Cybersecurity for accountants: the most common threats and how to avoid them.

Cybersecurity for accountants: the most common threats and how to avoid them.

Moving away from a paper-based office has been welcomed by accountants worldwide. Working online has allowed accountants to take on more clients, save hours of time every day, automate many of the repetitive tasks, and enjoy unprecedented freedom that comes with having a digital office. 

However, there is a price to pay – it all comes down to cybersecurity, or in broader terms to making sure that your clients’ data is well-protected from cyber-threats, such as personal data theft, identity theft, viruses, malware, and different types of breaches. It’s not easy, as attackers are continuously engineering new ways of how to get access to sensitive data. 

This article will list some of the most dangerous types of threats that accountants face, as well as security measures that can be taken in order to protect your accounting business from those security breaches, keeping the client data safe.

What makes accountants vulnerable?

Between 2017 and 2018 the IRS recorded a 29% increase in data theft among tax firms, with up to 7 cases of malicious web activity reported each week. According to the tax authority, this increase “represents a significant trend in tax-related identity theft, and it’s a sign that tax professionals must take stronger measures to safeguard their clients and their business”.

The sheer number of sensitive financial information that a typical accountant has at his or her disposal makes them a likely threat. 

What are the most common threats to accounting security?

According to a report by a security firm TrendMicro, phishing accounts for 91% of all cyber-attacks. 

What exactly is phishing? It’s defined as any type of malicious activity that happens via email to deliver malware and steal sensitive information. These emails have been becoming increasingly difficult to spot, as they can expertly disguise themselves as office communication (among popular phishing email topics are software updates and other IT communications, general office communication, employee wellness), and more general things like retail, shopping, or simply news. 

When you click on a link in such an email, it can give attackers a foothold in your corporate network with access to personal data (employee credentials, social security numbers), intellectual property, and financial information (which includes anything from credit card data to confidential tax reports). 

Ransomware is another problem, often mentioned by respondents. It is dangerous for accounting practices as it can infect computers, networks, and servers, which can result in a loss of sensitive data and a need to redo months worth of accounting work. 

Outdated software can make your practice vulnerable to attackers. 

Single-factor authentication protocols, weak passwords, and weak perimeter defenses with open access from the Internet can also be a dangerous factor. 

What can you do to protect your clients and business from cyber-attacks?

Protection from phishing attacks

When it comes to protecting yourself from phishing attacks, the following steps can help you:

  • Double-check any links before you click on anything in an email. Remember to hover over it to see if the destination URL is what it’s claiming to be. You can also make a habit of typing out the links manually instead of clicking on them.
  • Carefully examine each sender. When you get an email from an unknown sender, especially if it asks you sensitive questions about financial data, or invites you to click on a link, make sure you understand what this refers to. This holds especially true for any emails asking you to send/receive/transfer money or information about such operations. 

Ransomware detection

It’s highly recommended that you invest in professional antivirus software and a fitting firewall, only use licensed software as a rule and take precautions when purchasing accounting software in general by paying attention to the security measures they have implemented in order to protect their users.

Multifactor authentication

Top security experts recommend that everything in your practice has at least a two-factor authentication protocol protecting the confidential information. Passwords containing dictionary words and easy-to-guess numbers aren’t suitable when it comes to financial data. 

Pro tip: Accountants can use password managers, such as LastPass and authentication tools like Duo to manage multifaceted passwords. 

Professional software

The most professional solutions understand the risks that accountants face, and provide extra security measures. For example, Synder allows your clients to enter their sensitive data when connecting payment processors to accounting platforms, with you and your colleagues having no access to their payment processor passwords. This protects you in case there’s a problem with your client’s payment platform security. 

When investigating software options, ask a potential provider about special measures they have taken to protect accountants from cyber-threat. 

Clear policy

Legally, the Gramm-Leach-Bliley Act of 1999 requires all financial institutions to maintain information security plans. It’s important to understand that tools do not always provide acomplete solutions, and it’s helpful to create a very clear data security policy, covering all key IT aspects, and to annually review it, making changes when necessary.

It’s paramount that your staff is trained accordingly to ensure compliance and safety. 

Information about necessary requirements can be found in IRS Publication 4557, Safeguarding Taxpayer Data. The IRS also created a new Publication 5293, Data Security Resources Guide for Tax Professionals, which compiles numerous resources from 


It’s no secret that an accountant in 2020 is a business adviser. It will be fitting this role if you could train your clients to take similar measures in order to protect their data. The better you are protected, the better they are – and it goes both ways. 

Smart security measures taken in advance can minimize the risks of data breach and ensure that your clients and their businesses are protected. 

Fanya Becker

Fanya Becker

Fanya Becker is a Synder expert with sound experience in consulting various clients on automation solutions. She researches and provides guidance for small businesses on their path towards automating mundane and recurring parts of their workflow, works with professional accountants, and frequently interviews industry experts to create relevant and forward-looking content for Synder.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Add comment