Accountants across the world are being smashed with a new scam that could leave them with a hefty bill. The scam, which is also known as ransomware, involves hackers gaining access to your computer system and locking you out until you pay a ransom. In this blog post, we will discuss how often this happens and some simple steps to survive.
Here are the verifiable facts about how many and who’s getting hacked.
There are approximately 89,680 Accounting Services businesses in the United States as of 2022, 1200 of these firms have been affected by data breaches in the year 2021.
One of them is Deloitte
The Guardian discovered information indicating that Deloitte’s business email system had compromised data belonging to clients in all of the aforementioned areas. Among the participants are well-known corporations and government institutions from the United States. So far, the corporation has warned six customers that the theft may have “impacted” their data. Deloitte is conducting an internal investigation into the event. According to The Guardian, Deloitte discovered the breach in March of this year, but hackers may have obtained access to the company’s networks as early as October or November of 2016 (Tanyi, & Watson,2019). The cybercriminal gained access to the company’s global email system by utilizing a “administrator’s account,” which granted them “access to all areas.” According to the information acquired, only a single password was required to get access to the account, rather than the more secure “two-step” procedure. The outgoing and incoming emails of Deloitte’s 244,000 employees are kept in Microsoft’s Azure cloud service. It is essentially Microsoft’s response to Amazon Web Services and Google Cloud Platform, two other popular cloud computing companies.
There are approximately 5042 Accounting Services businesses in New Zealand as of 2022 according to the DNB business directory platform. 12 of these firms have been affected by data breaches in the year 2021.
One of them is BDO New Zealand.
BDO New Zealand disclosed the discovery of a data breach on September 2021. The company detected the problem after conducting an internal audit that led to the realization of missing client data. Over 100,000 clients’ data was affected which led to damages of more 20 million USD. Some of the missing data included clients’ names, addresses, birthdays, Medicare card numbers, and even genders were all collected. Customer-submitted claim numbers were among the stolen money-related data.
It’s estimated that there are approximately 43,250 accountancy firms in the United Kingdom. The majority of these are fairly small in headcount—around 80% of them are made up of four or fewer employees, not necessarily surprising given the UK’s well-developed freelance professional services market. 1801 reported cases of data breaches and among those that were affected was Ernst & Young.
Due to a security flaw, the personal information of over 1.5 million Ernst & Young clients was compromised (Abbasi,2022). Although the cyber attack is thought to have begun in December 2021, the security flaw was not noticed until June 2022. Customers’ names, ID numbers, and Social Security numbers were among the sensitive information obtained by the hackers. To underline what Ernst & Young has said, there is no proof that this information was exploited.
According to the official website of the government of Canada there are 53,968 accounting and audit firms in Canada. 2042 of these firms have been affected by data breaches in the year 2021.
One of them is KPMG
KPMG has found that an external entity gained access to its system on July 28, 2022, based on their research. They remained on the system until KPMG identified them on August 19, 2022 (Foya, & Garikayi, 2022). The data breach exposed 235,000 customers’ names, social security numbers, and other financial information.
As of 2022, there are approximately 34,396 businesses offering accounting services in Australia. 2,786 of these firms were affected by data breaches in 2021.
One of them Grant Thornton Australia
A Grant Thornton Audit Australia has been the subject of a credential stuffing attempt for a cause. Hackers utilize stolen email addresses, user names, and passwords to gain access to competitive businesses’ accounts. The justification for this attack is based on the common practice of reusing login passwords across multiple internet services. Cybercriminals launched their attack at the end of July 2022, but it wasn’t discovered and stopped until the middle of August. Nearly 200,000 accounts were stolen, and hackers obtained personal information including names, addresses, phone numbers, creation dates, gender, and reward history (SEEMA, 2022).
How can you protect yourself if these giants can’t?
As you can see, it doesn’t matter how big your firm is or how good your IT team is, so what can you do to protect your firm from outside threats? The following simple steps can save you a massive amount of pain, expense and financial loss.
- Always use Multifactor Authentication, (MFA) without exception, and train your employees to never skip this step even if the computer system will allow it.
- Back up your data, even when companies pay the ransom, the typical amount of retrieved data is 75%, what’s that other 25% worth to your company and reputation? Backup daily if possible, find a way to automate the process, and audit the information monthly.
- Have a Disaster Recovery Protocol. Know in advance what to do in the event of a hack. Whom to call, what steps to recover and how to block the attackers are all important steps. If you wait until you’ve been hacked to figure these things out, the harm escalates quickly.
- Train your employees about cyber security, there are many resources available that are cost-effective to ensure your employees are not the cause of a hack. Statistics show that employee error is the most common reason for a successful hack. Be proactive, and educate your employees.
Many firms think that because they are operating on the cloud that they are protected. This is not true. Most cloud platforms have robust security but hackers know how to manipulate systems in multiple ways and new methods and tools are created every day. Cyber security is always playing catch up. So, backup your data, use MFA, educate your team, and have a plan for what to do if the worst happens to you.
If you need a template for a Disaster Recovery Plan, reach out, we love to help! https://wowzerbackupandrestore.com/policies/