As mentioned in a recent post on ‘The Psychology Behind Cybersecurity’, almost $7 trillion was lost in 2021 from cyberattacks, based on figures from the FBI. Cyber-related complaints increased by more than 180% over the last five years, and even the best technology available can only thwart about 93% of attacks. Often, the weakest link in cybersecurity is considered to be people, as 85% of successful cyberattacks involve some form of human element. Employees in retail stores, corporate offices, and accounting are highly vulnerable to these breaches.
Accounting teams and firms, in particular, are attractive targets because they amass a staggering amount of valuable, personal identifiable data and financial information for a number of clients. In this article, we’ll take a look at why and how cybersecurity practices should be promoted among accounting professionals.
Why Businesses Should Invest in Accounting Cybersecurity
An article on the rise of cybercrime from Accounting Today notes that there has been a 300% increase in cyberattacks on accounting practices of all sizes, largely because of the COVID-19 pandemic and remote work setups. Vulnerable technology, weak security, and poor staff training can invite threats on software, hardware, and communications channels. In successful cases, hackers can compromise your operations by stealing identities, creating fraudulent tax returns, locking information behind ransomware paywalls, or planting bugs to collect data in your system for a long time.
Unfortunately, these issues don’t just happen to bigger firms or accounting teams of large organizations. Smaller firms are often a hot target because they’re less vigilant and may not have the resources to fix the problem. It’s important for all professionals in the accounting industry to consider cybersecurity as a business issue, rather than just a tech issue, and minimize their vulnerabilities.
How to Promote Cybersecurity Practices Among Accountants
Accounting firms should respond to cybersecurity threats by investing in relevant training for their accountants. Here are three tips to promote accounting cybersecurity practices:
Emphasize the cost of a cyber breach
According to a list of top accounting cyberthreats by the Journal of Accountancy, data theft is a cyber breach that can have huge financial consequences. The global average cost of data theft was approximately $3.94 million between 2018 and 2019, though this may have increased since then. Why are cyber breaches expensive? You’d need to pay for investigation, forensics, incident response teams, and legal services to name a few. You may also have to compensate victims and cope with lost business days due to lax security awareness. Aside from the financial cost, your reputation is at stake as well. In an industry based on trust, it would help to remind accounting employees of exactly how much a data breach will cost them.
Frame cybersecurity training as a new opportunity
Employees are the first line of defense, but they may not see cybersecurity training in this light. It’s good to remind them that training in new skills, particularly digital ones, can ensure lifelong employability. Insights on the continuous learning mindset from LHH document that reskilling and upskilling help accountants stay flexible and employable for their entire working lives. As accountancy becomes increasingly automated, accountants have a high potential to be successful as cybersecurity analysts. For instance, most accountants are excellent at inventory and audit, which are transferable skills in cybersecurity. Given that cybersecurity professionals are in high-demand across industries, providing additional training in this field can strengthen accountants’ overall job market value — so capitalize on this fact.
Offer incentives for completing training
Most organizations do conduct security awareness training yearly, but as a feature on security awareness from TechTarget points out, these are usually conducted simply to comply with standards and regulations. A training course will do little in changing employee behavior, unless they actively apply what they learn in their work lives. Metrics that focus on outcomes – like click and report rates on phishing simulations – and incentives can effectively hold employees accountable. Do reward accountants who successfully complete training modules and pass their cybersecurity evaluations for increased ownership.
Danielle Marshburn is a freelance writer and researcher. She is interested in cybersecurity developments, especially with how these would impact industries in the future. When she’s not working on her next draft, Danielle enjoys solving word puzzles online.