• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Learning Hub data privacy policy
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        Key dates
        Book distribution
        Timetables
        FAE elective information
      • Exams
        Exam Info: CAP1
        E-assessment information
        Exam info: CAP2
        Exam info: FAE
        Access support/reasonable accommodation
        Extenuating circumstances
        Timetables for exams & interim assessments
        Interim assessments past papers & E-Assessment mock solutions
        Committee reports & sample papers
        Information and appeals scheme
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Conferring dates
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        What do Chartered Accountants do?
        5 Reasons to become a Chartered Accountant
        Student benefits
        School Bootcamp
        Third Level Hub
        Study in Northern Ireland
        Events
        Blogs
        Member testimonials 2022
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
        Interview preparation and advice
        The rewards on qualification
        Tailoring your CV for each application
        Securing a trainee Chartered Accountant role
      • Support & services
        Becoming a student FAQs
        Who to contact for employers
        Register for a school visit
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        Young Professionals
        Careers development
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Other client services
        Practice Consulting services
        What's new
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector news
        Public sector presentations
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
      • Member benefits
        Member benefits
    • Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • The Institute
☰
  • Home
  • Articles
  • Students
  • Advertise
  • Subscribe
  • Archive
  • Podcasts
  • Contact us
Search
View Cart 0 Item
  • Home/
  • Accountancy Ireland/
  • Home/
  • AI articles

Cybersecurity as a business imperative

Feb 11, 2019
Michael J. Walls explains why cyber-security should be a priority for the year ahead.

Did you make a New Year’s resolution? I have to admit, I usually don’t bother. As cyber-criminals are utilising increasingly sophisticated techniques, however, digital business owners such as myself need to keep up-to-date with cybersecurity to prevent cyber-criminals hacking sensitive information or falling victim to fraud.

Thanks to the advances in cloud computing in recent years, companies and accountancy practices alike have increased their online operations. This comes with many risks and organisations should ensure that robust processes are in place to mitigate the associated risks.

There were numerous high-profile cyber-attacks in 2018 involving T-Mobile, Cathay Pacific and MyFitnessPal. These attacks resulted in users’ personal information, including credit card details in some cases, being obtained and exposed to the public.
To kick off 2019, I therefore decided to update readers of Accountancy Ireland on the latest cyber-criminal techniques and outline the steps you can take to mitigate the risks to your business.

Spear phishing and whaling

Chartered Accountants working in a finance function may have encountered an email that appears to be from an organisation’s executive or director requesting a payment. In fact, the email originated from a hacker impersonating the executive or director in question.

Hackers have also been spoofing email addresses of employees within organisations to target finance teams with change of bank details requests for payroll purposes. If overlooked, organisations could end up making payments for wages, goods or services to fraudulent bank accounts. So, what should you do?

Finance teams should have robust processes and controls in place for change requests relating to bank accounts, and particularly for requests received via email. The simplest and most effective process involves a follow-up call to the supplier or employee in question to verify the change.

Should your business fall victim to such a fraud and payment is made to a fraudulent bank account, you should contact your bank immediately to report the transaction and ensure that it is escalated to the bank’s fraud team. This is your best chance of getting the money back, as the bank may be able to freeze the payee’s account before the funds are withdrawn and moved offshore.

Credential stuffing

In this scenario, log-in credentials obtained from a previously compromised website will be used by hackers in a ‘brute force’ attempt to access a range of other sites or systems. Hackers will automate log-in attempts to various sites using the known log-in credentials and may gain access to your user accounts. If this is a business critical system, the hacker could hold your business to ransom.
 
So, what should you do? Businesses must ensure that strong password policies that require the use of a unique password for each site or system are in place. To check if your email address has been compromised in a data breach, visit this website: 
https://haveibeenpwned.com. If your email address has been subject to a breach, you will see details of the site or sites where your data has been potentially exposed to hackers. If you haven’t already changed your log-in credentials for those sites, you should do so immediately or close the account if it is no longer in use.

Invoice fraud

Many organisations now send invoices via email but this trend has opened up a whole new field for hackers, who intercept emails containing invoices and change the bank details on the invoice. The invoice is then sent to the customer requesting payment to the new bank account.

Customers may then make a payment to the fraudulent account in the false belief that they are paying the invoice correctly. Once the payment has been made, hackers use a money mule (see below) to move the funds offshore.

So, what should you do? Ask your customers to verify ‘change of account’ requests by phone or in person, should they ever receive an invoice containing new bank details.

Money mules

Money mules is a term used to describe innocent victims who have been tricked (or possibly groomed over a long period of time) by fraudsters into laundering stolen or illegal money via their bank account. The money is deposited into the money mule’s account and they must then transfer the money to a foreign account via a financial services company. This is a critical issue for businesses as money mules may become the target of criminal investigation given the fact that they are laundering the proceeds of crime.

So, what should you do? As a Chartered Accountant, you should always be mindful of your reporting requirements subject to the relevant anti-money laundering legislation. You should also advise your clients and employees to keep their bank details private unless they are absolutely certain that the details are required for a legitimate purpose.

Remain sceptical

When it comes to operating a business online and keeping the cyber-criminals at bay, the important thing is to remain sceptical when it comes to emails requesting payment or changes to bank details. Always follow-up with a phone-call and ensure that your customers give you the same courtesy.

When it comes to log-in credentials, always have a strong unique password for each service or system you use, especially for business critical systems, and ensure that two-factor authentication is enabled wherever possible. 

Top Five Cybersecurity Tips

  • Passwords: It is important to ensure that you have a strong unique password for each online service or system you use. Password managers such as LastPass or 1Password can help generate strong unique passwords and store these in a password vault, so you don’t have to rely on your memory.
  • Two-factor authentication: Nowadays, having a strong password isn’t sufficient to protect sensitive or confidential information, but combining a password with a token that generates a one-time code will provide an extra layer of security. Where a service offers two-factor authentication, this should be enabled. You can then use a SMS text message or Google Authenticator to complete your log-in verification.
  • Lock desktop: Would you leave sensitive documents lying around in the open for anyone to read? Failing to lock the desktop of an unattended laptop or mobile device is a major risk, especially if the device contains sensitive client information. Get in the habit of locking your unattended devices if you want to avoid a potential GDPR breach. Lock the device, or pay the price.
  • Mobile device security: Do you have client information on your mobile device? If so, you should ensure that you have a PIN with more than four digits and that you are able to wipe the device remotely in the event of loss or theft.
  • Privacy screens: If you work in an open plan office with sensitive or client-confidential data, invest in privacy screens to ensure that the data remains confidential.
Michael J. Walls is the Founder and CEO of Dappr and the 2018 Young Chartered Star.

The latest news to your inbox

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast
Antrim BT2 8BG, United Kingdom.

TEL: +44 28 9043 5840

Connect with us

CAW Footer Logo-min
GAA Footer Logo-min
CARB Footer Logo-min
CCAB-I Footer Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
LOADING...

Please wait while the page loads.