Is your Accounting Team Plugging Cybersecurity Holes?

This year cyber risks topped worldwide business concerns, and with good reason. According to recent data, cybercriminals can breech an estimated 93% of company networks. And where there is opportunity, there are people willing take advantage of it. In fact, cyberattack attempts are up 50% over last year, which is an especially shocking statistic considering cyberattacks were already up 50% YOY from 2020 to 2021. 

A businessperson’s hands on a keyboard with a digital lock overlay

However, even in light of these kinds of trends, there is still a fallacy that small businesses have less to worry about than their larger corporate counterparts. This mistaken belief comes from the assumption that big corporations have a bigger target on their backs because they have more of the things that are worth stealing (sensitive information, customer data, money, and so on). But what this line of thinking fails to consider is that larger companies also typically have more safeguards in place to protect their assets. Big corporations typically have not only the technology needed to be more buttoned up, but also the policies, procedures, and personnel in place to better protect themselves. As a result, cybercriminals are increasingly targeting smaller organizations. In fact, in his book "Fire Doesn't Innovate," Kip Boyle reveals that a ransomware attack on a small business these days costs the organization an average of $4M. 
​
As cyber security threats continue to evolve businesses and their employees must be on guard at all times. Organizations of all sizes, but especially small-to-medium sized businesses (SMBs), need to be able to identify today’s most common cyber scams and equip their staff to prevent them! 

Today’s Most Common Cyber Scams
When you think of a cyberattack, do you picture an anti-social computer genius dressed in all black working in a dark room with a whole row of huge glowing computer monitors? That’s how TV and movies would have us imagine it. In reality, hacking requires very little technical expertise and is easily done with only basic technology.
​
The rise in cybercrime that we are experiencing globally right now is due to technology becoming ubiquitous across the globe. With smart phones and computers in so many people’s hands there is both a greater opportunity to engage in cybercrime, and greater effectiveness when doing so because so much of life is lived online these days.

Familiarize yourself with today’s most common cyber scams:

• Phishing – Phishing scams involve sending some form of communication (an email, a text message, etc.) from what appears to be a trusted source (a vendor, a bank, a partner company, etc.) that asks recipients to provide some sort of information (credit card information, login credentials, etc.).
  ​
  
• Malware – Some phishing scams try to bait recipients into clicking on a link or downloading something (a software update, a white paper, etc.) to get malware on their computer. Once on there, malware is a nefarious piece of software meant to gain unauthorized access to the device to disrupt or damage it to cause harm to the owner’s employer.
  
  
• Ransomware – Ransomware is a program that takes over a person’s device and holds the files and information stored on it hostage for money. When the owner pays the ransom, the items are given back or access to the device is restored… sometimes. Other times, more money may be demanded later, or the information may be deleted anyways. Depending on the complexity of the attack, the files may be duplicated and stolen anyways even if the victim pays so they can be sold. Ransomware is typically aimed at individuals, not companies. However, with so much business being done on personal devices these days, an individual ransomware attack can have serious business implications as well.  
  
  
• Invoicing Scams – Invoicing scams involve sending fraudulent invoices to companies in the hopes that they will pay them. The most effective invoicing schemes use existing vendor accounts to send additional invoices for items that were never delivered or services that were never rendered. If unchecked, these types of scams can go on for months or years, resulting in a huge payday for the cybercriminals involved.
  
  
• Insider Threats – While most cyberattacks originate externally, some come from within instead. Remember, fraud can happen at any company, which means that while you work to protect your business from cybercriminals, you should also be concerned with what kind of vulnerabilities exist internally as well. A Forbes article on the financial implications of cyber threats explains, “Security threats don’t only come from external parties. There has also been a notable increase in the number of security breaches coming from insiders. Internal teams that have access to systems and customers’ data pose a threat.”

Employees should be trained on how to spot these types of scams and provided with information on how to report them. This kind of training should be ongoing to combat not only today’s security risks but tomorrow’s as well.

Assessing Vulnerabilities
People, processes, systems, and networks create vulnerabilities for businesses. When you are looking for cyber security holes to plug, these are the biggest culprits to focus on:

• Weak and/or infrequently changed passwords
• A lack of formal policies and procedures
• Cloud software
• Mobile device usage
• Use of unsecured public and home networks
• Third-party exposure by vendors, service providers, and partners
• Software or network configuration mistakes

Once you have identified where your biggest vulnerabilities are, make a cybersecurity checklist to ensure you do not miss anything important. Some security vulnerabilities will be quick and easy to fix. For instance, requiring all employees to connect through a VPN (Virtual Private Network) when working in public is one simple way to increase your level of protection. However, some other fixes are far more difficult and costly to implement. As an example, switching accounting platforms to one with more robust security protocols can be a big undertaking. However, if it is better positioned to protect the company’s financial data, the time and money tradeoff is worth it compared to leaving the company exposed.
Lean on your financial staff for recommendations. An experienced financial leader will be able to best advise on how to follow Security Six safeguards with your data.

Minimizing Risk
A good accountant or accounting team should be married to their internal controls, upholding all of the following accounting controls in any environment:

1. Segregation of Duties
2. Access Controls
3. Required Approvals
4. Assets Audits
5. Financial Document Templates
6. Trial Balances
7. Reconciliations
8. Data Backups

Remember, the best way for your accounting team to protect your company from cyber threats is to follow your controls procedures every single day with every activity they touch. If you don’t believe us, find out how these types of internal controls protected a company we know from losing $50,000 in a cyber scam earlier this year!

If you are ready to bring on an experienced accountant to help protect your business, please contact us! We have a team of reputable consulting accountants ready to help you keep value in your company and keep cybercriminals out.

Find out more about how our seasoned accounting professionals have helped other businesses like yours.