The world's most valuable commodity is not gold, oil, money or even time: it’s data. Hackers know this, which is why cyber attacks are becoming more common.
The recent alleged Deloitte hack suggests that cyber attacks can happen to any company, regardless of size, expertise or resources. Should accountants be worried? And if you are, how can you protect yourself and your business from the threat of cyber attacks?
The story so far
In 1989, Robert Morris created a “computer worm” to test the size of the internet. This was piece of malware that replicates itself to spread to other computers. Regrettably, this spread like wildfire and effectively shut down the nascent internet.
The first computer virus arrived on the scene in the early 1990s, malicious code that takes control of computers and spreads across entire networks. It was only in the mid-2000s that the first fully fledged cyber attacks - used for economic or political gain - appeared, when hacker Albert Gonzalez stole information from nearly 50 million credit cards used by customers of US retailer TJX, costing the company $256 million.
This was a watershed moment, when business recognised the threat of cyber attacks and tooled up accordingly. And yet, companies are still failing to adequately protect themselves. For some, this is a failure of foresight. For others, the problem lies in execution.
The Deloitte hack
The recent alleged Deloitte hack in particular is a wake up call for accountants large and small. That one of the Big Four could be compromised in such a way demonstrates the sophistication and determination of hackers. It also shows this kind of breach can happen to anyone - even a leading firm that offers a “CyberIntelligence Centre” to provide clients with “round-the-clock business focussed operational security”.
So, what actually happened? Earlier this year, a hacker is reported to have accessed the firm’s global email server through an “administrator’s account” that gave them access to confidential client information. In addition to 5 million emails stored in the cloud, The Guardian speculated that hackers might have potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Deloitte have stated that the number of emails at risk was a fraction of this number, and that only 6 clients were affected, but they have declined to give further details.
51% of UK SMEs don’t see cyber security as a priority and yet, 38% of UK SMEs having experienced an attack in the past year. Hackers know that small businesses are a soft target, often lacking in-house IT support, and the stakes are high. Cyber attacks could damage your reputation as a custodian of confidential client information and grind business to a halt. At worst, you could be prosecuted for failing to fulfil your responsibilities as a data controller. There is a chance you could also be pursued for financial compensation relating to losses that arise from stolen data due to a lax approach to cyber-security.
Here’s how you can protect yourself
It’s hard to keep up with developments in this space, so it’s best to get advice and expertise from people who specialise in preventing cyber attacks. This is often more affordable than you think.
At the very least you should follow these basic steps to protect your business:
1) Backup all data on an external hard drive and a cloud-based service
2) Educate staff who are in frequent contact with email about the dangers of opening attachments from unknown sources and encourage them to inform the relevant person in your team if they spot anything suspicious.
3) Design a disaster recovery plan, detailing what you and your team should do in the event of a cyber attack. This should include a thorough steward’s enquiry. You would be wise to utilise the services a cybersecurity expert here.
Cyber attacks are no longer a rarity. They are a reality. And you need to take them seriously in order to protect - and grow - your business. With a bit of thought and planning you can insulate your business against cyber attacks. Remember, you’re not just protecting yourself - you’re protecting your clients too.