ICAEW.com works better with JavaScript enabled.

10 steps to cyber security for smaller firms

Mark Taylor from ICAEW’s IT Faculty looks at how simple steps can reduce the risk of cyber attacks for you and your clients.

The 2016 government Cyber Security Breaches Survey shows that 65% of large firms have detected a cyber security breach, while 24% of all businesses have had some form of breach. Many businesses now recognise the need for good cyber security, however many are in need of basic guidance as to where to start.

The estimated cost of a cyber security-related incident varies widely. The Cyber Security Breaches Survey puts the cost at £36,500. However, Talk Talk for example saw its pre-tax profit for 2016 fall to £14m, compared with £32m for 2015. While clearly an exceptional case, the Talk Talk incident is evidence of the potential scale of a cyber security breach.

Few companies today operate without the use of a computer. Even if your company only makes use of basic email you are still operating under the threat of a cyber breach. It therefore makes sense to protect your IT systems with the same level of diligence as you would use when protecting your home or office.

Increasingly consumer rights are being better protected by legislation, for example the Data Protection Act. Any company that can demonstrate that it fully understands such legislation is in a strong position to gain the trust of potential clients. Having appropriate technology, processes and operating culture in an organisation will build a strong foundation for good cyber security.

The IT Faculty has created a guide on the basic steps you need to follow to start to secure your business: 10 steps to cyber security for smaller firms is based on UK Government advice.

Following these steps should reduce the likelihood of a cyber security incident by as a much as 80%. These steps apply if you are sole practitioner or SME. Whether you use online services or your own IT resources these steps apply equally well.

As a first step why not take our Cyber Risk Indicator test to see how exposed are you to the threat of cyber-attack?

Once you have implemented the 10 steps it is worth considering gaining Cyber Essentials accreditation, details of which can be found at cyberessentials.org. Being able to demonstrate good cyber security is a great way to build strong relationships with clients.

As the future of the profession evolves, the likelihood is that automation and self-service will have an impact. The role of accountants with strong data analysis and presentation skills will have the opportunity to expand and develop their skills into new areas. One key area will be advising clients on data assurance and cyber security related issues. Chartered accountants will have a key role in measuring and reporting on cyber security, privacy and compliance for clients in the future. Why not start today by discussing our 10 steps guide with your SME clients?

Additional advice and information can be found at ICAEW’s cyber security resource centre. Follow us on Twitter @ICAEW_ITFaculty

June 2016