The growing threat of cybercrime adds to the pressures faced by SMEs, many still grappling with the heightened data management requirements of GDPR, while CA firms must also meet the expectations for integrity, competence and due care set out in the ICAS Code of Ethics. Fleming advises CAs to give data security the time and importance it deserves. “It’s one of those things that’s easy to put off until it happens to you, and then it may be too late,” he says. “There’s a certain amount we can do after an attack but it’s much better to protect yourself in the first place.”

Fleming also encourages CAs to think about their security management in terms of these three key pillars.

1. Company policy

Make sure you have sensible, comprehensive security policies in place. Consider whether staff use their mobile phones or laptops for work – and, if so, how? Put protocols in place for staff to follow and consider how they are being monitored by the firm.

2. Technology

Track the devices, hardware and software used by people in your business and get an understanding of the potential risks involved. For instance, identify the platforms being used to transfer files – as well as who is responsible for managing software patches. Consider whether company emails are appropriately secured.

3. People

There’s often an assumption that highly trained professionals won’t click on phishing links – but it’s a mistake anyone can make. Ensure that everyone in your organisation has received training to stay alert to this threat. Then put in place processes so that staff know what to do if they think they may have clicked on a compromising link.

Fleming’s core message to CAs is to take action now, and stay on top of the threat: “Data is probably the most valuable and sensitive asset that a CA firm has. Big conversations about how you protect it from criminals should be a priority.”

Read April's CA magazine now

CA Mag Mar 2020 Hero

CA magazine: March 2022

By Sarah Speirs, ICAS Executive Director of Member Engagement and Communication

23 February 2022

Finance + Technology

Explore our latest insights on opportunities in tech and AI. Technology will be our focus theme throughout April.

2023-01-rutherfordcross 2023-01-rutherfordcross
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: