ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Business and governance
    5. Charities
    6. Coronavirus
    7. Corporate and financial reporting
    8. Cyber security
    9. Ethics
    10. Insolvency
    11. ICAS Research
    12. Pensions
    13. Practice
    14. Public sector
    15. Sustainability
    16. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Cyber Essentials: The best defence against a rising threat

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By Michael Kleinman, Cyber Security Consultant, Lugo and Omer Hanif, Practice Support Specialist, ICAS

6 January 2022

What cyber-security threats pose a danger to your firm and what can you do to combat them?  In this article we examine the most common methods scammers use and detail how the Cyber Essentials certification can arm CAs with the knowledge they need to safeguard their firm.

The world of cyber security can often seem ambiguous to those who do not know much about it. Many firms are often put off from looking more into the subject because of its reputation for bloated technical jargon

These factors often lead to companies being exposed to dangerous cyber threats that could potentially cripple their business for days, weeks or even months. Hackers view accountants and their firms as lucrative targets due to the value of the financial information they hold about their clients. It can be sold to the highest bidder, used as blackmail on future cyber-attacks and even be used by the hacker to impersonate a firm’s client and abuse that power and relationship.

How likely is it that your firm will face a cyber-attack?

According to research conducted by the UK government, 4 out of 10 businesses in the UK have identified cyber-attacks that have occurred over the last 12 months. Data from the past 6 years indicates that 38% of businesses experience cyber-attacks each year.

One of the most common methods scammers use is known as a phishing attack, with 60% of businesses in the UK having detected phishing threats this year. These attacks are carried out when the scammer sends an email designed to convince the recipient to commit illicit actions such as giving them sensitive information under a false pretence or downloading a dangerous computer virus that’s disguised as a document.

Though regular phishing attacks are relatively recognise, the more complex spear phishing attack is more likely to succeed against untrained targets. Spear phishing is when a scammer targets specific individuals within an organisation by researching their friends, colleagues and family. Once they gather the required information, they craft an email specifically designed to convince the recipient that it is genuine.

Damaging effects of cyber attacks

A firm can face incredibly damaging repercussions from a cyber-attack, however, one of the most impactful is the loss of reputation. Gaining back the trust of a client that has had their data stolen from your firm can be impossible and, in extreme cases, it can lead to clients leaving your business and even pursuing claims against you for improper management of their sensitive and financial information.

You can also lose money directly from a cyber-attack when perpetrators siphon funds from accounts, steal money from your company or your clients, or even when they create a fake employee on the payroll system to claim a paycheck at the end of the month. However, indirect costs tend to be where businesses suffer financially the most. Companies may have to pay staff when systems are down and they are unable to work, they could lose annual revenue as clients may leave and there are the costs of getting systems and lost data back up and running.

According to the UK government, the average losses in 2021 as a result of cyber-attacks are £8,170 for small/micro businesses and £13,400 for medium to large businesses. However, these damages can be avoided by increasing your Cyber Security preparedness with the Cyber Essentials certification.

What is Cyber Essentials?

Cyber Essentials is a certification that demonstrates you are protected from the most common cyber-attacks. It is the best defence against cyber-attacks because it ensures that you have the defences in place before passing the certification. The certification covers 5 key technical controls to make sure you are protected:

  • Firewalls and Gateways – Think of these as the gatekeepers of your company’s network and computers. They can be setup to restrict access to the network to only allow authorised connections, basically making sure that the only people who are allowed on to the network are staff members. These gatekeepers can also be installed onto your computers to make sure no unauthorised connections occur directly on your machine.
  • Secure configurations – Ensure accounts and systems are created with appropriate privileges. This involves replacing default passwords, only granting admin access to those who need it and disabling any unnecessary services that could leave you exposed.
  • User Access Control – Creating procedures to limit the use of admin accounts and ensure special account privileges are only granted when required. This can include logging admin account usage, providing admins with regular accounts to carry out their day-to-day tasks and only letting them use admin accounts for specific actions when required.
  • Malware Protection - Identifying and immobilising viruses before they have a chance to cause harm to a system. Protections include up-to-date anti-virus systems, creating a list of approved software that is allowed to run on the network and running potentially harmful software in a secure environment first before using it on the company network.
  • Patch management – The most important control, it ensures that all software is up-to-date and supported by the software provider. Unsupported software are apps and programs that the vendor is no longer working on (i.e. they are no longer providing updates). Hackers build many of their attacks on the foundation of outdated software. Out of date and unsupported software can be full of vulnerabilities that attackers can exploit. If the software is not receiving updates, then you run the risk of being exposed to attacks that may use these vulnerabilities.

With the certification requiring all these technical and policy protections from an applicant to pass, firms can be reluctant to pursue Cyber Essentials as it can seem like a lot of work. Luckily, the Funded Cyber Support for Accountants programme can help firms in Scotland prepare for their certification at no charge.

What is the Funded Cyber Support for Accountants?

This is a free support programme, facilitated by Scottish IT company Lugo, that increases your chances of passing the cyber essentials certification. The project marks the first time the Scottish Government has ever given funding for Cyber Essentials support specifically for the Scottish SME accountancy sector.

The programme’s free support offers:

  • Onsite visits from a Cyber Security consultant where they can train your staff to respond to cyber threats.
  • Help create a plan of action with the IT team to identify what they need to implement for cyber essentials.
  • A breakdown of all the technical jargon into actionable information for decision makers.

Cyber security should be a priority for every business, and it is up to everyone at the firm to take responsibility for protecting their data and their client's data. Cyber threats are a clear and present danger to companies. They can cost them time, money, and clients. Cyber Essentials is one of the best ways to protect yourself from cyber threats as the certification checks that you have appropriate security measures in place to defend against the most common threats.


Find out more: Funded Cyber Support for Accountants

Cyber security

This one-day course helps to translate the often confusing terminology surrounding cybercrime and provides an up-to-date factual overview of Cyber…

2-23-marsh 2-23-marsh
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: