Cyber Security threats Accountancy firms should expect in 2023


Accountancy practice management software has come a long way. Today, features like automated billing and reconciliations are easily integrated into the day-to-day practice workflow of Wolters Kluwer Tax & Accounting UK customers.

Our employees work side by side with our customers to create and manage these solutions – driven by a deep understanding of their needs and addressing the rapid changes in their environment.

However, it’s often hard to look beyond improving performance in day-to-day operations. Amid Brexit, the COVID-19 pandemic and other disruptions, accountancy practices and their clients are dealing with an unpredictable economic landscape. Future business planning can appear daunting.

However, technology can support accountancy practices (and their clients) in making informed business decisions, and planning for the future. In the first part of our Accountancy Practice Management for Future-Fit Growth series, we’ll explore how they can use technology to define and easily track Key Performance Indicators (KPIs). Doing so gives practices closer control of performance tracking, and deeper insights that will inform strategic growth plans.

Saving Time

For several decades, business technology platforms have enabled practices to track performance metrics that they have customised. This highlights areas that qualify for improvement and underpins strategic planning.

Contemporary technology, such as CCH KPI Monitoring, makes setting up KPIs faster and easier for accountancy practices than ever before. This is vital today. The current business landscape demands that firms assess and amend KPIs more frequently, based on fresh market variables. KPIs such as client retention rate and business time-to-recovery have become increasingly prominent performance indicators in the past year. If clunky technology makes KPI management difficult, practices have less time and insight to plan future growth.

Reducing Risk
CCH KPI Monitoring makes it far easier to track KPIs and report on them. This is fundamental in minimising risk. For example, if a KPI is set to track and escalate debt filtered by overdue dates, the ability to easily set alerts and automatically generate reports is critical to practice performance management.

Some practices are manually running monthly reports to measure KPIs. Others are running real-time reporting engines, a key feature of CCH KPI Monitoring. This latter solution allows practices to review essential data at any time – covering both performance management and compliance requirements. They can do so remotely or on-premise.

This means that firms can assess issues before they become problems, and thus act proactively. Real-time reporting is a true asset in building a future-fit practice.

The Proof is in the Practice
A number of Wolters Kluwer customers have been using CCH KPI Monitoring for several years now. Our customers look to us when they need to be right. Ryecroft Glenton has successfully integrated CCH KPI Monitoring with its own system. This consolidates information from several sources, including CCH Central and CCH Practice Management.

“We can use the year end date to trigger a sequence of reminders. Have we asked for the books? Have they been received? If a request to a client has been outstanding for a certain period, the partner will receive an alert via email. For limited companies, we can monitor the corporation tax and Companies House filing deadlines – as well as the different deadlines for pension schemes”

– Ian Smith, partner at Ryecroft Glenton

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Corporate events agency who benefited from greener graphics initiative

“Apogee are not just aprinting company, theyconsult with us and go onto deliver a full end to endservice from concept toinstallation. They go aboveand beyond and we lookforward to continuing ourjourney with them”

Accountancy firms will always be a serious target for cyber criminals due to their sensitive client information and the significant funds they handle. Extensive data consumption means they need to ensure they have the right technology in place to protect client information with the increasing threat from cyber criminals.

In addition, the sudden move to flexible working has resulted in many firms rushing to implement software and services to support remote working but are yet to properly secure even them 2 years down the line. A report by PwC, found finance & accounting firms are already at a 30% higher risk of becoming victims of a cyber-attack, making the need to improve their cyber resilience all the more important.

The pandemic has also pushed firms across the globe to speed up their transition to the cloud which presents further opportunities for attackers to exploit software vulnerabilities and insecure systems.

According to Accounting Today, since the start of the pandemic, accounting firms have seen a 300% increase in cyber-attacks. Action needs to be taken for 2023 and beyond, so here is a list of 3 key threats you need to be aware of;

1. People (flexi working & human error)
One of the main risks of remote working that is often glazed over is using personal devices for work purposes. It’s been found that 43% of employees use personal devices without permission from IT, and another 20% have no idea if they are allowed to. Not only can it lead to serious data loss and breaches, but it leaves room for use of unsecure apps to be used such as WhatsApp, which cannot be tracked, leaving data unaccounted for.
Another risk is employees using insecure Wi-Fi networks to connect to work systems and access sensitive data. Public Wi-Fi is notoriously insecure, meaning that data being sent or received on such networks is vulnerable to interception by cybercriminals. Encouraging or enforcing the use of tools such as VPNs can help tackle this.
Training is also highly important when it comes to human threats and is something that is again often overlooked. According to IBM, 95% of cyber security breaches are a result from Human Error. Taking the time to properly train your users can instil a positive environment around Cyber Security and using tools that regularly provide nano training can be helpful to keep staff up-to-date and hyper aware of what to look out for. With the correct training and support, employees are more likely to report incidents when they happen (it’s only a matter of when) allowing them to be dealt with promptly and efficiently.

2. Ransomware attacks
Ransomware is malware that encrypts files on a user's computer, preventing them from access until a ransom is paid. Sometimes the attacker will also threaten to publish the victim's data online if a ransom is not paid by a specific deadline. Unfortunately, there's no guarantee that paying the ransom will ensure the files are decrypted and often results in additional costs.
This type of attack can be incredibly damaging for firms, particularly if the attack prevents them from accessing critical data or essential systems needed to operate. In addition to downtime and reputation, firms could also face an average fine of £15,000 if the necessary measures to protect their client's sensitive data were not taken.
By implementing tools that help prevent against ransomware, before the file is even downloaded, you can easily protect against this.

3.
Email Phishing
Most ransomware attacks start with the human element via email. Email is notorious for lacking security, being clunky and leaving room for human error.
Phishing is a scam where an attacker sends an email or message purporting to be from a trusted source to trick the recipient into revealing sensitive information such as passwords. Many attackers are now increasingly sophisticated and will use social engineering techniques to get recipients to open emails, by using familiar terms or mentioning colleagues' names. Once a phishing email is clicked on, the attacker can easily install malware on their computer or gain access to sensitive data.
One of the most impactful ways to combat phishing attempts is through staff training, phishing tests and by using intelligent technology that can filter and highlight suspicious emails and activity.

Whilst these aren’t the only 3 threats, it’s a great place to start or improve your cyber defence against attackers. Contact Nikec for more advice on how to enhance your security posture.

Dec 2022

Can accountancy firms catch up on diversity? 3 ways tech can help

Despite accountancy firms investing in diversity and inclusion programmes, recent figures suggest that the diverse make-up of the accountancy workforce is falling behind its counterparts. So what’s holding them back?  

Overcoming your IT challenges with a Managed IT Service

Is your IT presenting you with more than your fair share of challenges? A Managed IT Service may be key to overcoming them.

Accessibility, context and automation will help accountancy firms achieve digital distinction

Digital Distinction will be central to the continued success of established accountancy firms competing against the new wave of digital native companies, says Ville Somppi, Vice President of Industry Solutions at M-Files, a global leader in information management

The Growing Need to Stay Connected

The last few years have been a valuable lesson in the importance of staying connected with each other and our clients.  With a whole raft of digital tools at our collective disposal, hybrid working now commonplace for many businesses and consumers becoming more demanding, it has become challenging for accountancy practices to deliver excellent and consistent customer care.

Most QuickBooks & Xero users are at risk, here's why:

What would your business do if you lost all transaction data from the last 6 months or if you lost some accountant data just before you had to submit your accounts to HMRC? How would you be able to fix it in 90 seconds and get your business running smoothly again?