4 Harmful Misconceptions About Cybersecurity Held by Accounting Firms

4 Harmful Misconceptions About Cybersecurity Held by Accounting Firms

Published: October 12, 2023
Share: Facebook LinkedIn Twitter

Cybersecurity. It’s hardly a new concept, especially in the profession of accounting, which has long been a favorite target of cybercriminals due to the valuable sensitive personal and financial data accounting and finance professionals manage on a daily basis. And yet, it’s still an area in which many accounting firms are lagging far behind where they should be, despite the rising prevalence of cyberattacks.

This leads to a big, important question: Why do so many accounting firms disregard cybersecurity, leaving themselves vulnerable to attack?

In a new webinar, Luke Kiely, former cybercrime officer and CISO of SmartVault, addressed the top four misconceptions he’s encountered during his years of working with victims of cyberattacks and with accounting professionals looking to bolster their security. Do any of these apply to you or the leadership at your firm? Read on to find out.

Top 4 Mistaken Beliefs Accountants Hold About Cybersecurity

1. If you run a small firm or a solo partnership, you’re too small for cybercriminals to target.

"Many [firms] feel they are too small or insignificant to be targeted, which isn’t the case," Luke says. Cybercriminals are after one thing: money. And many of them, surprisingly, aren’t criminal masterminds locked away in some far corner of the Earth with a room full of computers filled with green, Matrix-like type running down the screens. They’re college students, people’s neighbors, angry customers who want revenge, or curious opportunists lured by the anonymity the internet provides and the promise of so-called "easy" money. And while a big national company could take months to digitally break into, as well as a lot of effort, attacking several small firms could be much easier and would still net the thief thousands of dollars, depending on the size of the ransom they ask for.

The takeaway: No matter your firm size, you should be taking cybersecurity seriously. “Waiting for a breach to occur isn’t a viable strategy,” warns Luke, even as he acknowledges many accounting practices still do things this way. Make no mistake, “the financial losses of a cyberattack can be catastrophic. A single incident can outright cripple your business,” he cautions.

2. Cybersecurity is too expensive.

While we’re on the subject of money, another common misconception about cybersecurity Luke often hears is that it’s expensive and it’s not worth the investment. While the sticker price of some cybersecurity measures is high, he agrees, it’s best to think of it this way: Whatever you spend on protecting yourself, what you’d spend on ransoms, mitigating the data breach, and other expenses if you were to be attacked is far higher. The latter can actually bankrupt you.

Cybersecurity has to be done on a case-by-case basis,” he says. Create a budget, and implement measures that make sense for a firm that size of your organization. Also, remember: “You won’t necessarily see or feel the value of it if you’re actually protecting yourself against a threat. It can be hard to want to invest in something where you don’t get an instant ROI,” he says.

This leads him to another important point people don’t often think of: There are quite a few totally free cybersecurity best practices. Updating the software on your laptop or phone? Free. Creating a super-strong password? Also free. And these are incredibly strong cybersecurity measures experts like Kiely are practically begging accounting professionals to take regularly.

3. Even if my accounting firm is attacked, my clients know me, and I’ll be able to retain their business.

Digital trust — the term cybersecurity experts use to describe a customer’s level of trust in the online service they’re using — “is the cornerstone of e-commerce and other financial transactions,” Luke says.

Consumers must trust that when they use a service, it will deliver and be secure.” Simply put, a breach will negatively impact the level of trust your clients have in you, and that loyalty you’re counting on? It’s far more fragile than you think.

Digital trust can easily be eroded by a security breach or privacy violation.” And once there’s been an attack at your firm, you’ll find news of it making its way into online reviews and ratings, as well as word of mouth recommendations, all of which are heavily used by modern clients to gauge the trustworthiness of an accounting firm. “One breach can be all it takes for customers to abandon a business completely for one that maintains digital trust. Your firm can be affected irrevocably, as can your ability to bounce back,” he says.

4. Cybersecurity is too difficult—it’s changing all the time.

True, “the natures of cybercrime and cybersecurity are very dynamic,” acknowledges Luke. It’s difficult even for experts like himself to get a straightforward sense of the threat landscape at any given time. Cyberthieves are constantly evolving, as are their methods for attacking firms, which they frequently change as such strategies become harder or easier to use. It’s the very dynamic nature of this threat that frequently lead accounting firms and firm leaders to put cybersecurity on the back burner rather than just dealing with it.

But there’s good news, according to Luke. While cyberthreats are changing all the time, cybersecurity best practices actually aren’t. “Yes, cyberattacks are becoming more sophisticated, but basic protection remains the same. The protections have remained the same for arguably decades: things like educating your employees, creating strong passwords, and using multi-factor authentication.

The takeaway? Implementing strong cybersecurity measures is not insurmountable for any firm. To learn more and hear what Luke advises firms do, watch the full webinar on-demand today.

To learn about using SmartVault to proactively protect your data, schedule a demo.