The growing threat of cyberattacks remains for all UK businesses. It could result in Cyber Vandalism – such as the publication of a fake terror attack at UK stations thanks to an admin error that impacted National Rail, fake voices and images – known as a deepfake attack – scammed the British design firm Arup out of $25m (£19m) or a ransomware attack on payroll data at the Ministry of Defence. Incidentally, as well as data, ransomware gangs stole more than $1bn last year, according to US blockchain analysis firm Chainalysis.
Cybersecurity challenges in finance
The Finance Department is a natural target for cybercriminals as it has access to the company bank accounts and other sensitive strategic information. One of the most common attacks is via phishing, which embeds malicious links within an email or it could be an email that purports to come from a senior director demanding that a payment be made quickly to a new bank account. With so much information available publicly, it’s fairly easy for a cybercriminal to discover the names of senior executives and accounts payable to create such emails.
With the increasing use of cloud-base software, apps and other third-party systems that are all interlinked, once a cybercriminal has access to one system, they are likely to be able to use other systems, expanding their reach across the company. And of course, the larger the company, the more suppliers it is likely to have, each using their own systems. The problem is compounded when third parties have access to company systems or are required to use apps to carry out their work.
Finance Directors and Chief Information Officers need to collaborate
Whether the cyberattack results in stealing finances, data, or sensitive information, the business will be impacted in terms of cash flow, lost sales, damaged reputation, disruption, or even fines. Cyberattacks cause some firms to go bankrupt. Whatever the impact, Finance Directors are on the frontline with trying to keep operations running, disruption to the minimum, and financial impacts and penalties low.
While cybersecurity does not fall within their traditional remit, Financial Directors are good at risk management – and with the potential for a huge financial and regulatory impact, working with the CIO or outsourced tech team is imperative.
Consider this:
If your company is targeted by a cyber attack and you can not access your systems, how do you pay your invoices or manage payroll?
If it’s a ransomware attack, do you pay the ransom in order to reclaim access to your data, which could include sensitive plans or strategies?
When the CIO claims the need for various security measures, the FD needs to sign off the expenditure. Without working together to understand the potential risks, how can the cost benefit be quantified?
FDs need to plan for when a cyber attack happens
Many security experts, including the UK National Cyber Security Centre, agree that it’s no longer ‘if’ a cyber attack happens, it’s ‘when’ for most medium to large businesses and corporations. Therefore, FDs need to be proactive and create a plan for what they will do when a cyber attack happens, working with the IT and security teams but from the FDs perspective, concentrating on the financial implications in all their guises.
How to protect your company’s financial data
There’s no easy way to answer this question.
In short, FDs and the leadership team need to treat cyber security decisions as business decisions. Rather than considering the cost of implementing security, they need to ask ‘what is the risk or exposure to us if we are attacked? Cybersecurity is a business problem and may require changes to processes and decision-making in order to protect the company.
Practically, there are some actions that may be taken.
Working with your security team and CIO, a cybersecurity risk assessment could be a good place to start. It will highlight areas where your finance department has weaknesses. of existing systems and processes. Every UK-based business should sign up to and meet the requirements of Cyber Essentials, a Government-backed certification scheme that helps keep your organisation’s and your customers’ data safe from cyber attacks. You may also want to consider Cyber Essentials Plus, which is a more comprehensive certification process that is backed by an external audit. Both are run by the NCSC.
Other actions you could take include:
- Contract a third party to run a simulation of an attack, so you know what could potentially happen and the impact it would have on you and your customers. It will also help you put a plan in place to both mitigate and handle an attack.
- Update your accounting software regularly including adopting all security patches and updates.
- Use a cloud-based accounting software that includes security and often a global support team to prevent or mitigate the impact of attacks.
- Limit access to financial information. Understand what is “sensitive” financial data for your company and consider who really needs access to this type of information on a regular basis. Limit access where possible.
- Multi-factor authentication adds an extra layer of security to your apps and accounts. Taking multiple steps to log into your account can be inconvenient at times but if it helps prevent an attack, it is worth the extra few seconds.
More comprehensive actions include:
- Accurately classify assets and their associated risk
Many businesses don’t know what data they have or understand how critical it is to the business or their customers. Taking time to understand the data or information and considering it as an asset will help quantify its value. Only then can the correct security be levied.
- Educate all employees about cyberattacks
Educating employees about cyber threats and sharing how their actions can expose or protect the business is critically important. Everyone needs to know the risks and how to prevent vulnerabilities – even the experts can be convinced to open emails from unknown people and click links that they think are secure. This is a message that really needs to be taken seriously so ensure that everyone knows how important it is – and how easy it is to be taken in by a criminal.
3. Monitor your data and systems in real time
As AI improves, it can detect anomalies and threats in your IT system. It can even predict attacks and shut them down if recognised. These tools will improve your ability to detect and respond quickly to cyberattacks and reduce their impact. If you are at high risk of an attack, consult the cyber security experts.
4. Use third-party suppliers that follow the same security standards as you
Whilst you can’t tell your suppliers what cybersecurity they need, you can insist on minimum levels of security before you will work with them.
5. Check your insurance coverage and potentially include reputational damage
Understand what your insurance covers and whether that includes your business priorities. Keep any insurance documents offline so they are always available if your systems are not.
How can we help?
The HB team is always available to support your accountancy needs and discuss ways to boost your productivity.
Whilst we’re not cybersecurity experts, we are aware of how cyber attacks can impact your business and what we can do to support you in advance and if the worst happens. There is also lots of information and advice available from the experts at the NSCS here.
If you would like to learn more about the services that we offer, discover how we can give you real confidence in the future of your business, or if you are a larger business that requires auditing, then contact us today. We’re accountants for business and we are here to help you grow efficiently.
The information contained above is for general guidance purposes only. Whilst every effort has been made to ensure the contents are accurate, please note that each individual has different circumstances and it is essential that you seek appropriate professional advice before you act on any of the information contained herein. HB Accountants can accept no liability for any errors or omission or for any person acting on or refraining from acting on the information provided in the above
- Cyberattacks – why FDs and CIOs need to collaborate
The growing threat of cyberattacks remains for all UK businesses. It could result in Cyber Vandalism – such as the publication of a fake terror attack at UK stations thanks to an … Continue reading - Why and How to Verify Your Identity with Companies House – A Must for Company Directors and PSCs
From 2024 onwards, Companies House has introduced important changes as part of the Economic Crime and Corporate Transparency Act. One of the biggest changes is the requirement for certain individuals to verify … Continue reading - HB Accountants Launches Inspiring Work Experience Initiative Across Borough of Broxbourne and We’re Just Getting Started!
We’re thrilled to announce that the HB Accountants Work Experience Programme has officially launched giving local students the opportunity to rotate through five different businesses over their week experiencing the workplace. - Hello from Livingstone! Talking to Gertrude
Sponsoring a university student in Zambia via the charity African Impact Foundation, has been an eye-opening experience for the HB team. Gertrude is studying for her Bachelor of Business Administration in Accounting … Continue reading - Company Directors and Partnerships – you need to be aware of these Companies House Changes
The registration system used by Companies House is changing in 2025 due to the Economic Crime and Corporate Transparency Act. The changes are designed to prevent fraud and ensure that businesses are … Continue reading - 3 reasons why a local accountant is better for your business
You may not know that local accountants HB Accountants, based in Hoddesdon in Hertfordshire and on the Essex border, was originally a London accountancy practice. We moved out to this lovely market … Continue reading
