{"id":5651,"date":"2018-12-21T12:00:20","date_gmt":"2018-12-21T12:00:20","guid":{"rendered":"https:\/\/www.sage.com\/en-gb\/blog\/?p=5651"},"modified":"2026-01-29T10:27:41","modified_gmt":"2026-01-29T10:27:41","slug":"data-breach-protect-practice","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-gb\/blog\/data-breach-protect-practice\/","title":{"rendered":"4 ways to protect your accountancy practice from a data breach"},"content":{"rendered":"
\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\tStrategy, Legal & Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t
\n\t\t\t\t\t

\n\t\t\t\t\t\t4 ways to protect your accountancy practice from a data breach\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t

\n\t\t
\n\t\t\t
\n\t
\n\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t
\n\t\t\t\n\t\t\t\t\"\"\t\t\t\tChris Mallett<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n

The attitude of accountancy firms to cyber security is worrying, according to a new Aon survey of 1,000 business owners<\/a>.<\/p>\n\n\n\n

The survey found that nearly half of practices in the accounting, banking and finance sector are still confused or even unaware of GDPR rules, and only around one in ten see cyber attacks as a leading risk to their business.<\/p>\n\n\n\n

In fact, the cyber risks facing accountancy firms, such as a data breach, are ever increasing.<\/p>\n\n\n\n

Cyber criminals<\/a> are switching their focus to smaller companies, in recognition of the fact that accountancy firms hold significant amounts of data that may not be protected by multimillion-pound security budgets.<\/p>\n\n\n\n

Even where the firm itself isn\u2019t the ultimate target, criminals can view accountancy practices<\/a> as the \u2018weakest link in the chain\u2019 when seeking access to sensitive data.<\/p>\n\n\n\n

The growth of flexible working and the accompanying need to access data on the go creates additional vulnerabilities \u2013 particularly within small businesses, where ensuring data security awareness isn\u2019t always a high priority.<\/p>\n\n\n\n

Human error regularly ranks as a major cause of data breaches according to the Information Commissioner\u2019s Office\u2019s own quarterly figures.<\/p>\n\n\n\n

GDPR fines<\/strong><\/h2>\n\n\n\n

The European rules known as GDPR<\/a>, which came into force in the UK in May 2018, drastically increased potential penalties on companies found to have misused or mismanaged personal data.<\/p>\n\n\n\n

Certain types of breach have to be reported within 72 hours, for example, or companies can be hit with a fine. Although fines are expected to be issued as a last resort, they can be up to \u20ac20 million or 4% of annual turnover.<\/p>\n\n\n\n

This means the risk presented by non-compliance with GDPR has the potential to bring a small business to its knees.<\/p>\n\n\n\n

While many companies have professional indemnity insurance in place, there are often significant costs that professional indemnity won\u2019t pick up. In the event of a data breach, firms will still need to cover the cost of responding to a breach themselves.<\/p>\n\n\n\n

This can leave a business liable for hefty fees for notification services, forensic expert investigations, public relations consultants and the use of credit monitoring agencies to rectify problems and get them back up and running should the worst happen.<\/p>\n\n\n\n\n\n

Protecting yourself against a data breach<\/strong><\/h2>\n\n\n\n

With an ever-growing number of cyber security<\/a> threats to consider, added to the sheer volume of data that accountancy firms deal with, it can be challenging to know where to start when it comes to protecting your business.<\/p>\n\n\n\n

There are, however, a few key steps you can take to protect your firm \u2013 and the good news is, none of them require significant investment.<\/p>\n\n\n\n

1. Protect your accountancy practice with IT tools <\/strong><\/h2>\n\n\n\n

Cyber attacks can come in many guises, be it in the form of viruses, ransomware<\/a>, keyloggers or rootkits. Installing antivirus software that regularly scans your system for threats and prevents your employees downloading potentially harmful malware is one simple way to reduce your risk of an attack.<\/p>\n\n\n\n

Putting a firewall in place will help control all points where cyber criminals could access your system and prevent access to and from potentially malicious IP addresses.<\/p>\n\n\n\n

If you don\u2019t already have one in place, ask your IT team or consultants to recommend the best solution for your business.<\/p>\n\n\n\n

Another tip is to install manufacturer patches as soon as they become available.<\/p>\n\n\n\n

These patches are often issued by accountancy practice software<\/a> manufacturers to protect against known weaknesses and vulnerabilities, so it\u2019s worth making sure you keep your systems up to date.<\/p>\n\n\n\n

Once again, if in doubt, ask your IT team for advice.<\/p>\n\n\n\n

2. Vet your suppliers <\/strong><\/h2>\n\n\n\n

To ensure GDPR compliance, accountancy firms must understand and document not only their own data handling procedures, but how and where their suppliers handle personal data.<\/p>\n\n\n\n

And, to meet the standards set out in the regulation, those processes must be well-documented, consistent and kept up to date.<\/p>\n\n\n\n

The best way to achieve this is through a structured performance management process. By formally surveying and capturing data on your suppliers \u2013 including any software suppliers \u2013 you can quickly identify any risks in your supply chain and put plans in place to address any gaps.<\/p>\n\n\n\n

Perhaps most importantly, by documenting the process and results, you\u2019ll always be prepared should questions come your way in the event of a breach.<\/p>\n\n\n\n\n\n

3. Develop a cyber-conscious culture<\/strong><\/h2>\n\n\n\n

Our recent poll of 1,000 SMEs<\/a> carried out through OnePoll indicates around three in 10 accountancy practices allow staff to use their own devices for work.<\/p>\n\n\n\n

What\u2019s more, it revealed four in 10 don\u2019t see personal information stolen as a result of cyber attack or fraud as a data breach, with one in three admitting they\u2019re unaware of the time limit on reporting such a loss, exposing their companies to the risk of huge fines.<\/p>\n\n\n\n

This demonstrates the importance of building a culture of cyber risk awareness.<\/p>\n\n\n\n

The first step to creating a cyber-conscious culture is having simple, clear policies in place that address potential breaches.<\/p>\n\n\n\n

These policies should include rules for keeping a clean machine (including what programs, apps and data employees can install and keep on their work computers, and how data should be indexed).<\/p>\n\n\n\n

Such policies should also cover best practices for passwords, backing up work, clear procedures for notifying an appropriate staff member if strange things are noticed on an employee computer, and instructions to ignore suspicious links in email, tweets, messages, or attachments, even if an employee knows the source.<\/p>\n\n\n\n

One of the most significant causes of data breaches is through phishing via employee email accounts. Specific policies need to be created for maintaining email security.<\/p>\n\n\n\n

Encryption is also a must and should extend to all company mobile devices, and even employees\u2019 personal devices, where they use these to access data.<\/p>\n\n\n\n

Once you have your cyber security policies in place, it\u2019s important to communicate them clearly to your staff. The key to firmly embedding a culture of cyber security in your firm is through engaging with your staff. Communicate why it matters and give them the tools to keep your data safe.<\/p>\n\n\n\n

Regular training can help with this, as can including cyber security in inductions for all new staff members. Also, make sure your senior people are leading by example.<\/p>\n\n\n\n

4. Check your insurance policy <\/strong><\/h2>\n\n\n\n

Even the most sophisticated cyber security doesn\u2019t guarantee complete protection. Data breaches are, by their nature, unpredictable and so it is difficult to be fully prepared for every possible scenario.<\/p>\n\n\n\n

If a breach does happen and there\u2019s a risk of harm to individuals whose data has been compromised, your business is responsible for investigating its cause, notifying people affected and providing them with ongoing help, such as support helplines and ongoing credit monitoring \u2013 all within 72 hours.<\/p>\n\n\n\n

Responding to a breach in a way that is compliant with GDPR comes at a price; costs can quickly spiral when you take into account the specialist \u2013 and often short notice \u2013 support you may need from cyber security experts, lawyers, call centres, IT and PR consultants.<\/p>\n\n\n\n

For peace of mind, consider purchasing a cyber insurance policy. These policies can be surprisingly affordable and will ensure you\u2019re covered not only for the cost of responding to a breach but also for the costs of damages and claims expenses you\u2019re legally liable to pay in the event of a breach or security failure.<\/p>\n\n\n\n

When arranging your policy, ask your broker to ensure your policy comes with a pre-approved panel of providers who can help you take immediate action in the event of a breach and notify those affected within 72 hours.<\/p>\n\n\n\n

You should also check whether your policy covers any financial losses as a result of cyber crime, including ransomware claims.<\/p>\n\n\n\n

A specialist cyber insurance policy will buy you peace of mind that, should the worst happen, you will be able to meet regulatory requirements as well as keep your business running.<\/p>\n\n\n\n

By taking the steps outlined above, accountancy firms can protect against the ever-increasing risk of a cyber breach without having to break the bank.<\/p>\n\n\n\n

\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t

Implementing GDPR: Lessons learned from UK businesses<\/h2>\n\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Want to get more insights from businesses on the GDPR? Download this guide, read the stories of the business owners and get up to speed today.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tGet your guide<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\"\"\t\t\t<\/div>\n<\/div>\n\n\n

\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t

Subscribe to the Sage Advice newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Join more than 500,000 UK readers and get the best business admin strategies and tactics, as well as actionable advice to help your company thrive, in your inbox every month.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSubscribe now<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\"\"\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The attitude of accountancy firms to cyber security is worrying, according to a new Aon survey of 1,000 business owners. The survey found that nearly half of practices in the accounting, banking and finance sector are still confused or even unaware of GDPR rules, and only around one in ten see cyber attacks as a […]<\/p>\n","protected":false},"author":705,"featured_media":5549,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[9,11],"tags":[117,52],"business_type":[115],"lilypad":[],"context":[],"industry":[],"persona":[67],"imagine_tag":[220,138],"coauthors":[497],"class_list":["post-5651","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategy-legal-operations","category-technology-innovation","tag-gdpr","tag-security-fraud","business_type-accountants"],"sage_meta":{"region":"en-gb","author_name":"Chris Mallett","featured_image":"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/11\/Sage_Banners_Accountant_v3.jpg","imagine_tags":{"220":"Accountant accounting","138":"GDPR"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice UK","distributor_original_site_url":"https:\/\/www.sage.com\/en-gb\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/5651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/users\/705"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/comments?post=5651"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/5651\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media\/5549"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media?parent=5651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/categories?post=5651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/tags?post=5651"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/business_type?post=5651"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/lilypad?post=5651"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/context?post=5651"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/industry?post=5651"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/persona?post=5651"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/imagine_tag?post=5651"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/coauthors?post=5651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}