In Pursuit of Profit
Read our expert article below or sign up to get articles sent to your inbox.
Cybersecurity is always vital, but in recent months it has become more critical than ever before. In the wake of the COVID-19 pandemic, hackers and fraudsters have capitalized on the disruption and increased their efforts to steal personal and business data. According to Jeff Bathurst, cybercriminals have used this as an opportunity to prey on companies that were not fully prepared to work in a completely remote environment. The pandemic quickly magnified any cybersecurity weaknesses that businesses had, and immediately after the pandemic hit, there was a 40% increase in cyberattacks. In April alone, criminals stole a staggering 220 million company and personal records.
But pandemic or not, cybersecurity should be a top priority for every company. Understanding where your business is vulnerable and what it can do to stay protected will help you avoid cybersecurity issues.
Use Reputable Service Providers
Cybercriminals are most interested in a company’s financial data (or their customers’ financial data), making this an especially important area to safeguard. Ask yourself, “How secure is the work that our bookkeeper or accountant is doing?” Look at the technology platforms they are using, how they are accessing/transmitting/storing data, and their general work practices.
Using a reputable accounting firm instead of a freelance bookkeeper is typically more secure because these companies almost certainly have regulatory and compliance standards in place governing their cybersecurity measures. Freelancers, however, may or may not have these same security standards because there is much more variation among these professionals.
Whether you handle your finances in-house or outsource these functions to a third-party, utilize the proper accounting controls to minimize security risks internally as well. Remember, always secure your business from the inside and the outside.
Companies with less security-savvy leadership should consider using an SECaaS (Security as a Service) company to oversee their information security across the organization’s entire technology environment.
Train Employees to Avoid Phishing Schemes
Phishing schemes are the most common cybersecurity threat because they are so easy for attackers to deploy. Last year 32% of data breaches included phishing schemes.
Remember, no employee is immune. Sales, HR, business development, and finance are common targets, but phishing schemes and ransomware do not discriminate. Educate all employees on the prevalence and danger of phishing schemes:
Understand the Challenges of Remote Work
Many employers encourage employees to use their personal technology when working remotely, making them especially vulnerable to security breaches. Ideally, employees should not be relying on their personal technology for business use, but if your company cannot provide computers and phones to employees, have policies in place to regulate how employees conduct themselves on this technology.
Organizations must maintain compliance with their own data and their customers’ data in the office and anywhere where employees are working. Jeff Bathurst explains that remote work must be handled maturely with policies that are “sustainable, controllable, and accountable.” He urges employers to monitor and control who is accessing data, how they are accessing it, and where that data will best protect the company.
Follow General IT Best Practices
The best protection against cyberattacks is strengthening your ongoing precautions in response to new threats. Follow cybersecurity best practices, such as:
Do you need to revisit the systems and procedures surrounding your accounting controls? Please find out more using our resource: Best Practices for Implementing and Updating Accounting Controls