Home Business Insights & Advice Why it’s time for accounting firms to address mounting cybersecurity challenges

Why it’s time for accounting firms to address mounting cybersecurity challenges

by John Saunders
5th Jan 22 5:37 pm

Accounting businesses hold special categories of data and a lot of valuable data at that. With mounting security breaches (97%) happening due to user error, cybercrime has never stood a greater threat.

Accounting firms, and professional accountants, often store, manage, and oversee valuable financial data. They are essential personnel entrusted with potentially sensitive business data. Because this kind of data passes their desk often, whether requested by the admin or a client, accountants need to take extra precautions. These precautions ensure that your firm protects sensitive data, not only for the sake of compliance with your business but for the safety of your clients who’ve entrusted you with their personal, financial, and professional information.

Proactive accounting cybersecurity – A top of mind priority

The risk of not proactively addressing accounting cybersecurity threats is critical. Without robust protection, accounting businesses risk the loss of clients, revenue, and reputation. For companies, a breach in the system translates as a significant loss of time while systems are held for ransom and the costly expenses of investigating the attacks, notifying the clients, remediating the problem, and paying for monitoring.

Addressing early to accounting cybersecurity risk is a smart step to take, ensuring that sensitive information and data systems remain secure and protected.

For accounting businesses, the risks are considerable when it comes to cybersecurity. As we speak, the average cost of a data breach for businesses is $4.24M, the highest in the 17 years. For accounting firms and businesses alike, the mere risk of such a breach is extreme. Not to mention, their reputation can also face tremendous backlash, even resulting in having to close. These cases are not rare by any means. Take Sequoia Capital. A reputable financial institution that happened to be a valuable target of criminals seeking to hack financial data. This story was not as bad as it could have been; only one employee’s email was successfully breached via a “wire diversion scam.” But that’s all it takes. One data breach can expose business and customer financial data resulting in magnificent financial loss.

Examples of such breaches are endless, and they only highlight the need for accounting firms to start getting serious about cybersecurity.

Accounting business cybersecurity best practices

Cybersecurity planning must consider all components of your accounting technology, including software for accounting, servers, emails, cloud solutions, and your employees. Here’s a closer look at why and how to protect each element.

Regular staff training

More than 67% of hacks and breaches are due to human error or a password being compromised. Training your staff regularly on the varying aspects of cybersecurity is crucial. This training should offer your employees advice on how they ensure safety when online or handling sensitive financial data.

Accounting professionals should consider the following areas for cybersecurity: 

  • Strong passwords, and avoid using the same password for multiple accounts
  • Using unsecure places to store passwords, such as in a web browser
  • Avoiding using public internet connection for work, such as bar or coffee shop

Know your threats

Accounting businesses face threats like ransomware, hacking, and phishing scams, but internal threats and errors are just as compromising. Unintentional data sharing can happen easily with untrained employees, and there are endless ways data relevant to the financial lifecycle can be misplaced. Therefore, it’s important to examine your individual organization data and develop accountability into your actual accounting procedures for proper data management.

You can do that by ensuring that all machines are up to date, especially operating systems and any software updates or patches. As a reliable accounting software, QuickBooks is equipped with the latest in accounting cybersecurity features, updates, and compliance controls. It not only makes managing accounts and sending invoices easy but also relies on advanced, industry-recognized security safeguards to keep all of your financial data private and secure.

Frequently applying security updates, including patches, is a small yet vital step that accounting businesses can take to ensure greater security and protection against cyber threats. This translates as regular evaluation of accounting software, especially if any are taken outside your firm, and ensuring that software is patched.


Any reputable accounting firm must have a plan to back up its data, applications, and operating systems. This approach is necessary in the event of a cyber-attack and if natural disasters were to damage servers or remove access to physical locations.

A backup plan will ensure that data and valuable financial information are stored in the cloud and backed up regularly. Relying on cloud networks allows for smarter backups in the case of a cyber-attack or other issue. That’s especially relevant during tax season, where accounting firms need to showcase a proven backup plan in case financial data is compromised.

Attack surface

Accounting businesses need to reduce their attack surface as much as possible. Attacks surface is the number of ways hackers can exploit to gain access to a network or device. This allows cybercriminals to gain access to valuable financial data, which is then held for ransom or sold on the Dark Web.

Both security partners and accounting businesses themselves must identify weak points in the network and other vulnerabilities that can be easily exploited. The global health crisis has meant more accounting businesses are working remotely and using cloud applications to continue their operations. This has increased the attack potential. Even so, employees that were shielded by the firm’s network security cover are now working remotely, making home PCs and laptops a helpless attack surface.

In order to extend their security to remote employees, firms must implement robust cybersecurity practices that ensure employees and their work devices are protected from data breaches, irrespective of their location.

Leave a Commment


Sign up to our daily news alerts

[ms-form id=1]