Real world ready | Next Gen accounting
Get switched on to cyber security
Staying up to date on online threats and being able to develop plans to cope with potential future attacks could prove vital to your career
Technological advances such as AI and cloud accounting have had a huge impact on the accounting profession in recent years, driving efficiency and profitability in a range of areas.
But taking a more hi-tech approach to accounting also has its downsides, including an increased vulnerability to data breaches and cyber attacks.
Here, we examine how cyber crime affects accountants and what this means for your future career as a finance professional.
What is cyber security?
Cyber security is an umbrella term for the processes put in place by businesses and individuals to protect internet-connected systems, networks and devices from digital attacks by online criminals.
These criminals include hackers, spammers and fraudsters whose aim is to access, modify or destroy sensitive information, extort money, or simply cause chaos.
In a broader sense, cyber security also covers the processes companies develop to prevent internal threats. These could be anything from an employee inadvertently sending an email containing sensitive data to the wrong person, to a team member deliberately defrauding the business or its clients.
TOP TIPS
Key facts
Half of UK businesses were hit by a cyber security breach or attack in the 12 months to April 2024, according to the Office for National Statistics (ONS).
- Both big and small accountancy firms are prime targets for cyber criminals due to the amount of sensitive financial data they hold.
- Whether you want to go into business or practice, an understanding of cyber security is something both employers and clients will look for today and even more so in the future.
How do cyber breaches and attacks affect accountants?
Accountancy firms hold a vast amount of sensitive financial data on their systems. This makes them highly attractive to cyber criminals such as hackers, who can use this data to steal money and take over accounts.
It is therefore important that firms take steps to avoid falling victim to a cyber attack, which can cost thousands of pounds to rectify and even more in reputational damage.
Types of data held by accountants that cyber criminals can use include:
- Account numbers.
- Transaction details.
- Credit card numbers.
- Usernames and passwords.
- Personal information such as addresses and telephone numbers.
What are the most common forms of cyber crime?
The ONS figures indicate that phishing attacks are the most common type of cyber crime affecting UK businesses today. However, ransomware attacks are on the rise.
It’s also worth noting that a large percentage of information breaches are caused by accidental data sharing.
Phishing attacks
Phishing attacks involve criminals attempting to trick accountants into revealing sensitive financial information such as passwords by posing as legitimate entities via fake emails or other messaging services.
So-called business email compromise attacks use similar tactics in a bid to dupe accountants into transferring funds into the criminals’ accounts – e.g. by pretending to be a client company’s chief executive.
Malware/ransomware attacks
Malware is malicious software designed to damage, disrupt and gain unauthorised access to internet-connected IT systems.
Ransomware is malware that can encrypt a company’s data before demanding a payment in exchange for the decryption key.
Such attacks can be staged by exploiting system vulnerabilities or by convincing individuals within the system to click on a link that automatically downloads the malware.
It’s also worth noting that a large percentage of information breaches are caused by accidental data sharing
TOP TIPS
Seven ways to protect against cyber criminals
1
Training employees how to spot phishing and business email compromise messages, and offering guidance on what to do if they receive a suspicious request.
2
Using multi-factor authentication to only grant system access once users have verified their identities multiple times on different devices.
3
Employing cyber security specialists or investing in third-party cyber security services such as endpoint detection and response (EDR) tools.
4
Ensuring firewalls, anti-virus tools and encryption techniques are kept up to date.
5
Developing a robust approval and validation process that sets out what actions and data transfers must be approved by managers.
6
Using a secure accounting platform that has robust cyber security protections in place.
7
Taking out cyber insurance to cover the costs associated with being targeted by cyber criminals.
How cyber security can help your career
The threat from digital attacks keeps growing every year. As digital criminals continue to come up with new ways to target both businesses and individuals, developing an understanding of cyber security could take your career to new heights.
Future accountants will have to work increasingly closely with IT specialists to develop internal cyber security policies capable of keeping sensitive data – whether on the company itself or its clients – safe.
That means businesses will value individuals who can do this, as well as those capable of setting out plans for what to do in the event of an internal data breach or a successful cyber attack.
When choosing an accountant, meanwhile, companies and individuals will look for a firm they can trust to keep their data out of the wrong hands.
How can I learn about cyber security?
If you are doing an AAT apprenticeship, it’s worth exploring options to increase your cyber security knowledge via your employer, either from the internal IT department or with an external training provider.
There are also lots of online cyber security courses available, ranging from a few hours outlining the basics for beginners to more in-depth training lasting several months or even years. Why not start with the AAT Masterclass Digital Decoded, which lasts between one and three hours and covers cyber security as well as blockchain technology?
Another option is to volunteer at a local charity, as these organisations are often targeted by cyber criminals due to the data they have on their donors. You could get clued up on data protection measures while putting your accountancy skills to good use and gaining valuable work experience to boot.
The Association of Accounting Technicians. 30 Churchill Place, London E14 5RE. Registered charity no.1050724. A company limited by guarantee (No. 1518983).