Cyber security for CPAs: protecting your practice

In an increasingly digital world, cyber security has become a critical concern for professionals across various industries. However, when it comes to accountants, particularly those working in small practices, the need for robust cyber security measures cannot be overstated.

Drew Fenton, non-executive director of Fenton Green, one of Australia’s leading insurance broking firms specialising in risk management and insurance, says accounting firms face a heightened risk in the world of cyberthreats.

“Everyone is at risk of a cyber attack, but if we were to rate the risk profile of professionals, accountants are at the top of the tree,” Fenton says. 

“CPA Australia public practitioners represent small-to-medium-sized enterprises entrusted with sensitive client data, including legal and financial records, alongside personal information."

Accountants are vulnerable to infection through various avenues, such as clicking on malicious links, compromised websites, spam emails, system infiltrations, or even client-related emails, says Fenton.

“Accountants need to always remember that they don’t just deal with revenue authorities with sophisticated cyber protection in place; rather, their daily interactions could be with individuals with basic cyber protection.”

While the accountant’s own systems may be safe, they can get infected through their clients. They may accidentally let in hackers by clicking the wrong link, visiting a compromised website or falling for spam emails.

Fenton says that accountants may not immediately recognise when their systems have been compromised. 

“It takes about 120 days for the actor to be in your system before something happens,” he says. “Even if an accountant thinks everything is fine, the hackers could already be causing damage.”

With the increasing sophistication of cyberthreats, protecting sensitive data and client relationships demands a comprehensive approach. 

However, 87 per cent of small businesses believe their business is safe because they use antivirus software, according to the ACSC annual cyberthreat report from July 2020 to July 2021.
While antivirus software is a vital component of cyber security, as Fenton points out, it is just one layer of protection. 

To protect against this, Fenton suggests that accountants consider transitioning to cloud-based solutions for data storage and management. “Being in the cloud is far better than having a server under the desk,” he advises. 

It is also important to only entrust cyber security to professionals who can oversee system maintenance, upgrades and antivirus installations. “Don’t leave the security of your computer systems to the advice of inexperienced family or friends.”

In addition to using cloud-based solutions, Fenton advises accounting firms to teach their staff to identify and address cyberthreats through online training and tests. 

By embracing cyber security best practices and seeking professional expertise, Fenton adds, accountants can safeguard their businesses and clients against the evolving landscape of cyberthreats.

Protect your business as you grow with a range of innovative solutions from Fenton Green.