As an accounting firm, you deal with sensitive, valuable financial data on a daily basis. The livelihood of your clientele is regularly accessed, updated and managed through your IT, which is why cybercriminals work so hard to find ways to break into your system.

According to Bromium’s independent study conducted by Dr. Michael McGuire, Senior Lecturer in Criminology at the University of Surrey in England, the global cybercrime industry now brings in $1.5 trillion – equal to the GDP of Russia.

But that’s not all – this massive figure breaks down as follows:

  • $860 billion – Illicit/illegal online markets
  • $500 billion – Theft of trade secrets/IP
  • $160 billion – Data trading
  • $1.6 billion – Crimeware-as-a-Service
  • $1 billion – Ransomware

Cybercrime Is Big Business – How Can You Protect Your Firm Against It?

Malware, adware, and spyware pose just as big a threat to your clients as they do your business and its employees. As the trusted manager of your clients’ vital financial data, are you 100% confident in your firm’s security?

6 Ways To Keep Your Accounting Firm Secure Against Cybercrime

1. Use Two-Factor Authentication

A close-up of a person's hands holding a smartphone and a pen, with various digital security icons, including a padlock and key, overlaid in soft focus, suggesting themes of cybersecurity and data protection.
Read moreIs Your Law Firm As Secure As You Think?

For accounts that support this, two-factor authentication is an extra step to ensure the security of your information. It requires both your password and an additional piece of information to log in to your account. The second piece might be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication can protect you and your staff’s business accounts even if the password is compromised.

2. Use an Email Filter

If your firm’s email client provides a solution that filters out potential spam or will channel it into a bulk email folder, opt for this. If they don’t, you might want to consider another option.

3. Regularly Backup Your Data Both Onsite and Remotely

Ensure your firm’s files are backed up regularly to ensure you have a duplicate of all your files and applications if your network is compromised:

  • Maintain at least three copies of everything.
  • Store all data on at least two types of media.
  • Keep a copy of your data in an alternate location.

4. Keep Your Passwords Secure

It’s vitally important for you and your staff to follow these practices when creating and managing passwords for business accounts:

  • Don’t tell anyone your passwords.
  • Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
  • Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login starting with https://. If the web address begins with https:// your computer is talking to the website in a secure code that no one can access. There should be a small lock next to the address. If not, don’t type in your password.

5. Ensure You And Your Staff Can Spot A Scam

A woman points at a laptop displaying a cloud security graphic while a man types on the keyboard, both engaged in a discussion in a bright office setting. A coffee cup and stationery are visible on the desk.
Read moreCPAs and Cyber Security—The Right Technology Makes All The Difference

Phishing scams are nothing new. Criminals have been using the same tactics for many years, adapting techniques used over the phone into highly successful email campaigns.

Regardless of the approach they take, the goal remains the same – getting a hold of sensitive information by simply asking you for it.

By posing as financial institutions or the IRS, scammers will send out emails advising targets that their account has been compromised, their password needs to be updated, or important information is missing from their file.
By responding to these messages and providing the requested information, you’re handing over everything a hacker needs to steal your money or your identity.

No matter how legitimate these emails may look, no reputable company, institution, organization, or agency will ever request sensitive information via email.
Avoid clicking on embedded links in these types of messages and instead go directly to the website, and if you want to follow up with the sender before responding, make sure you use the contact information found on their official site, not what’s provided in the email.

Now, if you’re paying attention, you may notice that that’s only five tips…

What’s The Final and Most Important Tip To Securing Your Accounting Firm?

The truth here is very simple; it’s not a multi-point list, or a comprehensive, complicated strategy. The one thing to look for in IT support for accounting firms is a team that understands the accounting industry and the technology involved in it.

Accounting firms need to be assured that their security is a priority for their IT support provider. No addendums or clauses or clarifications. When they call, their IT support needs to answer them and address the issue.

By partnering with an IT support provider that understands your accounting firm’s work, schedule, and priorities, you can ensure your firm is kept secure by benefitting from an expert IT company’s knowledge, skill, and resources.