{"id":4479,"date":"2018-05-24T11:10:55","date_gmt":"2018-05-24T10:10:55","guid":{"rendered":"https:\/\/www.sage.com\/en-gb\/blog\/?p=4479"},"modified":"2026-01-29T10:37:38","modified_gmt":"2026-01-29T10:37:38","slug":"cybersecurity-tips","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-gb\/blog\/cybersecurity-tips\/","title":{"rendered":"5 useful cybersecurity tips to protect your accountancy practice"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-gb\/blog\/category\/technology-innovation\/\" class=\"entry-header__link\">Technology &amp; Innovation<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\t5 useful cybersecurity tips to protect your accountancy practice\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2018-05-24T11:10:55+01:00\">24 May, 2018<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"5 useful cybersecurity tips to protect your accountancy practice\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-gb\/blog\/cybersecurity-tips\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-post-author\">\n\t\t\t<div class=\"co-authors\">\n\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-gb\/blog\/author\/keirthomasbryant\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair-350x350.jpg\" class=\"entry-author__image\" alt=\"\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair-350x350.jpg 350w, https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair.jpg 760w\" sizes=\"auto, (max-width: 40px) 100vw, 40px\" \/>\t\t\t\t<span class=\"entry-author__name\">Keir Thomas-Bryant<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t<\/div>\n\t\t<\/div>\n\n\n\n<p>Accountants need to think about cybersecurity.<\/p>\n\n\n\n<p>That was the message from Peter Erceg, Senior Vice President, Global Cyber &amp; Technology, at independent brokerage firm Lockton, who spoke at Accountex 2018 to a packed lecture theatre full of accountants and bookkeepers.<\/p>\n\n\n\n<p>Peter forensically examined and explained three examples of cybersecurity breaches from 2017, all of which cost billions for the companies affected.<\/p>\n\n\n\n<p>Virtually all were caused by basic security failings, such as not patching systems for security holes or not checking that processes for patching worked correctly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cybersecurity-tips\"><strong>Cybersecurity tips<\/strong><\/h2>\n\n\n\n<p>\u201cThe key thing about processes is making sure they\u2019re effective,\u201d said Peter, who went on to summarise his cybersecurity mitigation advice as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Patch systems in a timely fashion<\/li>\n\n\n\n<li>Restrict user access<\/li>\n\n\n\n<li>Change passwords regularly<\/li>\n\n\n\n<li>Segment networks<\/li>\n\n\n\n<li>Upgrade software to the current version \u2013 or at worst the last-but-one release<\/li>\n\n\n\n<li>Remove data you don\u2019t need<\/li>\n<\/ul>\n\n\n\n<p>However, what specific advice is there be for accountants? Here\u2019s our own suggestions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-1-limit-your-liability-but-educate-your-client\"><strong>1. Limit your liability \u2013 but educate your client<\/strong><\/h2>\n\n\n\n<p>In a world where accountants are increasingly advising clients on which <a href=\"https:\/\/www.sage.com\/en-gb\/accounting-software\/\">accounting software<\/a> to use, due to initiatives such as <a href=\"https:\/\/www.sage.com\/en-gb\/making-tax-digital\/\">Making Tax Digital<\/a> or accountants simply increasing their service offerings, it\u2019s vital that your firm also ensures your clients understands the lack of liability when it comes to computer security issues.<\/p>\n\n\n\n<p>Cybersecurity liability should be thoroughly explained within any service\/client contract, of course, but to avoid an unpleasant situation arising, it\u2019s good practice for the accountant to educate the client from day one on the same basic security procedures that they have in place in their own practice.<\/p>\n\n\n\n<p>This can be informal or formal \u2013 a simple friendly chat over the phone, or an organised session at the accountant\u2019s practice that several clients attend.<\/p>\n\n\n\n<p>For example, if you\u2019re informed by your software vendor that a particular software package must be patched then sharing that information with your clients is unlikely to involve significant resources.<\/p>\n\n\n\n<p>As always, it provides that vital way to keep in touch with your client to reassure them that you have their interest at heart and potentially create an avenue for further client offerings moving forward.<\/p>\n\n\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-2-remove-client-data-you-don-t-need\"><strong>2. Remove client data you don\u2019t need<\/strong><\/h2>\n\n\n\n<p>Peter mentioned this but for accountants, it\u2019s a particularly important point considering the extremely sensitive nature of the data you hold, which might have commercial value too.<\/p>\n\n\n\n<p>Secure deletion of client data that you no longer have a use for is not only an effective block for any cybersecurity breach, but it\u2019s also legally mandated under <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-guide-accountants\/\">the GDPR<\/a>, which states that privacy must be implemented by design and default.<\/p>\n\n\n\n<p>In other words, once a client leaves your practice, you can&#8217;t keep hold of client data just in case it might be required in future. Nor can you keep hold of client data for your own purposes, such as for analytics.<\/p>\n\n\n\n<p>Put simply, get rid of any data as soon as you can. It might feel counter-intuitive at the time but it could prove incredibly prescient should the worst happen.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-3-monitor-information-about-products-you-and-your-clients-rely-upon\"><strong>3. Monitor information about products you and your clients rely upon<\/strong><\/h2>\n\n\n\n<p>Part of the work of a modern accountant is to be aware of information about security issues with the <a href=\"https:\/\/www.sage.com\/en-gb\/accountants\/\">accountant software<\/a> that they use.<\/p>\n\n\n\n<p>This might be as simple as subscribing to the software vendor\u2019s email for an accounting package, for example.<\/p>\n\n\n\n<p>To help with this most firms regularly issue what they call Security Advisories \u2013 just google that in addition to the vendor\u2019s name.<\/p>\n\n\n\n<p>Don\u2019t forget that it\u2019s not just the accounting software that you\u2019ll need to monitor. Nor is it simply tasks such as ensuring your operating system is patched as soon as possible. Anywhere the internet comes into your office will require attention.<\/p>\n\n\n\n<p>Some photocopiers and printers, for example, are internet-connected nowadays \u2013 and you\u2019ll need to remain on top of firmware updates for these too.<\/p>\n\n\n\n<p>(If you\u2019re wondering if it\u2019s not just simpler to remove these devices from the network by unplugging the cable then, yes, this is often a simple solution if it doesn\u2019t create usability issues for the business.)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-4-move-your-practice-and-clients-to-the-cloud\"><strong>4. Move your practice and clients to the cloud<\/strong><\/h2>\n\n\n\n<p>Cloud software is automatically and invisibly updated to fix security issues, and this is a powerful incentive for making the switch to the cloud if you and\/or your clients haven\u2019t already.<\/p>\n\n\n\n<p>Similarly, if your <a href=\"https:\/\/www.sage.com\/en-gb\/blog\/cloud-technology-efficient\/\">client data is stored in the cloud<\/a> then you no longer have to take care of the security of your own server \u2013 which can be a task so important and time-consuming than it often involves hiring the proverbial \u201cIT guy\u201d.<\/p>\n\n\n\n<p>Of course, switching to the cloud is no excuse for being ignorant about computer security. You\u2019ll still need to know the basics of password security, for example. You\u2019ll need to ensure your network and wi-fi are secure.<\/p>\n\n\n\n<p>You and your staff will need to be educated about <a href=\"https:\/\/blog.knowbe4.com\/social-engineering-101-18-ways-to-hack-a-human-infographic\">social engineering hacking<\/a> too. However, there\u2019s little doubt that using the cloud removes a significant amount of the traditional computer security requirements \u2013 and removes the worries too.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-5-stay-on-top-of-security-and-be-honest-with-clients\"><strong>5. Stay on top of security \u2013 and be honest with clients<\/strong><\/h2>\n\n\n\n<p>Peter mentioned the importance of adopting a mea culpa attitude should you find yourself in the unfortunate position of suffering a security breach. He explained that, if nothing else, it simply doesn\u2019t look good if the first public admittance of a security problem is when a journalist or client contacts you asking about finding their data publicly available on a hacker site.<\/p>\n\n\n\n<p>There\u2019s often a knee-jerk response within businesses to avoid sharing information about security breaches, as if keeping it secret will somebody avoid damage. History has shown this is nearly always the opposite of the truth \u2013 and it\u2019s an express route to creating ill-will and dissatisfaction with clients, in an industry where trust is paramount.<\/p>\n\n\n\n<p>Again, if nothing else the GDPR changes how businesses respond to security breaches in any event. Businesses must notify supervisory authorities&nbsp;\u2013 such as the Information Commissioner\u2019s Office (ICO) in the UK \u2013 within 72 hours of becoming aware of a breach.<\/p>\n\n\n\n<p>If that breach poses a high risk to the individuals concerned, controllers must also notify the affected individuals without undue delay.<\/p>\n\n\n\n<p>Similarly, a mature attitude within your practice of admitting that operational effectiveness will be affected by security issues and planning is better than simply not allocating time and resources to the issue.<\/p>\n\n\n\n<div class=\"single-cta gated-content\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">GDPR Guide For Accountants And Bookkeepers<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>As an accountant or bookkeeper, it\u2019s important that you have\u00a0a good understanding of what the GDPR means for your practice and your clients. Get up to speed with your free guide.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-e1f7c79f-e3da-4d85-8988-f82685b292f8\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Download your free guide<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"666\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/02\/SAGE_CROWDSTACKER_061117_0312_All-Uses.jpg\" class=\"single-cta__image\" alt=\"Democratising AI could really benefit your business\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/02\/SAGE_CROWDSTACKER_061117_0312_All-Uses.jpg 999w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to the Sage Advice newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Join more than 500,000 UK readers and get the best business admin strategies and tactics, as well as actionable advice to help your company thrive, in your inbox every month.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-b1a63862-3fa0-4a5e-bb67-c76b88bbc6b8\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe now<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Accountants need to think about cybersecurity. That was the message from Peter Erceg, Senior Vice President, Global Cyber &amp; Technology, at independent brokerage firm Lockton, who spoke at Accountex 2018 to a packed lecture theatre full of accountants and bookkeepers. Peter forensically examined and explained three examples of cybersecurity breaches from 2017, all of which [&hellip;]<\/p>\n","protected":false},"author":280,"featured_media":4351,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[11],"tags":[52],"business_type":[115],"lilypad":[],"context":[],"industry":[],"persona":[67],"imagine_tag":[220],"coauthors":[369],"class_list":["post-4479","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology-innovation","tag-security-fraud","business_type-accountants"],"sage_meta":{"region":"en-gb","author_name":"Keir Thomas-Bryant","featured_image":"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/05\/SAGE_GAPPERSONNEL_BB_241017_0572_All-Uses.jpg","imagine_tags":{"220":"Accountant accounting"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice UK","distributor_original_site_url":"https:\/\/www.sage.com\/en-gb\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/4479","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/users\/280"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/comments?post=4479"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/4479\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media\/4351"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media?parent=4479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/categories?post=4479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/tags?post=4479"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/business_type?post=4479"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/lilypad?post=4479"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/context?post=4479"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/industry?post=4479"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/persona?post=4479"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/imagine_tag?post=4479"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/coauthors?post=4479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}