Date posted: 18/08/2020 5 min read

5 cybersecurity essentials for small business

A cyber attack can be disastrous for accountants and financial advisers. Here’s how you can protect your business.

In Brief

  • Cybersecurity is particularly important to industries that store and access sensitive information.
  • COVID-19 has only exacerbated the risk of cyber attacks.
  • Your team are your best cyber defence, so get them to protect passwords and double-check invoices to help shield a business from cybercrime.

Cybersecurity is important to any businesses with a digital footprint, but particularly those industries that store and access sensitive information. Accountants and financial advisers, who deal in sensitive information daily, are particularly vulnerable.

COVID-19 has only exacerbated these vulnerabilities: 99% of cyber attacks require human interaction in order to succeed, which makes you and your team the best (and worst) cyber defence your business has.

“99% of cyber attacks require human interaction in order to succeed.”
Susie Jones

This means that the past five months during the COVID-19 pandemic have not only been some of the most dangerous for the physical health of all Australians, but also for your digital health. 

Research from Chubb Insurance reveals over 60% of Australian SMEs have experienced a cyber incident in the past 12 months, but small businesses across all industries are still failing to take action on cybersecurity.

The Australian Cyber Security Centre (ACSC) reports the Australian financial system has recently weathered several large-scale cyber attacks, and further cyber attacks on the industry’s digital infrastructure during the current remote work requirements of COVID-19 are likely.

Here’s what you need to know about cybersecurity for the financial sector, and what steps you can take to protect your clients and business.

What cybersecurity risks do you need to watch out for?

Because finance and accounting professionals are highly trusted by their clients, they are often targeted by attackers who will present themselves as an accountant or advisor to validate a scam. 

Ransomware attacks, where private client data can be held to ransom or stolen, can result in significant legal and reputational damage to a firm, even if the information is recovered without being shared further.

In April, a Toronto-based accounting firm experienced a ransomware attack that saw some of its documents copied and auctioned off on the dark web, including bank login credentials.

As more firms adopt cloud platforms, cloud service takeover via reused and stolen passwords is common, and outages to these systems can be damaging.

It’s important to improve and safeguard not just your own platforms but ensure the way your clients access and transmit their private information is also secure.

Generally speaking, the most common scams targeting all types of businesses are invoice scams (fake invoices sent to you by a known supplier/customer through hacking their email), phishing scams and attacks on vulnerable remote access systems such as remote desktop and VPN solutions.

5 cybersecurity essentials for small business

1. Protect your passwords: Often cybersecurity all comes down to poor password management so start using a password manager and enable two-factor authentication.

2. Double-check invoices: If an invoice you’ve received comes from a different business contact or just looks a bit different, avoid being tricked by making a call to the business you’re paying to check it’s legitimate before you pay the invoice. Try to contact them through a number you already have, not one that’s on the possibly fraudulent invoice.

3. Don’t think it won’t happen to you: Scammers don’t discriminate and will try to scam businesses of any size. They can hit thousands of businesses at the same time. 

4. Remember your own reputation: A core part of an accountant or financial adviser’s appeal is trust, so misuse of your reputation can be disastrous. Protect your personal information and accounts with the same rigour applied to your firm.

5. Get cyber fit: Just like getting fit doesn’t happen with one workout, Cyber fitness is all about taking small incremental steps to improve your cybersecurity every day. The first step is to understand what you have to lose and what tech you rely on. What data do you have and what is valuable?

Small business owners can take an online survey then enrol in a Cyber Fitness Bootcamp (for free) to help them understand the risks and what they can do now to protect their business.

What today’s CFOs need to know about cyber risk

Cyber risks are financial risks, so today’s CFOs should see working with IT on a cybersecurity strategy as part of the job.

Read more

Cyber threats are endless, so protect your organisation’s crown jewels

No organisation has limitless resources, so it’s critical to determine priorities in your business’s cybersecurity spend.

Read more