Guide to Cyber Security

A Guide to Cyber Risk Management in Business Accounting

Cyber risk management is a key function in businesses today, as almost everything to do with business information is stored in a hard drive or cloud server somewhere in the world. The accounting and finance department in particular has grown by leaps and bounds thanks to technological integrations like cloud accounting and automation, more on which can be read about in Expertise Accelerated publication titled “The Future of Accounting: Demand and Evolving Technology 2022

While technology has suddenly eased many a burden in the accounting and finance department, it comes with its own set of risks. Businesses cannot blindly leverage modern technology without being well-informed on the usage of said technology, and what to do and not to do to stay safe. 

Whether it be bookkeeping, transactions, receipt storage, or invoicing; it’s all done on computers now by most businesses. This means that these accounting function processes are open to cyber-attacks by malicious third parties. Therefore, it is a requirement for businesses today to put measures in place to mitigate these risks as best as possible, otherwise, sooner or later the business may end up collapsing overnight due to negligent cyber security. 

Is your business prepared for the inevitable cyber threats lurking in the digital world? With the explosive growth of technology in the accounting and finance industry, prioritizing cyber risk management is more important than ever.

This guide provides businesses with a general overview of the cybersecurity landscape, detailing prevalent and notable methods of cyber-attacks alongside appropriate countermeasures, and a foundational game plan for implementing a robust cyber risk management strategy in the business.

Importance of Cyber Security

The Importance of Cyber Risk Management

It’s not about if a cyber-attack will come, but when. Attacks are unavoidable, and cyber risk management is the only way to keep your business safe and secure. Before we begin talking about the meat of the matter, the point needs to be driven home to any aspiring entrepreneurs and small business owners out there that they MUST learn about cyber risk management and cyber security and implement appropriate measures within at least their business’ accounting and finance function, if not in every other function.

Reputation Damage

This is primarily because the accounting function while carrying the business’ sensitive financial data also houses the personal data of its customers. Payment information such as credit and debit card details, names, addresses, and the like are immensely sensitive and must be handled with extraordinary care to avoid a scandal and ruin the business’ reputation. 

Looking at historical cases on the matter, the first one to come to mind is the 2021 breach of Neiman Marcus’s accounting function, where an 18-month-old data breach was found to have compromised credit card numbers and expiration dates, as well as customer names and other sensitive information for over 4.6 million customers.  

While Neiman Marcus managed to avoid complete collapse after this major PR nightmare and brand damage, small businesses have a much higher risk of total failure after such an event. Cyber Security Ventures reports as much, with 60% of small businesses targeted by data breaches having to close within 6 months of the incident. 

Financial Penalties

Then there is also the financial angle to consider. IBM’s Cost of Data Breach 2022 report concluded that the average cost of a data breach in the US in 2021 was a staggering $9.4 million, including  recovery and cyber threat detection. And this is just the financial strain incurred by the business to counter a data breach; the situation only grows dire when we look at the possible legal penalties and damage that a business may have to address.

Several US laws and regulations, including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), and the Payment Card Industry Data Security Standard (PCI DSS), require companies that handle sensitive financial information to take certain steps to protect that information from unauthorized access, disclosure, or use.

Failure to follow these protocols can lead to massive fines, typically scaled off the number of persons affected, and may even lead to jail time if the breaches are severe enough. Moreover, this opens businesses up to legal action from affected clients, and the settlement of these lawsuits further strains the business financially. Reputation damage compounded by the financial strain is why small businesses cannot afford to be lax with their cyber risk management.

Prevalent Financial Cyber Security Risks

Phishing

By far, the most prevalent and predatory cyber threat is phishing scams. All of us have experienced phishing in some form or other. If you ever open up your spam inbox on your email, you will find a daily influx of hundreds of phishing scams, all trying to hack into your systems by taking advantage of the likelihood of human error. 

Finance professionals in particular receive a heightened influx of such phishing attempts, emails designed to look official and important and prompt you to click a link under the guise of fixing a system issue. Unfortunately, all it takes is one click on a suspicious link, and all of the data present on the computer network becomes available for a hacker to siphon and use for illicit activities.

Malware

Short for Malicious Software, malware is exactly as the name suggests: malicious code and software that can be installed on the business’ network. Typically, the biggest cause of malware breaches is pirated software, which is very likely to be bundled with some form of malware. Malware allows hackers to secretively extract data from your system, as well as any systems on the business network, and corrupt the operating system and applications. 

Ransomware

Ransomware, as the name implies, basically holds your computer system hostage until a ransom is paid to the hackers. It is usually installed just like malware, but instead of covertly destroying the system from the inside, it locks you out of the system, offering an unlocking encryption key in exchange for payment, typically in the form of cryptocurrency which cannot be tracked. On top of this, there is no guarantee that the system will be returned to you after the ransom is paid. In fact, Sophos reports that only 8% of businesses receive access back into their systems after ransom payment, which means that it’s all over if ransomware manages to get the better of your business.  

Effective Financial Cyber Risk Management Strategies 

Encourage Cyber Literacy

The leading cause of successful cyber-attacks is human error. Cybersecurity experts at Security Magazine report that 95% of cyber-attacks owe their success to human error. This is to be expected, nobody is perfect and if you play the numbers game long enough, eventually someone will trip up and fall for a phishing scam. 

While there is no way to completely remove human error, the possibility of such errors happening can certainly be drastically reduced by keeping the staff apprised of cyber risk management practices. For example, phishing emails are typically sent from emails very similar to official email addresses with one letter changed, or a punctuation mark inserted that can easily be missed. Naturally, they are counting on the fact that you may miss this subtle change and believe that the email is trustworthy, but in truth, if the team knows what to look out for when scrutinizing such emails, the risk can be drastically reduced. 

When your accounting team is sufficiently trained in cyber risk management, preferably by cyber security experts, you can come very close to completely negating the risk of human error. 

Create and Enforce a Cyber Security Protocol

With a cyber-literate team in the mix, the next step is to create a strict security protocol that everyone must follow

For example, a good rudimentary security protocol would look something like this:

  • Generate a list of all trusted official email addresses of business personnel and collaborators. Any email from an email address deviating from this list is untrustworthy and should not be opened.
  • Instead, directly call the supposed source of untrustworthy emails and inquire about their legitimacy. 
  • No software may be downloaded on business devices. This includes business computers as well as business cell phones owned by finance professionals.
  • All passwords must be changed regularly and must be generated using a trusted password manager. 
  • Multi-factor authentication must be enabled on all business accounts. 
  • Only trusted officers may be privy to passwords, everyone else would be logged in and out through trusted channels.
  • All downloaded files must be scanned by anti-virus software. 

And so on and so forth. This is just a very basic framework of a cyber and cloud security protocol that can be established and enforced throughout the business, not just in the finance department, and simply adhering to such a protocol can drastically mitigate cyber risk. 

Leverage Cyber Risk Management Software

While technology in the workplace opens us up to cyber threats, it can also be a fantastic countermeasure against cyber security risks. Anti-virus software and password management apps are just some of the ways entrepreneurs can leverage technology to safeguard their digital information. In addition, most software now includes the option of multi-factor authentication, which further heightens cyber security. 

When it comes to cloud security, or any cloud-based accounting task, spending a little extra money for the most secure subscription service is always preferable to leaving room for attack. Similarly, small businesses and start-ups would do well to allocate funds toward their software needs. Unfortunately, it is a common occurrence for such businesses to try and save software costs by leveraging pirated software, which is a massive security risk. It’s simply not worth the $100 per month saved to open yourself up to malware and ransomware installation. 

Leveraging Expertise Accelerated’s Outsourced Accounting Services for Better Cyber Risk Management

Unfortunately, many small businesses in the US cannot bear the cost of implementing such cyber risk management strategies. Cyber literacy is not a one- and- done thing. The team must undergo regular cyber literacy training from cyber security experts, at least once or twice a year. Furthermore, the cost of all these different cybersecurity services can add up fast, and most start-ups and small businesses cannot justify the cost of implementing these extra measures. 

By leveraging Expertise Accelerated’s Outsourced accounting services, US businesses can save big while ensuring their cyber security is top-notch. EA’s offshore accounting professionals are experts in cloud accounting and remote work and are trained to follow the highest standard of technological etiquette and cybersecurity best practices. 

EA CEO Haroon Jafree (CPA) himself is an esteemed member of the US accounting sphere and recognizes the many pitfalls of cyber security in accounting and finance, and offers US businesses access to tech-savvy and cyber-literate accounting professionals at a fraction of the in-house cost. 

By leveraging EA’s accounting talent, small businesses can save drastically on the cost of recurring cyber education, as well as receive recommendations on the best accounting software and technology to implement per the business needs.