Cyber Security Year in Review (2019)

As we welcome in a new decade, we take a look into what the cyber security landscape looked like in the past year. 

In just the first half of 2019, data breaches exposed 4.1 billion records. This is the highest amount on record, making 2019 the worst year for cyber security (and the best for cyber criminals). 

We’re also seeing that whilst small business scams don’t make the headlines, they’re still amongst the common. Small businesses are the target of 43% of all cyber attacks (Verizon 2019 Data Breach Investigations Report). It is all too easy to underestimate cyberattacks with the mentality that your firm is too small to be targeted.

Accounting firms are still proving to be attractive targets for cybercriminals due to the large amount of sensitive data they hold. Over 60% of all leaked records exposed in 2019 were from the financial services sector.

Read below for the most common cyber security concerns, and see how 2019 fared: 

Human Error

The human element is still a threat in the cyber security landscape

Human error has been acknowledged to be the prime contributor to data breaches in the past few years. 2019 was no exception to this trend.

It’s not only disgruntled former employees that are the causes of breaches. Team members who unknowingly fall victim to a scam make a firm susceptible as well. Social engineering, phishing, or even lax measures in terms of team members using public WiFi can expose sensitive files and leave a firm open to a breach.

In 2019, a study revealed that only 3 in 10 employees currently go through annual cyber security training.


Phishing still made up a huge percentage of cyber attacks in 2019

Scams that attempted to gain personal information and phishing emails/schemes reached 50,320 reports in 2019. This is a lower amount from 2018’s 57,060 reports. However, the reported amount lost from these attacks rose from $10.3 million in 2018 to $14.6 million in 2019. 

About 30% of phishing emails are opened by users, and 12% of those users click on the link or attachment in these emails. Team members who aren’t trained to spot phishing emails make the firm vulnerable to data breaches. 

Only the larger firms have systems in place to automate potential cyber attacks, while smaller firms generally just depend on manual processes. In some cases, some smaller firms have no processes implemented at all. 

Want a handy guide to spotting a phishing email? Check out our resource on Spotting the Scam here.

Password Management

How does your team manage their passwords?

The average accounting firm uses numerous applications in their day-to-day activities.

Accessing an application of course requires using passwords, which leads to the ‘password sprawl’ problem. In other words, this is having too many passwords to keep track of. This leads to team members either reusing passwords for different applications (daisy-chaining), or using easy to guess passwords.

A good practice is to use passphrases instead of passwords to access your applications. We explain how to do this in our blog post here

Incident Response Plan

Having an incident response plan is always advisable in case of a data breach

Small businesses are the target of 43% of all cyber attacks (Verizon’s 2019 Data Breach Investigations Report).

In a 2019 survey among 500 senior decision makers at SMEs by Keeper Security, they reveal that 60% of the respondents do not have a cyberattack prevention plan. A sobering fact is that 67% of SMEs experienced a cyberattack in the last year. 

2019 has taught us that an incident response plan to a data breach happening at your firm is essential. Never underestimate the risk that your firm could be the victim of a cyberattack. 

The landscape of cyber security is ever-evolving, with cyber criminals getting smarter year on year. To counter these concerns, make sure that your team are aware of the risks your firm could be in. Additionally, it’s good to be aware of what practices you could put in place to protect your client data. Request a free consultation from us, where we look into your firm’s security practices and suggest tailor-made solutions if any risks exist.