Financial service firms need to prioritize cybersecurity practices this busy season, as they continue to remain under risk from cybercriminals, warns Alan Hartwell, Chief Technology Officer at IRIS Software Group. Such firms are a top target for cybercriminals as they house highly sensitive client data, as demonstrated in the 268 financial services data breaches that took place in 2022 alone.
According to cybersecurity firm Cybersecurity Ventures, a ransomware attack will occur every two seconds by 2031 and cost victims $265 billion annually. Hartwell stresses that the cybersecurity landscape changes swiftly and cybercriminals are constantly looking for weaknesses to exploit.
In a recent cyberattack, hackers targeted CPAs and tax preparers during a busy tax season, which could potentially have allowed them to acquire sensitive financial data. A security breach can cause irreparable damage to firms, leading to a loss of trust from clients and monetary losses.
Once cybercriminals steel data from a company, reputational and monetary damages could be long-lasting. A common technique that cybercriminals use to exploit sensitive data is by requesting a high ransom payment from the firm and threatening to leak the data if the ransom is not paid. Theft can also lead to the loss of intellectual property, impacting a company’s growth, and the loss of current and prospective clients.
As the cybersecurity landscape shifts, firms need to prioritize cybersecurity practices to prevent breaches and safeguard valuable client data. It is important to have a robust Chief Data Protection Officer or a third-party dedicated to cybersecurity to ensure that systems are consistently updated. It is also important to implement multi-factor authentication to prevent fraudulent access and ensure digital document storage protection. Hartwell stresses that cybersecurity training should inform employees of phishing risks, personal data protection, and cybersecurity best practices.
Firms should also extend this expectation of cybersecurity to third-party vendors. Third-party vendors need to have cybersecurity protocols, data protection measures, functionality, integrations, and capabilities. Cloud-based SaaS is usually the best way to ensure data security. SaaS providers often have the resources to dedicate time and personnel to ensure system security for their clients. In contrast, firms often face resource constraints that inhibit them from hiring dedicated cybersecurity staff, making it challenging to exert the same level of security diligence on on-premise systems. Turning to cloud-based systems provides a cost-effective solution, allowing firms to focus on what’s most important – providing value to clients.
Although adoption of cloud-based technology has been slow within the accounting industry, it is essential for safeguarding the future of a firm. Hartwell concludes that with proactive protection measures in place, firms can focus on safeguarding vital corporate and customer data and delivering value to their clients.
About the Author
Alan Hartwell is the group chief technology officer at IRIS Software Group. He is responsible for evolving IRIS’ cloud software offering and further developing its product engineering capabilities to support its increasingly international expansion. Hartwell brings over 25 years’ senior level experience supporting and leading the acquisition, consolidation and integration of products and technologies. He can be found on LinkedIn and at the IRIS Software Group website.