7 Essential Steps for Accountancy Firms to Take in the Event of a Cyber Attack

IT Management, Security, Insights

Accountancy firms are a rich target for hackers because of the types of documents they handle. Beyond the normal personally identifiable information (PII) that they store for clients and employees, Accountancy firms also handle sensitive information dealing with financial transactions, payroll information and sensitive business information.


Without a good cyber security strategy, your firm could suffer serious costs, including remediation of the security breach, reputation damage, and data privacy compliance penalties.


The steps you take after a breach can either increase or reduce the impact. Not having a cyber security response plan can lead to you paying much higher costs due to a delayed reaction.


IBM Security estimates that the global average cost for a data breach is €4.43 million. But organisations with a tested incident response plan can reduce that by €2.71 million, a savings of 39%.


Below we’ll discuss the vital steps that your Accountancy Firm should take immediately following the discovery of a data breach, ransomware incident, or another attack. Putting these into an incident response plan can save you millions in costs should your office suffer an attack.

Suffered a Data Breach? Here’s What You Should Do Next


Disconnect Infected Devices from Your Network


Many types of malware are designed to spread throughout a network as fast as possible. This is especially true for ransomware, which locks users out of their files through the use of encryption.


As soon as you discover that a breach has occurred, you should disconnect the infected device(s) from your network to try to contain the spread. This includes disconnecting the device from Wi-Fi and any hardwired ethernet connections.


You don’t necessarily want to shut off the device’s power until you’ve spoken to an IT professional. But you should isolate it from other systems, including any syncing cloud services.


Have a Professional Assess the Damage


Don’t try to deal with a cyber breach yourself. Unfortunately, people can make things worse if they do things like try to go online to download some free virus scanning tool (that could actually be a malware trap).


Instead, once your machine has been isolated, contact a trusted IT provider that can come and assess the damage and provide guidance. We have expertise and years of experience dealing with all types of data breaches and malware infections. This allows us to assess the issue and formulate a remediation strategy as fast as possible.


Remediate the Infection


Remediation of the infection is next. You don’t want more of your client files or sensitive Accountancy firm information being stolen while you’re dealing with the fallout. Once the breach is assessed, your IT security expert will begin remediating the breach to secure your network.


Determine Whether Client Data Was Breached


You will next need to find out what type of data was compromised. Did the attacker gain access to a client database with names, addresses, and phone numbers? Were sensitive cloud documents breached?


This is not usually a pleasant task to determine the extent of the breach, but it’s important because you will need to notify impacted third parties (such as your clients) that may have had their data exposed.


Contact Garda Cyber Crime


Not every business will contact law enforcement when hit with a data breach, even though they wouldn’t think twice about doing so if this was a physical break-in. But data breaches are break-ins as well, so they should be reported.


Reporting the incident has a few benefits:


  • You have a record of the incident for any potential insurance claims
  • Law enforcement can track the breach, which may connect to others that have been reported
  • Your police report can be referred to in data privacy compliance reports and shows responsibility on the part of your organisation


Carry Out a Notification Plan According to Data Privacy Requirements


You will need to review the data privacy regulations that your Accountancy office is subject to, such as GDPR, and make notifications to third parties according to the guidelines. If notification isn’t made in a timely manner, it can lead to penalties, as well as a significant loss of trust in your business by those you need to contact.


Improve Defences to Stop Future Breaches


Once, you’ve handled the most time-sensitive steps above, next, you will want to reinforce your defences to ensure this type of attack doesn’t happen again. A good way to do this is by having a cyber security assessment performed.


A cyber security assessment can include things like penetration testing, which helps an IT provider pinpoint specific weaknesses in your network that need to be fortified.

Schedule a Cyber Security Assessment with FutureRange Today


Don’t wait until you had a breach to have your security posture assessed. We can perform a thorough cyber security assessment, including pentesting, to locate and make recommendations for any potential areas of weakness.


Contact us today to schedule a consultation. Call +353 1 2960 560 (Dublin) +353 6140 0230 (Limerick) +353 21 2427974 (Cork) or reach us online.





Some related posts

What is SASE & How Does it Promise to Future-Proof your Network?

Exploring the Power of Chat GPT: Key Takeaways from our Recent Webinar

How to Safeguard your Law Firm from Insider Risks – Business Plus