Accountants are a treasure trove of information – for hackers!


When you consider the volume of data that an accountancy firm or an individual practitioner possesses, you can understand why they have become an attractive target for hackers.

Accountants are regarded as custodians of people’s most sensitive information. It’s everything about them and their family. And there’s an expectation that every appropriate measure is being taken to safeguard that information according to best practice.

One tax return alone includes the name and PPS numbers of a taxpayer, spouse, and dependent children. Clients’ files include addresses, phone numbers, and bank account numbers.

Banks may have a lot of similar information, but they often have sophisticated cybersecurity controls because they are so heavily regulated. And many times, an accountancy firm’s valuable data are held by small firms or solo practitioners who may lack resources or expertise for setting up and maintaining the latest cyber controls However, size alone does not absolve them from the responsibility to put substantial effort into guarding their systems and data.

An increased risk factor is that the Accountancy Regulatory bodies do not currently include data protection in their inspection visits to firms, leaving it up to the Data Protection Commission, so firm’s may be severely lacking an up to date means of benchmarking themselves against best practice.

It may be helpful to understand the types of scams that hackers are perpetrating which include:

  • Ransomware. Hackers can install software that blocks access to your system, crippling your firm’s ability to do work for clients. Upon payment of a ransom in bitcoin, the hacker will restore your system’s capabilities. Ransomware has grown in popularity with hackers because each successful individual attack can force payment of a large sum. Perpetrators with limited technological knowledge can even purchase “ransomware-as-a- service” and unleash it on potential victims. It’s obviously of extreme importance that firms have a stringently enforced habit of backing up their servers daily, which in the case of at least one US firm, helped ward off two ransomware attacks.
  • ACH (Automated Clearing House) fraud. Thieves who manage to steal a current account number and a client’s banking details can use this information to steal money directly from victims’ bank accounts, or to route money in various other ways. This information also can be used to commit other crimes.
  • Credit card theft. Hackers can use a stolen credit card number to make purchases, or they can use an identity that they have stolen to open new credit cards to be used for purchases. Sophisticated detection systems used by credit card companies have limited the effectiveness of these schemes in recent years.

To hear more about the ongoing requirements of the GDPR, come to our next CPD course, GDPR for Accountants on Tuesday 25 September 2018 in the Talbot Hotel Stillorgan, Dublin, at 9:30am until 12.30pm.

All delegates will receive a GDPR ‘Get Started Checklist’, the GDPR law itself, along with other support materials. More information and booking details: here