How to recover from ransomware: what does the NCSC say?


Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.

Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.

However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.

However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.

Saving Time

For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.

Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.

Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.

Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.

This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.

The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.

“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”

– Ian Smith, partner at Ryecroft Glenton

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

At the same time, hackers and cyber-criminals sat up and took note. They realised that timely, emotive messaging around COVID could help the effectiveness of attacks, all whilst employees were often less able to access technical support and likely had weakened cyber-security at home.

Given the nature of sensitive information held and the range of customers and consumers served by the accountancy and finance space, it’s no surprise that targeted ransomware attacks on the industry have also been rising.  

The National Cyber Security Centre (NCSC) and local and regional cyber-units of the Police all recommend that a ransom isn't paid.

This puts an onus on firms to be able to recover data from a ransomware infection in some other way, most commonly from a secure backup.

However, not all backup solutions are completely secure against ransomware. As cyber-criminals look to improve their chances of a ransom payment, there have been multiple ‘strains’ of ransomware identified, that actively target network-attached backups.

The NCSC guidance on staying protected from ransomware, states that backups should be ‘offline’, ‘immutable’ and that organisations should be able to test the effectiveness of their ability to restore data.

An offline backup is one which is only connected to a live network when absolutely necessary, such as when a backup is in progress. The backed-up data is then stored separately from the live network. A cloud-first backup solution is an example of an offline backup, where data is stored in a separate location, data-centre or private-cloud.

In addition to being offline, backups that protect against the effects of ransomware by offering a suitable recovery option should also be immutable.

An immutable backup cannot be altered following its completion. This ensures the backed-up data cannot be infected by ransomware, and that the backed-up data cannot be deleted, maliciously or accidentally.

The ability to quickly and easily test the ability to recover is one which should not be underestimated. While backing up data is a vital first step, it loses all effectiveness if your organisation cannot recovery and access data in the worst case scenario, such as a ransomware attack.

How can you take a smarter approach?
Amongst additional guidance from the NCSC, organisations are advised to take a defence-in-depth approach to protect data, ensuring layers of resiliency against ransomware.These include traditional anti-virus solutions as well as backup and recovery. It is also stated that organisations should “scan backups for malware before you restore files. Ransomware may have infiltrated your network over a period of time, and replicated to backups before being discovered”.

Redstor backup and recovery offers just this. Already utilised by over 20% of the UK's top 50 accountancy firms and some 40,000 other organisations, Redstor is data management done smarter.

Redstor offers smart, feature-rich data management and protection for environments offering the broadest coverage of support spanning modern and legacy data infrastructure and an ever-widening array of SaaS platforms, including Microsoft 365, Google Workspace and Xero, with no hardware requirements – through a single app, with AI-driven malware detection built in to ensure clean recoveries and additional protection against ransomware.

“If you could like more information around Redstor, please contact harpal.chima@redstor.com”.

Aug 2022

Winning the race for talent - 3 reasons why firms must invest in tech

The accountancy profession is facing disruption from all directions. The ongoing skills shortage and the race to secure talent is having a profound impact across the industry.

How to ensure a seamless transition from in-office to remote work

Gone are the days when an employer could expect their people in the office five days a week.  Covid-related culture shifts, coupled with new technology, have removed barriers and left organisations with little alternative to a hybrid model, as a minimum requirement.

How MMP Limited switched to Wolters Kluwer’s accounting suite

MMP had faced cumulative problems with its incumbent accounting software provider, with whom they had had a longstanding association. From around 2016, users within the practice were experiencing slowness with the software, while licensing costs were simultaneously rising.

It’s time to love data, not battle it

Data has always been critical for accountancy practices.The difference between past and present, is that twenty-five odd years ago when I was an accountant; everything was stored in paper files.

Computer Aid: Bridging the digital divide for over 25 years

Computer Aid International is a charity working to bridge the digital divide across the globe. It creates opportunities for people by providing access to the digital world, with a focus on improving education.