As cyber security comes increasingly under threat, Michael Rooney outlines how businesses can deal with a cyber attack
Accountancy firms are a rich target for hackers because of the types of documents they handle. Beyond the normal personally identifiable information (PII) that they store for clients and employees, accountancy firms also deal with sensitive information on financial transactions, payroll and business affairs.
Without a good cyber security strategy, businesses affected by an attack can incur serious costs, including remediation of the security breach, reputation damage and data privacy compliance penalties.
The steps you take after a breach can either increase or reduce the impact. Not having a cyber security response plan can lead to you paying much higher costs due to a delayed reaction.
In its
Cost of a Data Breach Report 2022, IBM estimated the average global cost of these incidents at €4.43 million. But organisations with a tested incident response plan can reduce that by €2.71 million, a saving of 39 percent.
Here are seven steps accountancy firms should take immediately following the discovery of a data breach, ransomware incident or another attack to minimise its impact.
1. Disconnect infected devices from your network
Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files using encryption.
As soon as you discover that a breach has occurred, disconnect the infected device(s) from your network. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections.
You shouldn’t necessarily shut off the device’s power until you’ve spoken to an IT professional. But you should isolate it from other systems, including any syncing cloud services.
2. Have a professional assess the damage
Don’t try to deal with a cyber breach yourself or download a free virus scanning tool (it could actually be a malware trap).
Instead, once your machine has been isolated, get a trusted IT provider to assess the damage and provide guidance.
3. Remediate the infection
Once the breach is assessed, your IT security expert will begin remediating the breach. This will secure your network so your client files or sensitive business information isn’t stolen while you’re dealing with the fallout.
4. Determine whether client data was breached
Find out what type of data was compromised e.g. client database, sensitive cloud documents.
It is important to determine the extent of the breach so you can notify impacted third parties (such as your clients) whose data might have been exposed.
5. Contact accountancy enforcement and the police
Report the incident to accountancy enforcement and the police. This has several benefits:
- You have a record of the incident for any potential insurance claims.
- Accountancy enforcement can track the breach, which may connect to others that have been reported.
- Your police report can be referred to in data privacy compliance reports and this shows responsibility on the part of your organisation.
6. Carry out a notification plan according to data privacy requirements
Review the data privacy regulations that your office is subject to, such as General Data Protection Regulation, and notify third parties in accordance with these guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business.
7. Improve defences to stop future breaches
Reinforce your defences by having a cyber security assessment performed. This can help an IT provider pinpoint specific weaknesses in your network that need to be fortified to ensure this type of attack doesn’t happen again.
Michael Rooney is Managing Director of FutureRange