Five simple and free steps to secure your business – Step four: Clear your Downloads folder

Understanding Cybersecurity

Clear Your Downloads

On the majority of accounting firms computers there is a location hiding in plain sight, which contains an abundance of sensitive client information. Most firms don’t even realise that there is data stored here. But on every computer there is a Downloads folder, and on most peoples it balloons unmonitored to become a huge repository of client information.

How do files get there?

Every time you download an invoice from Xero, or a file from Suitefiles or Dropbox, a local version will be stored in the Downloads folder of your computer. All firms should have a version of secure file storage available and that’s where the majority of people will save the files that they need to save. The problem is that no thought is paid to the additional file left in the Downloads folder.

How this caused a breach in an accounting firm

We recently met a small 6 user firm based in Newcastle that experienced a breach due to the Downloads folder. The firm are a relatively new business, are 100% on the cloud, and enforce a strict no local documents policy.

An accountant at the firm had a laptop stolen and the firm took every effort to contain the risk. They reset all his passwords and locked him out of his email to minimise exposure. They thought that they would be secure as no data was stored locally on the device, but hadn’t accounted for the Downloads folder. In this were sensitive files that contained TFNs, and in under a week four of their clients had experienced TFN fraud.

How you can manage this risk easily

As a blanket rule we say to firms that if they’re ever using a shared computer they should check the Downloads folder at the end of the session. This needs to be done to ensure that they’re not leaving sensitive data for someone to then come along and access.

For personal devices we recommend setting up an auto-delete on your Downloads folder which automatically clears out all files every 14 days. There are instructions on how to set this up on our support page here

If you want to learn more about how you can secure your business, you can book in a Cyber Security Consultation with one of the team here

This article was written by Jon Melloy, Technical Marketing Lead at Practice Protect, who’s sole focus is protecting accounting firms’ reputations with tools, policies and education to keep data safe without sacrificing convenience.

 
Read more

Cybersecurity Training for Accountants: Best Practices and Top Solutions

In the intricate world of numbers and financial data, this guide emphasizes the indispensable nature of cybersecurity training for accountants, unveiling industry-specific best practices and highlighting Practice Protect as the go-to cybersecurity shield. Read more

How secure are password managers for accountants really?

Amidst increasing digital threats and recent breaches, accounts are being forced to ask themselves, how secure is my password manager really? Accountants need unparalleled security and peace of mind for their clients’ data. Read more

Staff Cyber Security Awareness Training During Tax Season: Essential Actions for Accountants

Explore actionable cyber security awareness training tips for accountants during tax season. Discover how Practice Protect, America's leading cyber security platform for accounting professionals, fortifies your firm against cyber threats. Read more