Less Common Cyberattacks That Accountants Need to Know

Less Common Cyberattacks for Accountants

Every day you see the news, it is in a headline or a news report, a hacker has accomplished a breach or ransomware attack on a company’s data. We hear about these types of attacks all the time, and they are well-known. However, there are not-so-common cyber threats that accountants and finance professionals should be aware of as well.

There is a great deal of malware anxiety now. We have all heard all the warnings about the virus threats to the networks and systems. If someone happens to click on a seemingly innocent email, all heck could break loose; right? I mean, that is what it has come to; we are almost afraid to open an email anymore! It just does not seem fair to have to work like that.

Most know that we need to place a firewall around our tech as if we are the military protecting a perimeter. But this is to ensure no one breaches cyber protections and accesses intellectual property or personal data.

All of that said, the most hawkish of eyes for social engineering and phishing emails is not enough. Nor is installing security tools and upgrading anti-virus software. It just will not cover everything.

But knowing where less common cyberattacks are coming from could help. Here are some of them!

People Are a Vulnerability

It may sound a little mean or even rude, but the people in your accounting firm are a real vulnerability.

It may sound counter-intuitive, but one problem is that we are eager to help others, especially our clients. You have a pre-established relationship with them since you have visibility into their financials. Your people are less likely to think twice about providing information to a client.

Cybercriminals will do their homework; they will research your business and your clients. They will arm themselves with enough information to seem credible.  They will then use this information and use a false sense of urgency to play on emotion.  This play could come in the form of someone posing as an admin assistant claiming their CEO is in a foreign country and needs emergency funds right away. It could also come in the form of someone posing as the client sending a malicious file asking you to look at the “complicated tax document” for them. By the time anyone figures out what has happened, it is too late, and they have already done the damage.

Insider Threat

Believe it or not, insider attacks are a problem too. Employees know your company best. They will know the infrastructure and will be familiar with the cybersecurity protections you use. They will also know where you keep the critical information like confidential and sensitive data. Keep in mind; they may not act all the time maliciously. A disgruntled worker can patiently do damage without you knowing rather than them going out in a blaze of glory. This patient threat is much harder to detect and usually happens over a more extended period.

A Ponemon Institute study, sponsored by IBM and ObserveIT, found that insider-related incidents cost $11.45 million in 2019. Using role-based access credentials to access information will limit your exposure. With the role-based approach, your people get only the information they need to do their job and no more. No one person has the keys to the kingdom.

Other Forms of Insider Threats

People lose things; it happens. This threat is an unintentional insider vulnerability. It could be that they use their own devices to log into business systems. Mobile devices like laptops, smartphones, and external drives allow mobility and simplify data access, but they are also easier to lose. And what happens if they are lost or stolen? If you do not have remote access protection, you might have to tell your clients that their data is in unknown persons’ hands. This situation is where encryption would help.

Then you have the simple mistakes. It is always a good idea to review your policy on how you share and publish information. When the information goes back and forth between your team members in the firm and clients, do not lose track of where it is stored. Make sure the location is compliant with financial regulations.

Then there is the old “Reply all” mistake. You know, we have all done it at one time or another. You meant to send it to one person but accidentally replied to everyone. Big oopsie!


Accountants and finance professionals CAN prevent, detect, and react effectively to these less common attacks. They cannot be complacent about them. Thinking and wishing they won’t happen to your firm will lead to disaster.

When you partner with an IT Service Management and IT Policy Consultant, they can review your current governance methods, evaluate your risks, and broker a partnership with a managed service provider (MSP) to help with technical solutions. Then this team can enhance your user activity monitoring and access management practices, processes, and policy. These experts will set up alerts and incident response plans and processes too.

You can avoid to worst happening to your firm. Contact the ITSM Rhino today, and let me protect you and your clients!

If you have not downloaded our free eBook guide, “Addressing the Biggest Technology Issues for Accountants eBook Guide,” then become a member of the ITSM RHINO today and download it now!

Digital transformation is helping accountants improve accuracy, increase productivity, and streamline processes. But there are technology challenges—cybersecurity chief among them.

The eBook Addressing the Biggest Technology Issues for Accountants examines the opportunities and shares how to secure IT and reduce risks. Join ITSM Rhino today for free and get your free guide today.

Addressing the Biggest Technology Issues for Accountants

By Joseph Brochin

Helping CIOs, IT Managers, and IT Professionals manage risk and add value to their organizations with ITSM and IT policy tools and resources. https://itsmrhino.com

Leave a comment