• Accountancy Practice Support

IT for Accountancy Firms - Best Practice


With a high volume of personal information, including sensitive financial information, stored and processed through your systems, accountancy practice managers and IT managers have a greater responsibility than most to keep a close eye on data security. Here we’ve set out the security threats for accountancy firms, with advice and links to help you mitigate them.


Worried about reputational damage due to data breach/data loss?

The damaging effects of a data breach go beyond the threat of a fine from the ICO and lawsuits from affected customers. If you can demonstrate that you have taken every precaution to avoid the breach, you may be able to escape the fines and legal costs; however, the reputation of your company can be much harder to repair.

Reputational damage is not an easy thing to quantify but you should try to evaluate the risk in some form, based on losing a percentage of your customers.

You should consider...


Cyber Care Services


Cyber Care Services



Anti-phishing


Anti-phishing



Security Hardening Firewall


Security Hardening Firewall


Unified Threat Management Firewall


Unified Threat Management



SAASPASS


SAASPASS



Cyber Policies


Cyber Policies

Worried about loss of goodwill due to data breach?

Goodwill is an intangible asset that is built up over time by a business. It is the value given to the businesses’ good name and reputation. Just like reputation, goodwill can be lost or damaged if it is found that your data has not been kept secure, and this can devalue your company considerably.

You can do a lot to limit the damage in the event of a data breach by being transparent about what has happened and, more importantly, what you are going to do about it. Reassure your customers and offer proof of security enhancements if requested.

You should consider...


Cyber Care Services


Cyber Care Services



Anti-phishing


Anti-phishing


Security Hardening Firewall


Security Hardening Firewall



Unified Threat Management Firewall


Unified Threat Management

How secure is your software?

IT security breaches are among the biggest threats facing businesses today, a situation made more severe by the stringent new penalties imposed under the GDPR for failure to protect customer data. Building a robust defence against hackers and malware requires a combination of ongoing security services, one-off testing and the use of products designed to raise your security levels.

THE HUMAN FACTOR

The weakest link in the chain of cyber security is people – specifically your people. Even the best and most diligent employee can make an error in judgement, sending customer data via an email or disclosing their login information through a phishing email.

Understanding, training and controlling measures all contribute to minimising this risk. Cyber security training should be a cyclical process with regular testing.



You should consider...

THE SOFTWARE FACTOR

We often find that systems are set up operationally but not configured for security. This is an ever-moving feast; for example, when a new piece of software is installed on a server it will expose a new way into your systems.

Regular security assessments and penetration testing will help to uncover these holes before they become a hacker exploit.


Cyber Care Services


Cyber Care Services



Anti-phishing


Anti-phishing


SAASPASS


SAASPASS



Proactive Managed Support


Managed Services

Does flexible working increase your security risk?

Flexible working (or working from home) is becoming increasingly popular. Employees are able to work more comfortably around home and less commuting is good for the environment. And technology is making it easier for us to work remotely and still be effective.

Flexible working does, however, cause a data security risk for companies, with multiple devices and access points creating a larger number of potential weak spots for hackers to exploit. This can be mitigated with security measures like drive encryption, multi factor authentication and securing the data path from the remote worker to the company premise.

You should consider...


Cyber Care Services


Cyber Care Services


SAASPASS


SAASPASS

Worried about transferring files to and from clients?

External file transfer is high risk. From a security standpoint, data in transit is data at risk and is identified as a processing activity under the GDPR. Data transferred over FTP can be easily read and the FTP server software is often neglected during software patching. SFTP is often setup using weak, self-signed certificates and even a lack of auditing, making it easy for hackers to break in.

Consider using a third party GDPR compliant solution to secure your file transfers.

You should consider...


Cyber Care Services


Cyber Care Services

Worried about insecure information due to neglected patches?

It is possible for all software to have vulnerabilities within its code and it is just a matter of time before these vulnerabilities are exposed, shared and exploited by criminals. Patches are made available to close these loopholes but if they are not applied promptly the window for exploitation remains open.

Patch management is an integral part of your cyber security strategy. That means not just patching the operating systems but the software installed on top of the OS as well.

You should consider...


Cyber Care Services


Cyber Care Services


Proactive Managed Support


Managed Services

Do you know when to perform IRIS updates and what precautions to take?

Although Iris has historically been quite good with its updates, they have been known to cause further issues and, as rolling back is a headache, you can find yourself waiting for a fix to be released. They can also be tight on deadlines for HMRC updates, meaning that some updates will need to be installed almost instantly.

However, if the update doesn't involve an HMRC update, experience tells us its best to leave it for a few days, just to make sure it isn't either removed or quickly superseded.

You should consider...


Disaster Recovery


Disaster Recovery


Proactive Managed Support


Managed Services

Worried about loss of income due to system downtime?

You can mitigate the damage caused by system unavailability in two ways.

Pre-emptive: Ensure data and systems are backed up off-site and well secured. Well-managed infrastructure will minimise downtime, reduce vulnerabilities in the system and greatly reduce the impact of attacks.

Reactive: Having a disaster recovery solution will allow you to not only recover your data but have a fully operational system in the cloud within a short period of time. The business will continue to operate with minimal impact.

You should consider...


Disaster Recovery


Disaster Recovery


Trend Worry Free Anti-virus


Anti-virus

Heard of the business interruption insurance myth?

Don’t think your company is safe and sound just because you have business interruption insurance. The purpose of business interruption insurance is to protect your company against financial losses that occur when operations are unexpectedly interrupted, and to restore it to the position it would have been in if the interruption had not occurred. But it’s rarely as straightforward as that.

Imagine if your company is compromised during January, with the Tax Return deadline looming. Any interruption could be catastrophic. Your insurance will cover some of the financial loss, but it won’t take into account the potential loss for your customers submitting their tax returns late, nor the loss of goodwill and reputation that this will incur.

You should consider...


Disaster Recovery


Disaster Recovery


Trend Worry Free Anti-virus


Anti-virus

How do you implement sensible precautions and management of IT?

Continued investment in IT maintenance contracts and services has been proven to ensure business continuity and productivity, as well as keeping up to date with industry recommended best practices. The following are two tried and tested examples of industry standard levels of maintenance.

Proactive

Proactive maintenance is the prevention of adverse events before they happen. It allows for steady and constant use of a network or machine without having to deal with problems arising. Proactive software can be installed on computers and servers to perform routine health checks and fixes and can prevent disasters from occurring. Checks such as RAM usage and the CPU usage against normal daily usage for peaks times or that particular time of day help to flag up potential problems before they become critical.


You should consider...

Reactive

Reactive maintenance is the back-up stage should the primary proactive prevention fail. It is about knowing what to do after the initial defence barrier has been breached. For example, if an antivirus has failed to detect a virus but has detected it after the malicious software has been installed on your computer, a reactive maintenance method would come into play, such as quarantining files from other vulnerable attributes of your machine to avoid any further infection.


Proactive Managed Support


Managed Services

Our Accountancy Clients

Protect your accounting business against any kind of data loss or attack.
Call Computer Care today on 0203 627 4403