Sponsored by Accountancy Insurance.

The widespread WannaCry ransomware attack that occurred in early May 2017 shocked both large corporates and SMEs.  

Businesses from almost 200 countries were affected by the attack and hundreds of thousands of computers infected with the ransomware virus.  

Cyber crimes can cause catastrophic disruption. In the case of the WannaCry attack, vital services in the UK, such as the National Health Service, were plunged into chaos. Education institutions in Asia were also infected, along with hundreds of SMEs in Australia and the US.  

Experienced cyber investigators from around the globe are now making their way through hundreds of infected services searching for clues to how the attack was launched.  

The ransomware virus was spread by email and users were infected when computers began updating Windows software with the latest security patch. Infected victims were asked to pay a ransom in the Bitcoin digital currency to unlock their data.  

Get smart

Guarding against cyber attacks should be a high priority for C-level executives. Business leaders need to put in place deterrent strategies and invest in protecting both their business and their clients from possible attacks. Due to the sensitive nature of the data they keep, businesses in the accounting and financial services sectors should be leading the way on cyber security best practice.

Karen McDonald, associate director of professional risks at Accountancy Insurance, urges finance and accounting sector leaders to protect their industry from cyber attacks. McDonald says many accountants simply don’t believe that they will fall victim to cyber attacks.  

“Cyber crime is more prevalent than ever,” she says. “Accountants are prime targets to due to their access to sensitive information.”  

Risk assessment

Clients are increasingly aware of the risks and want an accountant who is equally as diligent and aware of the possible dangers of a cyber attack. Accounting firms need to think about the software and hardware they use and how it can be best protected against cyber attacks.  

Assessing the risks and putting a contingency plan in place now could save valuable time and money later. Antivirus software, firewalls and IT support cannot prevent a cyber attack. BAE Systems found that the average cost of a cyber attack in Australia in 2016 was A$622,515.  

Although antivirus software and firewalls cannot provide full protection against an attack, it is best practice to ensure that sensitive data is housed inside a robust framework. It is also important to allocate funds to keeping antivirus software up to date.

Cyber security insurance

Businesses may also consider taking out an insurance policy as part of their strategy to guard against cyber attacks.  

Insurance policies can cover both first-and-third party risks associated with cyber crime. This includes privacy issues, intellectual property infringements, transmission of viruses, breaches under the Privacy Act and other related concerns.  

“Utilising a cyber insurance policy is a good marketing tool for attracting prospective clients, portraying your accounting firm as prepared and protected even in the undesirable event that a breach occurs,” says McDonald.

This article is part of an Working In Practice column aimed at CAs working in SME accounting practices. If you’ve got something specific that you would like this column to cover, email the Acuity team now.