Accountanting firm - Protecting clients banking passwords and credit cards

​

SG1 Cyber Security recently conducted a cybersecurity review for an accounting firm with 20 employees and hundreds of business clients. The results were eye-opening, highlighting how important it is for accounting firms to take their responsibility for safeguarding client information seriously.

​

Accountants hold a privileged level of access to highly sensitive client information such as bank passwords, accounting software credentials, and credit card details. This access is critical for efficiently managing their clients' financial needs—from reconciling accounts to handling transactions and ensuring accurate financial reporting. However, this level of access also makes accounting firms prime targets for cybercriminals seeking to exploit that trust for financial gain.

​

During the review, SG1 Cyber Security identified a serious business risk: client passwords were being stored insecurely across various platforms, including email, SharePoint, and Teams (even within chat messages). Alarmingly, all employees had access to every client's credentials. This meant that if a single employee's account were compromised, a bad actor would potentially gain access to all client passwords and sensitive financial data.

​

The potential consequences of such a breach could be catastrophic. Not only could clients face severe financial losses, but the accounting firm itself could also face the possibility of closure due to a mass loss of client trust. At the very least, the firm would need to downsize and could spend years trying to rebuild its reputation and client base.

​

SG1 Cyber Security provided the accounting firm with a comprehensive report that included clear recommendations, timelines, and an assessment of the impact on staff for implementing new security measures. These controls and procedures were designed to protect client information and drastically reduce the likelihood of a devastating security breach.

​

By following these recommendations, accounting firms can ensure they are not only meeting their professional duty to protect their clients but also securing the future of their own businesses.​​