Accountants complacent to cyber risk, expert warns

In a contributed column for Public Accountant, Kamino Cyber Security Services and Midwinter Financial Services managing director Julian Plummer noted how cyber risk is a key area of risk management within a firm but not very well-understood by accountants.

He said 300,000 new viruses are introduced every day, and about 40 software bugs are discovered every day, of which many of those being ‘weaponised’ within hours.

Mr Plummer said the lack of understanding is partially the reason why most accountants “wait until they are bitten before doing something about it, because only then the risk becomes tangible”.

“Cyber risk goes much broader than just the internet. It’s more about owning and managing your practice’s information lifecycle,” Mr Plummer said.

“You need to consider where and how you collect the data, where it is stored, and how it is used and, finally, how it is destroyed. In each stage, there are different threats that could expose your client’s data to unauthorised third parties.”

As outsourcing becomes a major security risk consideration for many SMEs, Mr Plummer also advised firms to develop a good knowledge of your service providers.

He said there are certain things that a practice should not take for granted and should carefully consider before proceeding with any service provider.

Further, Mr Plummer said that, when shopping around, accountants should look for enterprise-grade security features.

“An SME may be outsourcing data processing and management to a cloud service provider. With larger enterprise service providers such as Office 365, a practice will not have much say in how that service provider manages their security.”

While Mr Plummer acknowledged that most practices have an external IT service provider, he recommended that firms have an information security professional that is purely there to assess a firm’s cyber security.

“When it comes to information security, you must speak to a qualified, experienced security specialist that does nothing but focus on keeping your practice safe,” he said.

“This is akin to asking an electrician to install your home alarm system. While they may be perfect for the job, you will want a specialised security firm to monitor for intrusions and manage the security system for you.”