April 5, 2021 •
How would you feel if the person you trust most gave all your personal and financial information to someone else behind your back? Pretty angry, right?
Yet when it comes to the critical information we give to accounting firms, both for our personal and company accounts, our data — and identities — are at risk since many accountants still don’t deploy Multi-Factor Authentication.
And the consequences could be catastrophic.
The yearly cost for online identity fraud is estimated to be more than $1 trillion dollars, according to Finextra. And a KPMG survey of 43 major banks around the world found that identity theft is only getting worse, making bank fraud the number one type of fraud overall.
Gone are the days when clients show up to their accountant’s office and plunk stacks of paper on their desk before it gets sent off to the government via fax or mail.
Like everything else, taxes and financial information have gone digital, making its software and the people that use it more susceptible to cyberattacks.
And while some think that hackers are only interested in big companies like Amazon or Target, it isn’t true. A Varonis report found that financial services firms have more sensitive files on average than healthcare, pharmaceutical, and biotech companies, making them particularly enticing to hackers.
So how do the hackers steal the data? The initial opening that a cyberattacker needs to weasel their way into a system isn’t complex. They may send a flurry of emails to employees with a link that allows access to the computer’s files. Or they may do a more targeted spear-phishing attack to get private data from a member of the c-suite. However they get in, the result could lead to irreparable public embarrassment, loss of trust from clients, or worse.
Banks are spending over $1 billion a year on Multi-Factor Authentication solutions to remedy the pressing issue of bank fraud and identity theft, representing about 30% of their total security budget, according to Finextra. But all that money is useless if the accounting or auditing firms that work with businesses and individuals hand over the keys.
That isn’t to say all accounting firms have weak cybersecurity. For instance, 2-Factor Authentication is already mandatory in Australia for popular cloud accounting software like MYOB, Xero, and Quickbooks Online. But it’s safe to assume that many aren’t covered enough, as 95% of companies are inadequately protected against cybercrime, according to Varonis.
While it’s true that an authentication service, especially 2-Factor Authentication via SMS, isn’t the only way to protect accounting firms and their client’s private data — it’s all part of a flurry of front-line security tactics as pointed out by CPA Practice Advisor — but it’s definitely a critical first step.
Get started with a 15-day free trial now.