Check the news any given day and you might see a report about hackers accomplishing a data breach, or of a ransomware attack encrypting all company data until it pays up. These are the well-known types of cyberattack, but there are less common cyberthreats accountants should be aware of, as well.
There is almost a malware malaise now. You’ve heard so much about the threat of a virus invading your networks or systems. Someone clicks on a perfectly innocent looking email, and the result is computing chaos? It’s not fair!
You also know to put a firewall around your technology; it’s as if you’re in a military movie. You have to “protect the perimeter.” Ensure no one can breach your cyber protections to secure personal data and intellectual property.
Still, a watchful eye for phishing emails and social engineering attempts isn’t enough. Installing security tools and upgrading anti-virus software also won’t cover everything.
Knowing where less common cyberattacks are coming from could help, though.
Less Common Modes of Cyberattack
You may not believe it possible of the people you work with, but they are a real vulnerability.
One problem is that we’re eager to help, especially when it comes to clients. There is a pre-established relationship, as your business has visibility into their financials. People are less likely to think twice about providing information to a client.
Yet cybercriminals do their homework and have enough information to be credible. Then they play on urgency and emotional appeal. They might call or email someone at your firm pretending to be an admin assistant for someone at the client. They might spin a tale of the CEO needing emergency cash in a far-flung location. Can’t you please help get it to them? Or they send a malicious file asking you to look at this complicated tax document for them (posing as the client). By the time you realize it wasn't actually the client, it's too late.
Insider attacks are a problem, too. Employees know your company’s infrastructure and are familiar with your cybersecurity tools. They also know where the sensitive data or confidential information is kept. Additionally, they may not act maliciously all the time. If a disgruntled worker is patient, rather than going out in a blaze of glory, it can be harder to detect the breach.
According to the Ponemon Institute, insider-related incidents cost $11.45 million in 2019. Establishing role-based access credentials can help limit exposure. With this approach, people can get only to the information they need to do their jobs.