Hackers target accountants because of their privileged access to clients’ most protected information — information that’s especially valuable on the dark web. Clients trust their accountants, and a breach can be devastating to a firm’s reputation and bottom line. In 2021, the Internet Crime Complaint Center received nearly 20,000 complaints of compromised business emails, equating to losses of almost $2.4 billion, according to its 2021 report.
However, most hackers rely on victims’ limited knowledge and expect them to fall for tricks like responding to a masked email address or opening unknown links. Knowing what to look for, especially in a crucial role regarding clients’ finances and personal identification, is paramount to accounting in today’s modern digital climate.
Most such attacks can be prevented with strong passwords, encrypted files and careful guarding of account access. Because fraud prevention and account protection are crucial to modern accounting practice, cyber security in accounting has become an essential part of the curriculum for Master of Accountancy programs.
Types of Hacking Accountants Should Know
Accountants collect an abundance of information that’s useful to hackers. Software company Accounting Seed lists the type of the information accountants have that hackers want:
- Credit card numbers and bank accounts allow hackers to make fraudulent purchases and give them access to clients’ personal finances.
- Usernames and passwords allow hackers to bypass security measures and backdoor into otherwise secure areas.
- Personal and private information helps hackers get by challenging security questions and gain access to existing accounts, or potentially create fraudulent ones under a client’s name.
How Accountants Can Protect Sensitive Information
Often, cyber attacks are successful because they don’t target technology; they target people. Cyber attackers rely on their victims to be unaware of possible threats and to let their guard down when engaging with potentially fraudulent interactions through email or phone calls. The best defense an accountant can have against these attacks is to understand how to protect sensitive information.
Although paper records may seem dated, they offer more protection than digital documents. The information contained in a document is more vulnerable once it’s converted to an electronic file, so if sensitive data needs to be stored on a server, two-factor authentication is strongly advised.
Hard drives and cloud storage should always be encrypted to prevent lost or stolen data from falling into the wrong hands. If software subscriptions are used, each employee should have their own license rather than sharing one throughout the entire company, in case one user’s security is compromised.
Cyber Security and Accounting
The dangers of ignoring cyber security vulnerabilities in accounting are serious. Companies run the risk of losing their money, clients and reputation if they don’t have strong protections. A cyber attack can result in significant downtime for businesses while systems are being held for ransom, as well as high costs for warning customers, assessing the attack, repairing the damage and paying for monitoring.
Accountants can take a few easy steps to ensure that a request for funds is legitimate when receiving an urgent email with the request. The first is to refrain from responding to a request through the method it was sent, even if it seems to have come from someone inside the business — often, spoofed email addresses and phone numbers mask a cyber attacker’s true origin. Instead, get in touch with the sender using a recognized internal method, like a company phone number or email address.
Microsoft Windows is particularly vulnerable to hacking, because the majority of malicious software targets Windows computers. However, no matter what system accountants use, they’re vulnerable to spear-phishing attacks, in which a firm member is targeted with an email from someone posing as a member of a trusted organization, such as the IRS.
The IRS warns that tax professionals may be unaware that they’re victims of data theft, even long after digital intruders have stolen their data.
Signs of a hack can include the following:
- Clients’ e-filed returns are rejected because returns with their Social Security numbers were already filed.
- The number of returns filed with a tax practitioner’s electronic filing identification number exceeds the number of clients.
- Clients who haven’t filed tax returns receive authentication letters from the IRS.
- Network computers are running slower than normal.
- Computer cursors move or change numbers without a touch on the keyboard.
- Network computers lock out tax practitioners.
Keep Your Clients Safe
Cyber security is paramount to any accountant, as clients’ privacy and safety can make or break a professional reputation. Learning how to stop hackers by ensuring that data, systems and sensitive documents remain secure and confidential are among an accountant’s key responsibilities.
An online Master of Accountancy (M.Acc.) from the University of North Dakota can help graduates learn how to provide that high level of service and security. The degree helps students master accounting principles as well as related skills for successful careers in accounting.
The online M.Acc. program offers practitioner and fundamentals tracks. Coursework is done online, which allows busy professionals to study accountancy and earn their degree without disrupting their work or personal lives. Discover a new career in accounting with the University of North Dakota.