It has been a busy few months in the world of cyber security. Earlier this year the NHS was crippled by a ransomware attack that saw computers taken over by a screen demanding money to access files. This was followed by a separate attack that saw MPs in Parliament unable to access emails and finally, in June, a number of global companies ranging from FedEx to Maersk across 60 countries were thrown into disarray by a severe attack originating in Ukraine.
All of these events raise fresh questions about how safe we are from cyber-attacks in the business world, and particularly in the world of accountancy and keeping your data safe. Here Jonathan Booty, IT Systems Manager at Chartered Certified Accountants and Chartered Tax Advisers Bulley Davey, speaks about how you can be cyber safe, and what to look out for when choosing your accountant.
“The role of an IT Systems Manager covers just about everything with a plug on it these days! We’re responsible for all IT systems, making sure they’re all operating correctly and are backed up safe and secure. As an accountancy firm we must be particularly vigilant as our client data contains payroll, bank account details and more.”
How can you be cyber safe?
“The most commonly ignored protection for every business is your firewall and broadband router. Your firewall is the connection between your building and the internet. If it’s old it will not be ready for the challenges that we currently face in 2017.
“If you do have an up-to-date firewall and router, it’s always worth checking that you’re using it to its fullest capacity. Lots of new routers and firewalls have security features included free of charge that can be accessed by using your admin log-in.
“Another crucial element to keeping your business safe is ensuring you have up to date software on your computers. Windows 95 was built to manage the threats of 1995, and similarly Windows XP was built to handle the challenges of the early 2000s. It was computers running Windows 95 that allowed the NHS to be so easily attacked this year, so while your computers may operate fine, they won’t be protected against the latest threats.
“One of my key roles as an IT Systems Manager, and most IT supporters will testify to this, is making sure our data is backed up, secure and separated. If your entire system goes down, you need to be sure that your backups won’t go down with it. Test your backups regularly to make sure you can restore your data should the worst happen. Having a good backup means you can delete ransomware safe in the knowledge your data can be restored.
“Finally, to be safe you have to educate the most vulnerable part of IT – the people! Unfortunately colleagues and employees are where you are most likely to see mistakes – it’s simple human error. It’s a story that has played out in every office; someone sees an email that they think is from a colleague, they open the attachment without checking and suddenly a virus is in your system.
“Educate your employees regularly – what info do they give out and who to? Employ a sensible password policy and make sure they know what to open when getting emails. The most common signs are someone pretending to be a client or a director, and trying to create a false sense of urgency in order to rush or frighten you into making a decision. Generally, if it can’t wait ten minutes then it is worth raising with someone.”
What should I look for in my accountant?
“Accountants deal with a lot of confidential and important client data, and carrying out tasks like authorising payroll payments from their clients’ bank accounts. It’s this kind of data that would be very valuable to a potential hacker.
“For this reason we are registered with regulatory bodies that carry out audits on us before we are able to do these things. Further to this you shouldn’t feel shy about asking your potential accountant whether they carry the latest software, up to date systems etc. – all the things we spoke about above. They should understand that you want your data protected to the fullest.
“At Bulley Davey we offer advice and guidance to our clients on cyber-safety. If we’re your accountant then we’re here to help and you’d be surprised about how knowledgeable we are in the security department. It’s key to our everyday working. Furthermore, if you have an IT problem you should talk to someone you trust and as the saying goes – if you can’t trust your accountant, they shouldn’t be your accountant.”
“The best tip I can give is to be vigilant and stay updated whenever you can; whether you do that via a third party IT company or in-house, it will potentially save you countless hours, and possibly more, should you ever find yourself the target of a virus or cyber-attack!”
Top Tips for Internet Security at Work
- Keep all your computers up to date with the latest software and legitimate antivirus software.
- Never give out confidential information like account numbers or passwords over the phone or via email where possible.
- Create strong passwords across the company, keep them private and change them regularly.
- When on the go, treat all public Wi-Fi networks as a security risk. Never make financial or other sensitive transactions over public networks.
- Establish a separate visitor Wi-Fi if you can. You don’t want visitors to be able to access your main Wi-Fi network as they will then have access to all of your systems indefinitely unless you change your details or router.