Technology & Innovation

How to deal with a cyber attack on your accountancy practice

How to respond to a cyber attack on your accountancy practice, with a step-by-step list of key actions for you to take.

Accountancy practices are particularly vulnerable to cyber attacks because of the sensitivity of the documents they handle, in particular financial documents.

Also, by targeting one accountancy practice, cybercriminals can gain access to a vast amount of sensitive information across numerous companies.

In this article, an IT expert shares a series of tips to help your practice deal with a cyber attack.

Here’s what we cover:

How cyber attacks can happen at your practice

There are various ways in which a cyber attack can happen.

An employee could open an attachment to an email that may introduce malware and possibly enable a ransomware attack.

There may be a phishing attack, where an employee mistakenly provides passwords or other sensitive information to a third party.

In addition, if your software is not up to date, this could also expose your practice to vulnerabilities.

And if your practice is attacked, it can be very serious on several fronts. There’s the cost of undoing the damage and then there are possible fines in relation to data breaches.

But perhaps even more importantly, there is potential reputational damage.

While larger practices such as the Big Four offer richer pickings for cybercriminals, they also have well-resourced IT departments to shore up defences.

Smaller practices often don’t have the same resources, and this can leave them very vulnerable.

Additionally, the rise of remote and hybrid working has created even more system vulnerabilities.

9 steps to deal with a cyber attack

There are IT companies that can help accountancy practices deal with a cyber attack. One such company is FutureRange, an IT company with offices in Dublin, Cork and Limerick.

It’s worked with numerous accountancy practices to lessen the damage of a cyber attack and we spoke to its managing director, Michael Rooney, about the steps an accountancy practice should take in the case of a cyber attack.

Below, Michael outlines nine essential steps to take.

1. Draw up an incident response plan

Every accountancy practice should have an incident response plan. This is a written plan that outlines the steps to take if a cyber attack happens.

This ensures that in the event of an attack, such as a data breach or ransomware attack, your practice knows what to do and is able to respond quickly.

Your practice’s response time is critical to limit the potential harm.

And by having a detailed response plan, it ensures you have a set of actions that your leadership team knows and understands and so are in a position to act quickly.

2. Disconnect infected devices from your network

As soon as you discover a breach has occurred, you should disconnect the infected device(s) from your network to try to contain the spread.

This includes disconnecting the device from wi-fi and any hardwired ethernet connections.

However, you don’t necessarily want to shut off the device’s power until you’ve spoken to an IT professional. But you should isolate the device from other systems, including any syncing cloud services.

This is especially important in terms of a ransomware attack, which is designed to spread throughout a network as fast as possible and locks users out of their files through the use of encryption.

3. Have a professional assess the damage

Don’t try to deal with a cyber breach yourself.

Unfortunately, people can make things worse if they do things such as try to go online to download a free virus scanning tool (that could actually be a malware trap).

Instead, once your device has been isolated, contact a trusted IT provider that can come and assess the damage and provide guidance.

4. Remediate the infection

You don’t want more of your client files or sensitive information being stolen while you’re dealing with the fallout.

Once the breach is assessed, your IT security expert will begin remediating the breach to secure your network.

For example, cybercriminals may have changed passwords or redirected new emails to junk or elsewhere or perhaps changed your contact details, so they can use your system to reach out to your contacts and further spread the damage that way.

These actions need to be reversed immediately.

5. Determine what client data was breached

You’ll need to find out what type of data was compromised.

Did the attacker gain access to a client database with names, addresses and phone numbers? Were sensitive cloud documents breached?

Once the damage has been ascertained, you’ll need to notify impacted third parties, such as your clients, to inform them that their data has been exposed.

6. Contact the Garda National Cyber Crime Bureau

It’s advisable to contact the Garda National Cyber Crime Bureau (GNCCB), even though companies often don’t do this.

While a company wouldn’t think twice about reporting a physical break-in, there’s often reticence about reporting a cyber attack. However, data breaches are also break-ins, so they should be reported.

Reporting the incident has a few benefits:

  • You have a record of the incident for any potential insurance claims
  • The GNCCB can track the breach and coordinate with peer organisations globally, and in doing so may be able to glean some very pertinent information
  • Your report can be referred to in data privacy compliance reports and show responsibility on the part of your organisation.

7. Carry out a notification plan according to data privacy requirements

You’ll need to review the data privacy regulations that your firm is subject to, such as GDPR, and make notifications to third parties according to the guidelines.

If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business.

8. Improve defences to stop future breaches

Once you’ve handled the most time-sensitive steps above, you’ll want to reinforce your defences to ensure this type of attack doesn’t happen again.

A good way to do this is by having a cybersecurity assessment performed.

Such an assessment can include things such as penetration testing, which helps an IT provider pinpoint specific weaknesses in your network that need to be fortified.

9. Keep up to date

Lastly, don’t let your incident response plan gather dust. It should be reviewed, at least yearly.

Cybersecurity is an ever evolving landscape and it’s essential to keep up to date in terms of potential new threats.

Also, changes within your practice and how you do business could inadvertently make your IT system more vulnerable.

So this needs to be reviewed regularly as well.

Final thoughts

At your practice, there’ll be numerous priorities to stay on top of. Dealing with cybersecurity should be high up the list.

It’s worth following the steps covered in this article as well as keeping on top of any cybersecurity developments in order to keep your practice as safe as possible.

And if you need further support, there are IT companies that can help you in this area.