• Apply now

Money in bank in 24 hours

Apply now

How Chartered Accountants can protect their practice against Cyber Security Threats

  • Highlights

  • Follow best practices on software compliance

  • Protection from trojans and malware

  • Security and encryption certifications

  • Comprehensive data-security policies

As a Chartered Accountant (CA), loss of critical financial data of your client due to a cyber-attack can have far-reaching consequences for your firm, like loss of reputation, trust and ultimately, loss of clientele. identity theft and fraud. With the growth in technology adoption, it’s imperative for you to protect your accounting practice against the cyber security risks.

1. Symantec's Internet Cyber Security Threat Report of 2017 ranks India as the 5th most vulnerable nation in the world in terms of cyber security breaches in 2016.
2. According to CERT-In's data, the number of cyber security incidents in India jumped from 44,679 in 2014 to 50,362 in 2016.
In one of the security breaches in India, data of nearly 3.2 million debit cards were compromised.
3. According to estimates of Kaspersky Lab, a single targeted cyber-attack can cost an enterprise more than USD 2.5 million.

4. A study by leading IT firm Citrix and Ponemon Institute found that 91% of businesses in India are feeling vulnerable to cyber-attack.
5. In 2013, a hacker stole tax returns of some 900 Connecticut residents in Fairfield County, altered certain details, hoping to collect refunds before the actual filers.

Measures to protect your practice from cyber-security threats

1. Use Genuine Software
According to Business Practices firm EY, more than 60% of the software used by companies in India are unregulated, thereby, exposing them to cyber-attacks. When you are working with critical financial data, using genuine software is an absolute must.
Maya Ramachandran, Partner, Advisory Services Practice, EY, remarks, "Many organisations secure their hardware. However, they do not pay attention to the software used, which could be unregulated."
1. Prevent spyware from getting into your computer by not installing ‘cracked’ software. There is a chance of the cracked software installing malicious software on your device.
2. Carefully read the terms and conditions while installing a software.
3. Choose “custom installation” instead of “standard installation”. Standard installation might bring along with it other unnecessary installs.
Following best practices related to software compliance and licensing may involve some investment, but can potentially save you thousands in the long-run. Such investment can be perfectly funded by Flexi Business Loans which are custom-made for Chartered Accountants to safeguard your firm from cyber-security threats.

2. Invest in Technology Solutions like Firewall and Antivirus
Cyber criminals are smart. You have to be smarter to counter their threats. Installing firewall and anti-virus software protects your system and computer networks from trojans, worms, and other malwares used by cyber criminals to hack your system.
An anti-virus for a single PC with a 3-year license is available for around Rs.1,000. A single license 20-user firewall is available for approximately Rs.28,000.

3. Implement a Cyber Security Culture
A joint report by ASSOCHAM and PwC on Securing the Nation's Cyberspace notes that businesses should practice self-regulation, instead of just limiting themselves to cyber compliance.
Note that cyber security doesn't end with installing anti-virus and firewalls. Human vulnerabilities are equally dangerous as software loopholes.
Basic security practices can go a long way in combating the menaces. Such measures include:
1. 2-step authentication for accessing emails
2. Implementing internet usage guidelines
3. Using strong passwords for sensitive data

Some best practices for password management are:
1. Use ‘Passphrases’ instead of ‘Passwords’
2. Have different user ID/password combinations for different accounts
3. Create complicated passwords by combining letters, numbers, special characters (minimum 8 characters in total)
4. Regularly change your password
5. Avoid writing any password down
6. Create your own format for passwords if you feel that remembering all these combinations could be difficult. For example, yourname(xx)@websitename, where xx could be any 2-digit number
Although, some of these may be seemingly intuitive, most professionals don’t end up abiding to these.


4. Vendor Management
In all probability, your assets are being hosted and managed by an external service provider. Soha Systems Survey on Third Party Risk Management found 63% of data breaches attributed to a third-party vendor.
Working closely with your vendors is crucial to mitigate risks. You must understand your vendor’s:
1. Security certifications
2. Encryption measures
3. Data management policies

These are critical to understand to know the level of risks you are exposed to.
Some encryption measures as CAs you should follow:
1. Never upload your personal ‘unencrypted’ data to Dropbox, Google drive or any online file-sharing services.
2. Always encrypt a zip file or any single file (a photo, video or a document) with AES-256-bit encryption. Encrypt hard disks with important data via BitLocker.
3. Such encryption saves you from getting your personal data leaked, even in case of a data breach.

5. Developing Comprehensive Data Security Policies
A comprehensive data security policy with the given elements will help you protect your CA practice from falling prey to cyber attackers.
1. Password management
2. Internet usage
3. Email usage
4. Managing company-owned mobile devices
5. Governing social media
6. Overseeing software copyright and licensing

According to Scott Laliberte, the global leader of Protiviti's IT security and privacy practice, "It's imperative that leadership keeps a closer tab on the state of their organisations' cyber-security programs. Particularly as new technologies are introduced and new approaches to generating revenue are deployed, it's increasingly important to re-examine existing data security and privacy processes on a regular basis - ensuring that the right systems and people are in place to keep pace with changes."

A holistic approach to cyber-security combined with the latest tools and the best practices goes a long way in protecting your practice from the threats lurking in the digital ecosystem.

How would you rate this article

 Please let us know why?

What did you dislike?

What did you dislike?

What did you like?

What did you like?

What did you like?

Next up


5 Ways Flexi Term Loans Can Help Your CA Firm