Is Your Accountancy Firm Resilient To Ransomware Attacks?

Here's the bottom line. Ransomware is now the most significant cyber threat worldwide. Not only have ransomware attacks been rising year on year, but ransom payment and demands are also increasing. For example, the average ransom payment in Q4 2022 was $408,644, a huge 58% increase from Q3 2022.

Share this post

Accountancy firms are a lucrative target for cybercriminals due to the sensitive client information and significant financial information they handle. And when successful attacks occur, you have to explain yourself to the regulator, ICO, and your clients, incurring significant financial and reputational damage. So, how do you keep cybercriminals from stealing and encrypting your critical business data and using it to blackmail you?

We’ve compiled a list of the top 10 areas accountancy firms should focus on to avoid falling victim to ransomware attacks.

1. Antivirus (AV) Software

AV software is designed to detect and remove viruses and other kinds of malicious software from your devices. And crucially, it provides numerous opportunities to stop the progress of a cyber attack in its tracks. To ensure the effectiveness of AV software, it should be centrally controlled, configured by a security expert, kept up to date, and installed on all devices.

2. Email Security Filters

Email security filters scan messages and classify them into different categories: spam, malware, virus, bulk, and others. Critically, these systems help detect malicious messages before they land in your inbox, helping avoid cyberattacks due to simple user errors like opening a dodgy attachment. When you consider that 91% of cyberattacks begin with a phishing email, this isn’t a step you can afford to miss.

3. Web Browsing Controls

Web browsing controls alert users when they are about to visit a dangerous website. Fraudsters often get around AV software by tricking employees into visiting malicious websites. Luckily, these controls act as an additional layer of security to mitigate this risk.

4. Security Patching

Cybercriminals usually leverage known software vulnerabilities in their attacks, because uncovering new vulnerabilities themselves is incredibly time-consuming. Thankfully, software providers like Microsoft and Google issue regular patches (fixes) for the new vulnerabilities that they have discovered themselves. The criminals review these new vulnerabilities and develop plans to exploit them. It is therefore important to install these patches as soon as they become available!

5. The Principle of Least Privilege

When an attacker compromises an employee account, they will use all the privileges the employee has access to, ensuring their ransomware can wreak havoc on as many parts of the network as possible. To counter this, accountancy firms should apply the principle of Least Privilege. This means giving users access to only the applications, functionality, cloud platforms, and other resources needed to perform their job.

6. Secure Remote Authentication

Remote and hybrid working is now a common feature of modern workplaces, but it also poses significant security risks. For example, when logging into the network from a different location, how do you ensure your users are who they say they are? Security experts no longer consider usernames and passwords alone to be enough.

Instead, accountancy firms should deploy more robust forms of remote authentication, including multi-factor authentication (MFA).

7. Test and Scan Externally Facing Assets

Ensure your security defences are up to scratch by testing and scanning your firewalls, domain addresses, login pages and IP addresses to detect any potential vulnerabilities or gaps. It’s the only way to stay one step ahead of the criminals because while you might not be scanning, they are!

8. Review Access Management

Many IT systems allow all users to access documents, files, and folders by default. However, this poses a serious security risk, so you should review your access policies and ensure access is granted by role (a genuine need to access those resources).

9. Alerting and Incident Response

Your IT systems should alert you when suspicious activity is detected. However, alerting is just one part of the equation; you must also determine how to respond to these alerts. This is called an incident response plan, which details how to respond effectively to each cyber incident.

10. Backups

Backing up your business data is like having an insurance policy – you hope you never need it, but if disaster strikes, you’ll be glad you took the time to set it up properly. Make sure your business is prepared; take a copy of your systems, applications, and documents and store it safely to secure your data and protect you from ransomware attacks.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.

Share this post