*This blog is part of the June 2023 Thought Leader newsletter
It’s the shrug heard ‘round the business world. You probably can’t go a day without reading something about cybersecurity—a news story about a breach, a scary email from a vendor or maybe a column like this one. Security is a big deal, and everybody knows it. So, why is nobody investing in it?
OK, there’s some hyperbole in saying nobody is investing in cybersecurity. Of course, a lot of businesses are, as they should. But small businesses aren’t, for the most part.
Fewer than 30% of small businesses recently surveyed considered cybersecurity an investment priority, with business owners instead focusing on financial, productivity and customer relationship management software.
Small businesses (and firms) are behind the security curve
If you own a small accounting firm, you might be wondering why any of this is relevant to you. Well, a small accounting firm is a small business. But it’s not a typical small business. It’s a business that regularly deals with the most sensitive and valuable information its clients have: accounting and financial data. And that type of data is just what cybercriminals are looking to steal.
Consider this: Just a few months ago, almost half of executives surveyed by Deloitte said they expected the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead. Almost 35% had been the targets of cyberattacks on their accounting and financial data in the 12 months leading up to the survey.
Look at those numbers carefully: The attacks discussed in the survey targeted accounting and financial data, specifically. That’s the type of data your firm has for every client! It’s the lifeblood of your firm, and it’s squarely in the crosshairs of criminals who want to steal it and charge you a ransom for its return—which still isn’t guaranteed—or just sell it to some other cybercriminal outfit.
Cybercrime isn’t like crime in the physical world
A data breach could not only damage your firm, but it could also shut it down. The threat to organizations of all kinds is real: A 157-year-old college shut down last year in part because of a cyberattack. Still, some small firms and businesses seem to take a dangerous attitude toward cybercrime, namely the misplaced idea that “it couldn’t happen here.”
Well, it could. Crime online doesn’t work the same way as crime in the physical world. Fair and just or not, there are some neighborhoods in cities that are safer than others. There are also some cities that are safer than others for a lot of reasons. A remote cabin in the woods is statistically far less likely to be the site of a random break-in than a house in a high-crime neighborhood.
But that’s not how cybercrime works. Running a small accounting firm isn’t tantamount to living in a cabin in the woods. There are no cabins online. There are no neighborhoods where people don’t lock their doors, or there shouldn’t be, at least. And the fact is that since you’re in accounting, you’re in a bad cyber neighborhood whether you want to be or not. Your client data is valuable. Your firm is a target.
Don’t skimp on investing in cybersecurity
At Right Networks, we occasionally hear owners of accounting firms say they just don’t want to spend the money to secure their firms. They’d rather invest in some other area. Apparently, other small business owners feel the same way. But that’s such a misguided and dangerous stance to take. Everyone has a limited budget, but security is not the area to skimp on in order to save money.
First of all, cybersecurity doesn’t have to be expensive. The right hosting provider will secure all of the applications you run in the cloud and the data you store in those applications. That same provider can provide protection for the devices you and your employees use to do your jobs every day. Plus, a good partner can train your employees to avoid cyberattacks. You can get all of that for a monthly payment that’s easy to work into your budget.
Beyond that, spending money on accounting technology but failing to invest in cybersecurity is a little like buying a Ferrari and leaving it unlocked on a busy city street…and then contacting all the car thieves recently released from custody and telling them where the Ferrari is and how to find it. It’s just not smart. Cybersecurity has to be a priority for your firm because the reality is that your business is in danger every day.