Remote working and an underestimation of cyberattack threats are making life easier for accounting firms to be cyber-attacked. As a result, there has been a 300% increase in cyberattacks, often in tax season when deadlines for year-end or tax returns are due from accountants.

An accounting firm makes an attractive target for cybercriminals for a variety of reasons, particularly because these firms hold large amounts of confidential and sensitive client information which has considerable value to cybercriminals. This sensitive client data is handled by accounting firms and includes financial details, tax returns, identification numbers, asset investments, corporate strategies, and intellectual property for both private individuals and businesses. If any of this data is leaked, it could result in financial loss and damage to reputation.

These cyber-attacks are not just focused on large firms such as Deloitte and PwC, but it is the high-profile names that get most media attention after an attack. In fact, it is the traditional accountancy firms (small-mid market) that are seen as soft targets. This is because larger organizations often have greater security budgets and resources to implement strong defenses, while smaller businesses may not have the budget or internal resources to invest in the same level of IT security. Therefore, after an attack, smaller businesses don’t always have the same resilience as a larger firm. As a result, clients question whether they can trust the business with their confidential data and financial information, losing confidence in the firm and its operations. Similarly, potential clients would think twice about whether it’s wise to use a company that has been a victim of an attack and instead go to the competition.

Reputation and brand damage are only some of the results of an attack on accounting firms. Cybersecurity breaches can also have significant financial consequences, with the global average cost of a data breach of $5.11 million for larger organizations, and $2.65 million for smaller organizations (those with between 500 and 1,000 employees), according to an IBM and Ponemon report. Costs to businesses include aspects such as the cost of investigation to identify the root cause of the data breach, incident response team organization, legal and consulting services, and lost business. The average time between when a data breach occurred and when the breach was contained is about 279 days, according to the same report.

To reduce the vulnerability of attacks, firms should be aware of the type of cybersecurity threats which their businesses face.


Malware is the most common threat to accountants. According to the IRS, around 91% of all cyberattacks are initiated by a phishing email that entices the recipient to open a link or attachment containing malware. After malware is downloaded, attackers can steal passwords, track keystrokes, or access sensitive client data.


Phishing is a type of cyber attack where an attacker masks themselves as a real company or individual to trick victims into opening a link or attachment that contains ransomware. At the beginning of 2021, the IRS alerted tax professionals of an email phishing scam that claimed to be from “IRS Tax E-Filing.” The email requested tax professionals to reply with a copy of their driver’s license and Electronic Filing Identification Number. With this information, thieves could file fraudulent tax returns. Another method was where the cybercriminals pretend to be a potential client, then send an email with a malware attachment, which they claim is their tax information. Similar to malware, viruses are also common. They insert themselves in legitimate programs and self-replicate into other programs on the host system.


Ransomware is malware that restricts clients' access to their software or client data until a ransom is paid. A ransomware attack is increasingly damaging because attackers can keep their identities hidden by hiring a third-party service to perform the attack, then demand payment to return company data in the form of cryptocurrency. The cyberattacks discussed so far can be reduced by adequate staff training, however very often these attacks are masked so well, they can easily trick the user. Accounting firms can take the extra step by choosing the right communication tool; like Rolo Secure Chat. Amongst many high-security features which will be discussed later, Rolo has built-in functions that detect malicious URLs/links. Being notified that a link contains malware, provides a robust barrier between the user and client data, and a potential threat. 

Preventing cyberattacks on your accountancy firm

Another way to increase defenses against attacks is to have a good backup strategy. Most large accounting firms should have multiple backup systems, including real-time backups. However, this is costly and so smaller companies should have an alternative approach. These companies should retain different generations of backup — one for the last seven days, one for each week of the last month, one for each month of the year, and one for each calendar year. That way, if an attack happens, they can easily restore from the appropriate backup. It is also important that these backups are isolated from the main network. That way, in the case of a malware infection, the backup will not become infected. 

In addition to this, it is advised to engage in strategic pruning. This is where firms review their data and delete records that they are no longer legally or commercially obliged to keep. For example, many accounting firms have a legal obligation to retain records for 7 years. Any data that is over 8 years is therefore not worth keeping as it would only cause commercial harm if lost, especially as the average size of a data breach is 25,575 records, according to the IBM and Ponemon report.

Endpoint protection is also key in building up a robust multi-layered defense against attacks. Accounting firms need a tool that is easy to manage, has advanced technology to defend against attacks and doesn't need to be connected to the internet in order to function. Fortunately, cyber security expert BlackBerry has redefined what an endpoint protection solution can and should do for organizations by using an automated, prevention-first approach, with Blackberry Protect. It is an accurate, efficient, and effective solution for preventing advanced persistent threats and malicious software from executing on an organization’s endpoints. BlackBerry Protect does this without user or admin intervention, a cloud connection, signatures, heuristics, or sandboxes, and is therefore ideal for those engaged in remote learning. Customers who have made the switch from reactive legacy, signature-based antivirus products have seen up to a 99% ROI, a 97% reduction in the re-imaging of machines, extended hardware, and battery performance, and a 90% reduction in hours required to manage the solution. The BlackBerry Protect architecture is made up of a single, simple agent, that is managed via BlackBerry’s own SaaS-based cloud console. This easily integrates with existing software management systems and security tools. No other anti-malware product compares to the accuracy, ease of management, and effectiveness of BlackBerry Protect, key for securing students and staff devices. 

Choosing a communication platform for communicating internally and externally which offers protection features is another good strategy, while using the wrong one could lead to vulnerability. For example, many companies use team messaging apps that enable effective communication in a business environment but fall short when it comes to security. One of the potential security issues is that they often lack end-to-end encryption. This is because, in a business environment, enterprise executives often want complete visibility into communications across different work channels on the apps. Without end-to-end encryption, data breaches could have detrimental consequences for the communications of their users, which has happened before and could happen again. If confidential client data is among the stolen information, the liability will fall on the legal organization that owns the data.

Rolo Secure Chat is an ideal platform for the accounting sector to use as its communication tool. It is secured by BlackBerry and features end-to-end encryption of chats, voice messages, location sharing, and cloud storage of messages and files. In addition to these, communication features such as group chats and video calls on phones and the web, and file access control, ensure its a convenient yet secure place for the accountants to communicate internally and externally. 

By implementing these simple prevention strategies — a secure communication platform, advanced end-point protection, a good backup strategy and periodically deleting old files — firms can mitigate the risks of becoming targets. As the risks and frequency of attacks are increasing year on year, accountancy firms need to act fast and wisely to ensure their clients' data is kept safe, allowing their current and future clients to be confident in the security of the firm. Fortunately, solutions such as the Rolo Secure Chat and Blackberry Protect bundle is simple-to-implement, advanced, and cost-effective package that boosts the security of accountancy firms.