Protect the most important thing in your accounting firm

Protect the most important thing in your accounting firm

As we’ve seen over the past few years, being
able to work anywhere, any time, on any
device is great. We’ve been shifting to this
way of working over the last 10 years, but
2020 really sped things up.

This is the way many of us are working today, and that’s how it’s going to stay in the future, whether we’re in a pandemic or not. Working flexibly like this means that businesses can reduce their costs; attract the best candidates for jobs; and have a happier workforce too.

But as our devices get smarter and more powerful, they’re also becoming more disposable. As you’ll know, you can do most things on your smartphone now. And how often do we lose or break them?

The thing is, because everything is stored safely in the cloud (that’s the huge servers where you store your data, in multiple locations across the globe), if you lose your phone, it’s no big deal. You simply get a new one and restore your files from your backup. Just like magic, you have a new handset that contains all the data your old one had.

A lost phone is now merely a minor inconvenience and a small financial cost. And it’s not just phones this applies to. Your tablet and laptop work the same way. This flexibility is amazing. However, it also has its risks. Number one being that any time you take your device away from the office, you’re potentially opening up your data to anybody. The sad and scary truth is that there are countless gangs of cyber-criminals who are trying very, very hard to access your data. And even take it away from you.

You’ve probably heard about malware before. Malware, or malicious software, is code placed on a device or network with the aim of infecting, stealing, or corrupting your data. Essentially, a hacker can create malware to do exactly what they want, once it’s within your network. It’s a pain, because once it’s there, it can take you a while to notice what’s happened. And it can be tricky to remove.

But there’s something scarier: Ransomware. This is actually the fastest growing cybercrime right now. And if you’re not taking all the right precautions it’s likely that you will fall victim to this devastating form of cyber-attack at some point. As the name suggests, ransomware is a kind of malicious software that encrypts your data so you can’t access it. The hackers then literally hold you to ransom to regain access – you must pay a fee. For example, they might ask for £5,000 - in Bitcoin, of course - within 3 days. If you fail to pay, this fee doubles. If a week goes by, you can kiss your data goodbye forever.

Ransomware is terrifying. Trust me when I say that you want to avoid this at all costs. And while absolutely anyone can become a victim of ransomware, it’s usually small and medium sized business that are targeted. Cyber-criminals know this is a group that typically doesn’t spend excessive time or money on cyber-security. I don’t want to bore (or scare) you with statistics, but it’s worth you knowing it’s estimated that 48% of businesses were attacked with ransomware in 2019. And while there are no figures yet, it’s a safe bet to assume that figure rose dramatically in 2020.

The most common way for ransomware to get on your device or network is by someone clicking a link in a suspicious email. And before your jaw drops that someone - especially someone in your own business - would be naive enough to click a link in a scam email, you need to know these emails are really sophisticated nowadays. Yes, these emails will look like dead ringers for genuine emails from someone you know or expect mail from - HMRC, your bank, even a department within your own company. And they not only look like the real deal, but the email address maybe a very close copy too. These emails work because they ask you to do something relatively simple; click to update your details, for example.

Even looking with a critical eye, it can be hard to spot that something is wrong. Once that ransomware is installed, there’s not always an immediate attack. In fact, it can take between 60 to 100 days for anything to happen; sometimes even longer. That’s for a number of reasons. Firstly, the longer a hacker lurks within your network, the harder it is for you to detect them. Usually, hackers enter through one device that’s connected to a network. Then they investigate your network for other weaknesses. Better for them to have control over as many devices as they can. They can also make it virtually impossible to kick them out once the attack has started. This is what makes ransomware so difficult to deal with. And it’s why prevention is always better than cure. 

You need to be aware of the signs of a hacker in your network. Both you and your IT support partner should look out for them:

  • Unexpected new administrators appearing on your network
  • Software being disabled
  • New software being downloaded
  • Remote access sessions lasting for days at a time Of course there are many technical things to look for; but that will give you a good start.

A good IT support partner will always recommend everyone in your business has regular cyber-security training. After all, your people are your first line of defence from cyber-attack. Software alone won’t offer a good level of protection. You need software and humans.

Understand this, though: You can never be 100% protected from malware, ransomware, and other forms of attack. That’s impossible, because it’s a non-stop game where the criminals are always inventing something new, and the data security world has to catch up. It is possible to be 99.99% protected; but you may be surprised to learn that we don’t always agree with going that far. You see, when you lock down everything to make your data security watertight, what you can inadvertently do is frustrate and annoy your staff.

They’ll have lots of extra layers of protection to go through, more steps in an already busy workload, and more to remember. And what that means in the real world is that they’ll skip steps, and look for ways to bypass security. Which actually puts your business more at risk. Think of it like a door to an office. If you have seven big locks and a biometric scan just to open it, eventually, people will get frustrated and just prop the door open!

So to take away the frustration and hassle, we tend to use what we call “blended security”. Where we pull together several products and services, which work together to protect you. It means fewer codes and passwords for your people, and a better level of security for your data. And the greatest part is that every blend will be different, depending on the business it’s for. That way we can customise security perfectly for each client, based on their specific requirements.