The rise of artificial intelligence and machine learning is changing the way we work for the better: increased efficiency and shorter working weeks can be welcome adjustments. However, when dealing with a large amount of sensitive data, a new level of risk arises that shouldn’t be taken lightly.
For one, the costs can be sky-high: cybercrime sets the Australian economy back by up to A$1 billion annually, according to the Australian Criminal Intelligence Commission1. And researchers at Cybersecurity Ventures2 predict cybercrime will cost the world A$6 trillion annually by 2021.
Accountancy is historically paper-based but is now rapidly adopting new technology; however, managing secure digital integrations on your own can feel like unchartered territory.
According to Aon Cyber Insurance Practice Leader, Michael Parrant, another contributing risk factor is human intervention – even though organisations may already have well-designed systems in place.
“Each company will likely make slight alterations to their processes,” says Parrant. “But when you condition something to be built a certain way, you have to be really careful about doing that yourself. Inevitably, humans are still the biggest cause of automation-related issues.”
How email is a key risk
Parrant helps organisations identify the financial implications of cyber risks to make decisions about choosing an insurance policy or risk migitation. He also assists organisations with recovery planning through risk simulations.
One of the most common examples of automation gone wrong, he says, is a failure to properly secure emails. Overlooking the minor details often leads to the biggest data compromises.
“The simple act of cc’ing all of the clients instead of bcc’ing the group, for example, may be an immediate issue that you can’t reverse easily,” he says. “It involves engaging directly with clients and managing issues around the exposed data.”
Another risk is when clients receive fake invoices from compromised email accounts. Vulnerable clients may unknowingly update their bank details on request, paying money straight into a hacker’s account.
“Keep in mind that hackers have studied the business,” Parrant warns. “They know exactly the right time of day or year to be asking someone for their bank or tax details.”
“Keep in mind that hackers have studied the business. They know exactly the right time of day or year to be asking someone for their bank or tax details.”
Keeping your data secure
Adding a personal touch in your communications is key to keeping data secure. This can include implementing a two-factor authentication method by following up with a phone call or in-person discussion.
“When you’re making a big business transformation, you should always tell your client how you’ll follow up with them to confirm that it’s a legitimate communication method,” says Parrant. “It helps build trust and rapport as your business evolves.”
Bringing in an external company to mitigate cyber risk can also help. Accountants can access best practice methods to help their firm’s security awareness evolve into a more mature framework or level of certification.
Choosing a third-party service such as risk profiling or a risk simulation can help you gain a better understanding of what threats are posed to your company in the current landscape. It can also offer hands-on, scenario-based learning.
Best practices for data protection
Cyber risk can be managed and dealt with before it actually happens. Parrant encourages these best practices to focus on prevention:
1. Password management: Taking a more systematic approach to generating unique passwords can help keep your credentials and sensitive data safe.
2. Patching software: Make sure you can update programs as soon as possible when requested to protect your technology from potential vulnerabilities.
3. Practising for the real thing: Build in practice scenarios once a quarter or year, ideally with a third party. This can help build confidence at every level in the company about their role and responsibilities if needed in the event of a data breach.
© 2020 Aon Risk Services Australia Limited ABN 17 000 434 720 AFSL no. 241141 (Aon). The information contained in this article is general in nature and should not be relied on as advice (personal or otherwise) because your personal needs, objectives and financial situation have not been considered.