It is enough to send shockwaves rippling through businesses. There had already been a growing awareness, but 2017 is the year that terms like ransomware and cyber-crime went mainstream. Headlines about high-profile targets, such as Britain’s National Health Service and Germany’s Deutsche Bahn, were hard to miss. And now, there are reports that Bugs Bunny is up to his old tricks and ransoming PC’s across Europe by taking advantage of a bogus Adobe Flash update.
Our CPA-qualified specialists say that for accountancy firms, the issue is especially critical. The type of information stored and shared between accountant and client would be highly prized on the dark web, making the industry a potentially lucrative target. In the case of those offering consultancy services that touch on IT in any way, there is demand for advice to keep clients safe from cyber-attacks.
The rise of cyber-attacks comes at a time that IT departments must already cope with the challenges of supporting a mobile workforce, as well as adapting network boundaries to include cloud services and an internet of things (IoT) that are connected to core systems.
The timing is no coincidence. All those connected devices and workers represent an erosion of traditional network boundaries. Conventional security was not designed for the fluid complexity that is today’s digitally-driven workplace. Cyber-criminals, at the same time, have become big business, with ready access to an array of tools that allow them to attack more targets; it is estimated that one in every 131 emails now contains malware, and phishing earned a haul of US$3 billion in the last three years.
In such a security landscape, when your data or applications are not right where you can see them, it is worth grilling your cloud provider on exactly what defences they have in place.
There are some developments that help. Having secure, off-site backups minimises damage from the ransomware attacks that have swept the world this year. Being able to recover your data quickly and continue operation thwarts the cyber-criminals and allows your operations to continue.
Experts predict that ransomware attacks will continue to escalate, given the lucrative nature of their operations. Creating a strong disaster recovery plan is vital for organisations – and it must be checked and tested regularly. These days, you don’t have to do it all yourself, though. An increasing number of our customers find disaster recovery as a service (DRaaS) gives them access to a solution built on enterprise-level HPE infrastructure, that would not be financially viable in-house.
Perhaps the most useful step of all is to get an independent security audit that looks over your environment with a fresh pair of eyes. This might include penetration testing, risk assessment and compliance checks. Many of our clients make the audit part of their best practice routine, and use its recommendations to guide their security roadmap. It is a great way of getting best value from independent consulting expertise.
In times of intense cyber-risk, your clients put their trust in you to safeguard their information. Having the right plan in place protects them – and it also protects you. Poorly handled security breaches can result in loss of reputation, which for accounting firms is everything – so demonstrating that security is taken seriously establishes faith in your practice.
To learn more about securing your IT environment and DRaaS, or to discuss concerns with a CPA-qualified technology expert, contact the mcrIT team.