Accountant Inboxes Are The Newest Prey Of Cyber Attacks
The phrase of learning from other’s mistakes especially holds true in the accounting world. It’s very common to find firms seeking guidance from others who have undergone a similar situation. By learning about the solution that the other firm implemented, they can solve problems quicker and with more ease than if they were to undergo the entire solution on their own accord. When it comes to sharing our mistakes, some of us want to keep them under wraps. It can be embarrassing to share problems that revolve around data security and breaches to your company. When in the accounting field, we all know that relationships are built on trust. When data breaches happen, trust can be easily broken.
However, thanks to a few of those firms who are willing to raise their hands and share their stories, many others are learning about the power of hindsight and making better decisions for the situations that they’re in. It’s encouraging that more and more firms are stepping up to the chopping block. By sharing their stories of stupid mistakes that cost their clients money, others get to learn how to avoid those mistakes when it comes to their own business operations.
The shift to cyber-security in the accounting field has been exponential. What was once a bottom priority has skyrocketed to the top of the agenda. Now, partners are starting their meetings by discussing their risk of cyber threats. They know that cyber-security is something that can no longer be brushed under the rug for another day. By analysing the tools the business uses, the policies it implements, and the training their staff undergoes, accounting firms are better able to manage their individual risk of threat. Couple this proactive attitude with learning from other firms’ past cyber attacks and accounting firms are becoming safer each and every day.
Surprisingly enough, the legal consequences of cyber-security breaches are not what has driven the change in perspective throughout the accounting sector. Rather, it’s the breach in email attacks that has enlightened the attitude of being proactive in the cyber-security field. There are weekly emails that accountants are receiving from legitimate customers or so they think. These bogus emails are actually causing an infection to their clients that is causing public embarrassment for the accounting firms. Some of these threats are even costing clients money and their reputation.
There have been many efforts taken to prevent cyber-security attacks in the accounting sector. One of the most common is utilizing a two-factor authentication approach for opening accounting applications. Since these added security features are making it more difficult for attacks to be done during user log-in, intruders are coming up with more unique approaches. The most well-known is intruding from the inbox of the accountant.
It’s not uncommon for an accountant to have years worth of correspondence full of information about each of their clients. The intrusion of this information can mean fraudulent behavior that will paint the client in a negative light among the community they serve. In addition, intruders can use the accountant’s email to propagate fake correspondences with clients which can be misleading. This creates a false framing of the accounting firm as the culprit for the intrusion when it’s really a hidden intruder using the accountant’s inbox as their preferred site of prey.
To top things off, many mail service providers are boasting about how easy it is to log in to their email programs. As users seek easier login procedures so they aren’t taking all day to login to their programs, they forget to think about the login process from an intruders standpoint. Companies like Google Apps and Microsoft Office 365 are making their email services easier to crack as they make them more convenient for users to login to their systems. So, how do we work together to solve this ongoing data breach problem?
Many accounting firms are utilising what is known as a password capture tool. This type of program helps to consolidate cloud logins. The concept is that it makes it much easier for the passwords to be remembered and entered into the various programs that an accountant may access. The problem is that many firms are using the same login details to access things like company domains and Office 365. This is creating an easy access data breach for hackers.
To fix this problem users should implement SAML or Federation, products of Google and Microsoft, to link up their desktop, cloud, email, and mobile devices. This way, the same identity can be tracked by the firm. When using this type of program, it bypasses the standard login technology used by Google and Microsoft. This translates to enterprise level security for the firm. This type of security level makes it difficult to undergo brute force attacks of intrusion.
To speak to a Payneless IT financial services cyber-security specialist click here.
