ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Charities
    5. Coronavirus
    6. Corporate and financial reporting
    7. Business and governance
    8. Ethics
    9. Insolvency
    10. ICAS Research
    11. Pensions
    12. Practice
    13. Public sector
    14. Sustainability
    15. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Top 5 tips to help make your firm more cyber secure

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By Michael Kleinman, Cyber Security Consultant, Lugo and Omer Hanif, Practice Support Specialist, ICAS

31 January 2022

It can be hard to keep cyber security a constant priority throughout your everyday working life, but there are some relatively simple steps that can be taken to mitigate cyber threats.

Finding time away from serving clients can be incredibly difficult.  However, just because you are busy does not mean the cyber threats looming over your firm get any less dangerous. In fact quite the opposite. Not dedicating time to risk management can create vulnerabilities and put your firm and your clients at increased risk.

Here are some of the best quick tips you can implement to make yourself more cyber secure.

1. Enable Multi-factor Authentication where possible

Multi-factor authentication is another layer of security that is designed to make it more difficult for attackers to access your accounts.

When multi-factor is enabled, you will be asked for your regular password and an authentication code. This will be sent to your authentication device, usually a mobile phone.

Enable multi-factor authentication wherever possible. This will make it much harder for attackers to gain access to your accounts, even if they have your password, as they will require access to you phone to complete the login process.

Mobile phone apps like Microsoft Authenticator, Google Authenticator and Authy can store authentication codes for multiple websites in one place to make the authentication process as simple as possible.

Using an authenticator app is also more secure than getting the code via text message, as SMS has infamously poor security, leaving it open to attack.

2. Use a password manager browser extension

A password manager is a brilliant tool that acts as a vault for all your passwords.

The vault itself is protected with one strong master password. You can also enable multi-factor authentication discussed above for an extra layer of security.

These password managers keep track of long and complex passwords for all your accounts. This removes the hassle of needing to remember them as many people have dozens of accounts that they require passwords for.

Another benefit of password managers is that they can create secure passwords for you and will suggest new ones when you are creating a new account for a service.

Password managers like Norton Password Manager, LastPass, 1Password and Dashlane also offer browser extensions. When you navigate to a website that requires you to log in (Office 365, Xero, LinkedIn, etc), the password manager extension can enter your stored login information for you.

Password manager extensions save you from needing to manually type out your login credentials, making you more efficient while keeping your passwords safe.

3. Update your software when possible

Though it may sound simple, applying updates is one of the most effective ways of deterring cyber-attacks.

Making sure you apply updates for the software you use is important for staying ahead of cyber threats. When attackers look at potential companies to target, they scan your network and computer for any vulnerabilities that they can manipulate.

Out of date software is an excellent source of vulnerabilities for attackers. The best defence against these vulnerabilities is to keep software up to date.

Auto update features should be turned on to prevent you from missing important security updates. It is also crucial to make sure your software is still being supported.

If the software supplier does not offer any more updates, then the software is vulnerable to cyber threats. Remove all unsupported software on your devices.

4. The cloud and backing up your information

Frequently backing up vital information can often be overlooked by some businesses: however, it is the best defence against ransomware attacks.

Ransomware attacks occur when a perpetrator places encryption on all your computer’s files and will only give you access if you pay a ransom.

In most cases, the attacker will not give you access back even if you pay the ransom. The only real solution is to reset your computer and start again from your latest backup.

When you store your data in the cloud, it makes it more difficult for attackers to gain access to these files and encrypt them because your computer and your files are in two separate places. This separation helps protect the files from malicious action.

Backups should also be made of cloud data and should be stored in a safe environment. These backups should be taken regularly to prevent major data loss in the case of a cyber-attack.

It is also important to keep a paper copy of any action plans, contact information or critical information you may need if your computer is unusable in the case of a damaging cyber-attack.

5. Get Cyber Essentials

Cyber Essentials is a certification that shows that your firm has defences in place against the most common cyber-attacks.

Getting cyber essentials will help you attract new business as potential clients can be confident that you are taking steps to protect their information. It may also open some other business opportunities as Cyber Essentials is a minimum requirement to tender for many government contracts. Even if you or your firm are not intending to tender for such contracts it is still worthwhile as they are increasingly looking to supply chain compliance. Your clients may therefore increasingly expect you to demonstrate your cyber credentials in so they can continue with their business.

While getting Cyber Essentials can take time, depending on the size of your firm, you do not have to struggle through the process alone.

Funded cyber support for accountants is a free support programme, facilitated by Scottish IT company Lugo, that increases your chances of passing the cyber essentials certification. The project marks the first time the Scottish Government has ever given funding for Cyber Essentials support specifically for the Scottish SME accountancy sector.
The programme’s free support offers:

The programme’s free support offers:

  • Onsite visits from a Cyber Security consultant where they can train your staff to respond to cyber threats.
  • Help to create a plan of action with the IT team to identify what they need to implement for Cyber Essentials.
  • A breakdown of all the technical jargon into actionable information for decision makers.

Find out more: Funded cyber support for accountants

Cyber Essentials: The best defence against a rising threat

By Michael Kleinman, Cyber Security Consultant, Lugo and Omer Hanif, Practice Support Specialist, ICAS

6 January 2022

2-23-marsh 2-23-marsh
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: