Are accountants guilty of cyber security complacency?
The Association of Chartered Certified Accountants (ACCA) and Institute of Management Accountants (IMA) have published a report ‘Cybersecurity –Fighting Crime’s Enfant Terrible’ highlighting the increasing threat from cyber crime and the current attitude of accountants and finance professionals towards this.
“A recent survey by ACCA showed that accountants and finance professionals are not overly concerned at present about the pervasive capturing, storage and access to information, sometimes referred to as ‘living in a fishbowl’. Only 16% of all respondents selected it as one of the six factors that might have the largest impact on the profession in the medium term (3–10 years).”
The report also says
“when it comes to cyber hygiene, things are far from being quite so clear-cut. Unfortunately, people typically exhibit one or more of the following attitudes.
I do not care.
- It is all too complicated.
- The way I have always done it is the right way.
- This is not my problem, other people are supposed to do it for me.
- Regardless of what I do and how hard I try, bad things will happen.
- There simply is not enough time to worry about all this. (This excuse is very common, owing to the ever- increasing pressures of modern life). “
Cybersecurity –Fighting Crime’s Enfant Terrible is a comprehensive report from the Association of Chartered Certified Accountants (ACCA) and Institute of Management Accountants (IMA), recently highlighted in the ACCA 04/2016 Accounting and Business article “get to grips with cybersecurity” published by the ACCA. It refers to the fact that cyber crime is really in its infancy and that, accountants need to understand the threat landscape, and the risks to both their own businesses and the affairs of their clients.
The report considers the current cyber-threat landscape and highlights the risk that Accountants could be a target for cyber criminals to use the ‘lateral movement’ approach. This approach does not necessarily target their own system, but would use that system to launch subsequent attacks on their clients.
Reading this report is essential CPD for all accountants, because understanding the threat is the first step to build resilience against cyber crime. The report reviews the current cybersecurity landscape, explains the trends and areas of concern for cybersecurity and how, as an accountant, you can identify and mitigate the cybersecurity risks within an organisation. Even making a small effort in the right direction, the report says, will make a difference against approximately 80% of security breaches which are made by unsophisticated actors.
The report highlights, in its appendix, some basic safety practices that accountants should adopt. This includes advice patches and updates, antivirus, passwords, and two factor authentication, access rights, removable media and data encryption. The essential controls here are included within the government backed Cyber Essentials Scheme.
Proactive accountants are increasingly looking to achieve, as a minimum, Cyber Essentials and some who want to further mitigate their risks are implementing Cyber Essentials Plus, adding an additional level of assurance for their clients that they are taking their cyber security responsibilities seriously
Read the full report at Cybersecurity –Fighting Crime’s Enfant Terrible
Are you an accountant or finance professional who would like some help bringing your cyber security up to speed to protect your organisation and your clients’ data? Give us a call on 01392 247110 or via this form.