Cyber Security and Privacy for Accountants and Tax Consultants

Protect your firm with our online cyber security service, including employee training and 24/7 emergency assistance.

Free Trial

Cyber Threats for Accountants and Tax Consultants

Your customer data in the hackers’ sights

For accountants and tax firms, it is part of daily business to work with their customers’ highly sensitive data. The storage and processing of this data and documents has long been fully digital and performed on their own IT systems or on those of specialized IT service providers, such as Datev. Even though much has been done to eliminate IT security vulnerabilities, you cannot be 100% sure that your privacy is protected and that customer data, the capital of any law firm, is not at grave risk, because every connection with the Internet, every email, can pose a potential danger.

In the event of data loss, you, the owner, violate your professional duty of confidentiality. Not only does this make you fully liable, but you also risk the reputation of your law firm and its economic future.

With the help of viruses and Trojans, hackers search for your customers' data. Why? Specific personal information is used for identity theft and its trade on the Darknet is high. There, criminals sell entire customer records to the highest bidder. Also, complete hacker toolsets and attack scenarios are sold that make it easy for many criminals to practice their craft.

This is a real danger that can permanently damage your reputation and cause serious legal and business consequences. That's why we offer special solutions for accountants and tax consultants on data protection and cyber security.

Have you been attacked by hackers?

+49 30 / 95 999 80 80 (Mon - Fri 09:00am - 06:00pm) Get advice now!

These Cyber Risks Exist for Legal Firms

Cyber attacks are distinguished between "targeted" and "non-targeted" attacks. Thus, they are either directed to a specific recipient or, as an example, malware is sent by mail to a large number of email addresses either to one person or to the firm's general email addresses.

It's the attackers’ goal to do the greatest possible damage. Often a cyber attack aims to gain client data in abusive terms and misuse it for its own purposes.

Some firms also believe that their operation is too small and insignificant to be attacked by hackers. It’s a naive assumption, which, according to experience, runs through all German SMEs. Small and medium-sized enterprises make up 99 percent of all businesses in Germany. Of course they are targeted, too, especially if their IT security and cyber security know-how normally never have the standards necessary for the best protection.

For criminals, it is not a problem to attack thousands of targets at the same time with Trojans and viruses and wait to see who bites. No company is too small for hackers, not even an accounting and tax office.

So what do you do? Live with the threat and hoping that nothing happens?

Data Protection

Violations of the GDPR by tax consultants

Of course, hackers are not the only problem that tax consultants can face in the digital workplace. Problems related to the GDPR cannot be ruled out either. Often, privacy laws and their implementation in practice by firms are known insufficiently or not at all. The requirements for your profession and its operational practice under the General Data Protection Regulations (GDPR) have once again increased.

Penalties and warnings can easily be incurred, because the rules and laws of the European GDPR are not being sufficiently followed. Even medium-sized businesses in Germany have paid penalties of 20,000 to 100,000 euros, already. Possible lawsuits and claims for damages are not even included in the fines.

Cyber threats:

  • Fines: Infringement of the Data Protection Regulations (GDPR)

  • Compensation: Violation of information security rules

Malware (Malicious software)

Risk to accounting firms

So-called malware is malicious software that reaches outside of your office equipment and causes all manner of damage. Not only will your computers be affected, but any smartphone, tablet or other device connected to the accounting office's network can become infected, causing damage to the entire IT system. Depending on how this malicious software was programmed, for example, work computers can be encrypted and released only after payment of a ransom; or it will steal customer or bank data, possibly even destroy entire hard drives and thus work already performed. How do you get malware on a computer? A couple of examples are phishing attacks or malvertising (banners with embedded malware).

Cyber threats:

  • Business Failure: Malware can paralyze your business.
  • Data theft/destruction: Malware can steal or destroy sensitive tax information.


Manipulation of tax consultants

The technical protection (firewall, virus scanner, etc.) of a tax office may be quite excellent, but if your own employees and colleagues are not adequately sensitized to the dangers from the network, even the best virus scanner does not help. The BSI found in studies (IT Security 2018 Management Report) that 70 percent of all successful cyberattacks on small and medium-sized businesses are made via phishing emails. These are supposedly and deceptively genuine e-mails from supervisors, colleagues, partners or service providers. As a tax consultant, if you follow a link in a phishing email or open an attachment, you can quickly infect your computer with malware and risk losing sensitive data and work.

Cyber threats:

  • Infection: Viruses or Trojans can access your computer through phishing emails.
  • Data theft/destruction: With phishing sensitive tax data can be stolen and destroyed.

Social Engineering

Employee manipulation in tax offices

The phishing emails mentioned are a popular form of social engineering, a tactic used by hackers and other criminals to fool tax office staff in order to bypass IT security and get sensitive customer or corporate data or money directly. However, there are other forms of social engineering that can be dangerous for accountants. For example, criminals could present themselves as repairmen to gain access to your office and computer. Of course, the false identity game can be continued via various communication channels, such as via phone or even social media. The hackers then use curiosity, social pressure, or employee fear to get them to do something (open phishing mail, install a program, share information).

Cyber threats:

  • Manipulation: Criminals manipulate your employees with misinformation.
  • Data theft/destruction: Social engineering can get sensitive tax data into the hands of hackers.


Blackmail and bullying of tax consultants

Doxing - derived from the English word for documents (docs) - means a collection of sensitive, private or compromising files of individuals on the Darknet. Hackers use many ways to get this employee information from tax offices. Subsequently, the criminals use the documents to extort selected persons with the impending publication, influence (economically or politically) or to bully with the actual publication and publicly bring disrepute. The more hackers get this information because of bad cyber security measures, the easier it will be for your law firm or your employees to become victims of Doxing.

Cyber threats:

  • Extortion: Accountants are blackmailed or manipulated with collected data.
  • Damage to reputation: The reputation of your firm can be damaged by the publication of sensitive information.

Cloud Service

Outsourced data is not automatically secure.

More and more tax offices and law firms use a cloud service to outsource parts of their data processing via an online service from an external provider (DATEV, Microsoft, Deutsche Telekom, Amazon, etc.). As a rule, these cloud service providers work with very high security standards to protect their customers' data. But the data in the cloud is not automatically safe from criminals. Hackers have many options read their employees’ login information and thus gain access to the cloud, such as by reading the browser memory (cache) or with the help of a keylogger. Spying software of this kind can arrive undetected through a phishing attack on your firm’s systems. Once the criminals have penetrated the cloud with these credentials, it is difficult for the cloud provider to determine if their use is unlawful.

Cloud service providers such as Amazon's DATEV and AWS provide convenient service to tax offices and law firms. But if your own data and sensitive customer data are no longer on their own physical storage media, this is not synonymous with higher security. Only with all around protection, including employee training, raised awareness and technical security solutions, can you effectively block criminals' access to your cloud and data.

Cyber threats:

  • Data theft/destruction: Hackers can, such as via phishing attacks, access to your cloud and thus gain access to sensitive data.

Consequential Damages of Cyber Crime

These costs and expenses for personal and third party damage may be incurred by your tax office.

  • Shutdown of the firm, including income loss
  • Replacement of data
  • Possibly of having to re-input data
  • Impairment of current client projects, possibly with claims for damages by third parties
  • New software installations
  • Effort for new encryption
  • Phone costs
  • Costs for Cause Determination - IT Forensics
  • Crisis communication effort
  • Replacement of the hardware
  • Costs for legal assistance in criminal or administrative offenses
  • Claims for the transfer of malicious software to third parties

Cyber Vulnerabilities of Accountants and Tax Consultants

These weaknesses make your firm vulnerable.

Employee Ignorance

Hackers take full advantage of naivety.

Hackers know that people in a law firm are their weakest point in IT security. That's why phishing emails are such a successful attack tactic. 59 percent of all successful attacks are done through phishing (PwC: Im Visier der Cybergangster, 2017). You can therefore figure out for yourself how much safer your firm will be if your employees are properly trained. However, with regard to phishing, knowledge of cyber security and data protection does not stop there. Employees trained in all aspects of cyber security and privacy are openly reducing the risks of cyber incidents or data breaches.

Perseus solution:

Our online training

Lack of awareness among employees

Getting attention in everyday life with phishing tests

Even if tax consultants and their employees have informed themselves about cyber risks, this is usually not enough to sustainably protect against cyber attacks. Proper behavior has to be integrated into the daily work and this only works through continuous employee sensitization. For example, phishing tests regularly raise employees’ awareness of your firm's biggest cyber risk for tax accountants: phishing emails. Soon, your employees will no longer fall for phishing emails, no matter how authentic they may appear to be.

Perseus solution:

Our phishing tests

No cyber security strategy

From policies to contingency plans

Accountants, in particular, need a defined strategy for cyber security to ensure IT security, operation, protection of customer data and their own data. Such a strategy begins with a pragmatic and simple IT security audit, that identifies the status quo of internal cyber security. This is followed by a series of measures to close the identified weaknesses in IT security. In addition, clear guidelines must be drawn up that define the behavioral security of employees password hygiene, software usage, admin rights, device usage, etc.). There must also be a clear emergency plan, defining which steps must be taken by whom in any cyber incident. Of course, this also includes the follow-up and coverage of possible damage.

Perseus solutions:

Our IT security audit

Our emergency assistance

IT Security and Privacy Solutions for Accountants

Protect your tax office and customer data in four steps.

Perseus' approach provides a personalized service to tax consultants and tax office employees. Flexible cyber security and online privacy training informs all your colleagues and staff about cyber threats and how they can identify and avert them in good time. Regular phishing tests for your employees help them implement the acquired knowledge in their daily work.

Combined with cyber security tools, you are protected at multiple levels. And thanks to our 24/7 emergency service you are fully supported and secured, should it ever come to the point of damage.

1. Ongoing, uncomplicated IT security check of your law firm

2. Raising awareness of your employees through flexible online training, including certification for data protection and cyber security; plus regular phishing email simulations


3. Technical cyber security toolbox

4. 24/7 telephone assistance and reimbursement in case of emergency

Perseus Takes Care of Your Cyber Security

So you can take care of your business.

Our Cyber Security Package is optimally adapted to the needs of freelancers, such as accountants and tax consultants, but also their clients, small and medium-sized businesses, an uncomplicated online service that you can effortlessly integrate into your daily work routine, without wasting expensive installations or yours and your employees’ time.

  • Activation - Perseus activates your employees for online training.
  • Resource conservation - short online videos for individual learning in between.
  • Relief - Perseus motivates, teaches and sensitizes your employees. They take care of your business.
  • Sensitization - We train your employees in case of emergency with phishing tests.
  • GDPR - Employee Certificates support your obligation to provide proof of any examinations.
  • Technology - Practical security tools from a single source
  • Emergency Assistance - Our experts are available around the clock and immediately help in cyber emergency.

Any questions? We are here for you.

Arrange a free demo appointment with our
IT security experts. We look forward to meeting you.

+49 30/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)

Try a demo now

Perseus Solutions for Tax Consultants

With these services, we make your office secure.

Emergency Help

You were hacked? We help you.

Hacker attacks are a race against time! Our experts support you around the clock and at the slightest suspicion of a cyber attack, by phone and email. Discretion is important to us - your request is always treated as highly confidential.

More information:

Emergency Help

Phishing tests

Protect yourself against the biggest cyber threat for accountants.

Hackers try to get your corporate and customer information through fraudulent mail. By pretending to be a person (colleague, boss) or organization (bank, service provider) outside the office, the hackers manipulate your employees. With counterfeit phishing emails, Perseus regularly sensitizes its employees to develop a healthy dose of mistrust for this danger in the future.

More information:

Phishing Tests

Online Training

Flexible employee training - when and where you want it.

With short and comprehensible online videos, Perseus makes the staff of your tax office fit for cyber security and privacy. Knowledge tests and certificates complete the program.

More information:

Online Training

Cyber Toolbox

Small technical helpers for more security in your firm.

Technical helpers for more security such as browser check, password generator, data security check and email scanner are all included in the Perseus cyber security package. Easily accessible online for all your employees, without additional installation.

More information:

Cyber Toolbox

Any questions?
We are here for you.

Arrange a free consultation with our IT security experts. We look forward to meeting you.

+49 030/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)