man clutching laptop
tacojim_istock_man with laptop

Top Security Threats for Firms to Address in 2016

Oct 20th 2015
Share this content

While many firms are planning on what their practices will look like in 2016, and even beyond, they also need to prepare for what threatens theirs and their clients' data the most.

Neal O'Farrell, founder of The Identity Theft Council and for-profit security education company, Privide, notes that financial advisory firms of all sizes are actively targeted by hackers in search of client data.

In a recent report in tandem with global accounting association BKR International, O'Farrell stated that there is increased discussion in the United States about government regulation of security, including mandates for financial services firms to implement minimum security procedures.

“Most experts agree that the most powerful security technology of all is wedged right between our ears,” he said, emphasizing the “people factor” in data security. “Personal awareness and vigilance are key to security. There's something for everyone to learn about cybersecurity in every company.”

To help firms prepare and remain aware, O'Farrell compiled a list of the top cybersecurity threats facing accounting firms, as well as some guidance for firms, in 2016:

1. Your Own People

People are always top of the list, especially for smaller firms. Untrained employees will continue to make mistakes that will be quickly exploited by hackers. Leaving passwords easily accessible, not logging off of systems, and clicking through or downloading malware are just some of the threats.

2. Spear Phishing

Hackers are getting smarter about sending more targeted and believable phishing emails to employees and executives, getting them to click through or respond more often. For example, the scammers will send an email addressed from a friend you know, a client, or a business you use frequently. Their goal is to collect passwords, credit card information, or client data. Enforcing not clicking on any unknown or questionable links should be a key policy in any firm.

3. Undetectable Malware

Hackers are increasingly using encrypting services to test their malware before they send it out, ensuring that most anti-virus software won't catch it. Malware may plague your computer with pop-up messages that your PC isn't secure and to download security software. Before you click through any requests to update software, run an anti-virus scan or check with your IT department on legitimate updates.

4. Cyberextortion/Data Ransom

The three main types of data extortion include ransomware, in which hackers encrypt your data and then demand payment to unlock it; data and security breaches, in which hackers demand payment to stay quiet about their success at breaching your system; and personal information extortion, in which hackers access sensitive client data and communications and demand payment not to publish it. Avoid opening suspect email attachments. Make sure that your data is regularly backed up separately from your PC or laptop, and that you update your security software suite.

5. Third-Party Attacks

Third-party attacks happen when hackers gain access to your firm's information by going through more vulnerable third parties, such as retail sites, website management services, or even payroll providers. It is important to understand the security protocols of services you use that may be connected to your firm's server or computer systems. Do not stay logged on to services you use through firm personal computers.

6. Mobile Attacks 

Firms and clients are experiencing an increase in mobile attacks and malware because people are using phones and tablets as their primary computer and Internet connection. If your employees or clients are accessing your firm's data through mobile devices, those devices need to be considered in your firm's security policies and protocols.