Cybercrime continues to grow with each passing year, costing businesses enormous sums. Forbes recently noted that ransomware cybercrime costs are expected to rise to $265 billion by 2031 worldwide.
And financial impact is't the only concern when it comes to successful attacks. Vital business data may also be lost. In fact, the same Forbes article notes that only 57% of companies successfully recover data after the fact.
Additionally, these attacks can disrupt employee morale, reputation, and workflow.
This article looks at accounting (and broader business) cybersecurity risks, and what you might do to mitigate them.
What data are cybercriminals looking for?
Cybercriminals usually target financial data. This information typically includes credit card, account, and social security numbers. Log-in credentials and personally identifiable information are other likely targets for hackers.
And all of the above extends to customers, too. Having your company bank account details stolen is one thing, but leaking passwords and financial data for thousands of your customers is a whole other level.
The risks of a cybersecurity breach
The outcomes of a serious data breach are probably pretty obvious. But are the chances of a hack really worth worrying about?
The goal here isn't to panic you. But here's a little food for thought.
The number of attacks is increasing
The frequency of cyberattacks is rising, and attackers are willing to target anyone regardless of who they are or what size business they work for. Studies show a new cyberattack occurs every 39 seconds, and 30,000 websites are hacked each day worldwide.
In many cases, hackers need any way into your systems. That means low-level employees can be just as valuable as the CEO.
Hacking is a skill
The University of Miami says hacking is a skill that can be learned like any other. The skill can be attained by taking a course, or self-taught through various internet resources. This lowers the barrier to entry for this type of activity and may contribute to the increasing number of cyberattacks globally.
Both clients & employees are at risk
As previously mentioned, financial data includes personal information like names, social security numbers, and account information. What’s more, criminals are not concerned about whether it is client or employee information they steal, so all parties are at risk.
After all, access to your whole customer database may well be far more valuable than access to your checking account.
What are the consequences of cyberattack?
The consequences of a successful attack are typically financial, legal, and reputational.
All cyberattacks have financial consequences, but the severity will range from incident to incident. Sometimes, data can be held hostage until a ransom is paid. Sometimes, even if it is paid, it does't guarantee the company will see its data returned. Thus, the company loses out on any stolen information and has the financial burden of paying the ransom.
This, combined with legal fees and potential loss of revenue, can be devastating and detrimental to the success of a business.
The legal ramifications can compound the financial stress experienced, especially if you don't have cyber liability insurance to cover the costs. Legal battles can be stressful and take up valuable time that could be spent addressing the damages done to your company and its clients and employees.
These legal disputes can come from the government, private individuals, or other businesses.
Your reputation and rapport with clients will be diminished because they trust your team to protect their data from cybercriminals. In the United States, several states require breaches to be disclosed to their clients. And whether legally required or not, you almost certainly need to share the bad news with clients.
One survey found that Target saw a 54.6% decrease in consumer perception after a major data breach. After five years, their reputation improved. But it was still lower than before the breach.
Ways to protect financial data
Thankfully, there are ways to strengthen your cybersecurity and reduce the risk of a successful attack. Compliance, layered security, and proper accounting software all help you mitigate risk.
First is compliance, and there are standards put forth by the financial industry that companies that host credit card information must adhere to. These standards are known as PCI compliance - Payment Card Industry Data Security Standard (PCI DSS).
PCI standards include, but are not limited to:
- Requiring companies to document their policies clearly
- Educating employees on risks
- Having a response team in place
- Routine testing of response plans
These measures lower the risk of stolen data and improve response time during a breach. Response time is also vital, as undetected breaches will continue to wreak havoc until they are found and dealt with.
In one case, Marriott Hotels suffered data leaking from 2014 until 2018. They estimate that around half a billion people had their personal information stolen during this time.
Layered & strong cybersecurity
There are several points of vulnerability in every system, and this is why you need layered cybersecurity processes. As explained by IBM.com, a layered cybersecurity system should include security for the following: your system(s), network(s), application(s), and transmissions.
Use proper accounting software
Your company should only use trustworthy accounting software from a reputable brand. Some key features to keep an eye out for when choosing an accounting tool are:
- Strong user authentication. Typically, this is a multi-factor process where the user has to use a password/passcode and then verify their identity. Usually, a push notification or code is sent to the user, and once they respond, they are let into their account. Strong authentication is becoming a standard, especially with growing crypto wallets and banking app integrations.
- Streamlined workflows. Human error is one of the major causes of security breaches, so your company should seek automation. Automation will improve workflow while reducing the number of human errors.
- Solutions to current problems you are facing
- Ease of use for the client and the company
- A cloud-based program
- Varied user security clearance levels - Access to system files will vary from user to user, so not everyone will be privy to sensitive information.
What to do if a breach occurs
Despite best efforts, errors happen and a breach may occur. Your company must be ready to locate the source of the issue and resolve it.
Recall that there are financial, legal, and rapport implications. You can decrease their effect by addressing and rectifying the situation as quickly as possible.
Compliance thorough security and reputable software are all preventative measures that should be in place, yet you should also be prepared to mitigate concerns post-breach. As Emily Lazration writes, “Cyber liability insurance is the only type of policy to protect against data breaches, loss of digital records, and cyber extortion. This policy can cover the notification, legal, and recovery costs of data breaches.”
Remember, legal expenses can easily reach thousands of dollars. Also, not every insurance policy is created equal, so be sure to ask your insurance provider what your deductibles might be, the exclusions, and what happens if you miss a payment.
Insurance will certainly help you manage the costs that come with a security breach. But you still need an action plan. Your security plan should include the following:
- Pinpointing the breach and its reach
- Attending to legal and ethical obligations
- Creating a communication plan for the public and responding to questions
- Investigating the breach
Record everything related to the breach. Stay vigilant after the incident and implement further security measures like encrypting your data.
Cybercrimes, especially those in the financial sector, continue to evolve, and their numbers will continue to increase; nevertheless, there are several steps you can take to mitigate those risks.
In particular, it's vital to remain vigilant, use reputable and reliable software, adhere to security standards, and be ready with a plan for when a breach occurs.