Cyber Security and Privacy for Accountants and Tax Consultants

Protect your firm with our online cyber security service, including employee training, security software, 24/7 emergency assistance and cyber protection.

Free Trial

Cyber Threats for Accountants and Tax Consultants

Your customer data in the hackers’ sights

For accountants and tax firms, it is part of daily business to work with their customers’ highly sensitive data. The storage and processing of this data and documents has long been fully digital and performed on their own IT systems or on those of specialized IT service providers, such as Datev. Even though much has been done to eliminate IT security vulnerabilities, you cannot be 100% sure that your privacy is protected and that customer data, the capital of any law firm, is not at grave risk, because every connection with the Internet, every email, can pose a potential danger.

In the event of data loss, you, the owner, violate your professional duty of confidentiality. Not only does this make you fully liable, but you also risk the reputation of your law firm and its economic future.

With the help of viruses and Trojans, hackers search for your customers' data. Why? Specific personal information is used for identity theft and its trade on the Darknet is high. There, criminals sell entire customer records to the highest bidder. Also, complete hacker toolsets and attack scenarios are sold that make it easy for many criminals to practice their craft.

This is a real danger that can permanently damage your reputation and cause serious legal and business consequences. That's why we offer special solutions for accountants and tax consultants on data protection and cyber security.

Have you been attacked by hackers?

+49 30 / 95 999 80 80 (Mon - Fri 09:00am - 06:00pm) Get advice now!

These Cyber Risks Exist for Legal Firms

Cyber attacks are distinguished between "targeted" and "non-targeted" attacks. Thus, they are either directed to a specific recipient or, as an example, malware is sent by mail to a large number of email addresses either to one person or to the firm's general email addresses.

It's the attackers’ goal to do the greatest possible damage. Often a cyber attack aims to gain client data in abusive terms and misuse it for its own purposes.

Some firms also believe that their operation is too small and insignificant to be attacked by hackers. It’s a naive assumption, which, according to experience, runs through all German SMEs. Small and medium-sized enterprises make up 99 percent of all businesses in Germany. Of course they are targeted, too, especially if their IT security and cyber security know-how normally never have the standards necessary for the best protection.

For criminals, it is not a problem to attack thousands of targets at the same time with Trojans and viruses and wait to see who bites. No company is too small for hackers, not even an accounting and tax office.

So what do you do? Live with the threat and hoping that nothing happens?

Data Protection

Violations of the GDPR by tax consultants

Of course, hackers are not the only problem that tax consultants can face in the digital workplace. Problems related to the GDPR cannot be ruled out either. Often, privacy laws and their implementation in practice by firms are known insufficiently or not at all. The requirements for your profession and its operational practice under the General Data Protection Regulations (GDPR) have once again increased.

Penalties and warnings can easily be incurred, because the rules and laws of the European GDPR are not being sufficiently followed. Even medium-sized businesses in Germany have paid penalties of 20,000 to 100,000 euros, already. Possible lawsuits and claims for damages are not even included in the fines.

Cyber threats:

  • Fines: Infringement of the Data Protection Regulations (GDPR)

  • Compensation: Violation of information security rules

Malware (Malicious software)

Risk to accounting firms

So-called malware is malicious software that reaches outside of your office equipment and causes all manner of damage. Not only will your computers be affected, but any smartphone, tablet or other device connected to the accounting office's network can become infected, causing damage to the entire IT system. Depending on how this malicious software was programmed, for example, work computers can be encrypted and released only after payment of a ransom; or it will steal customer or bank data, possibly even destroy entire hard drives and thus work already performed. How do you get malware on a computer? A couple of examples are phishing attacks or malvertising (banners with embedded malware).

Cyber threats:

  • Business Failure: Malware can paralyze your business.
  • Data theft/destruction: Malware can steal or destroy sensitive tax information.

Phishing

Manipulation of tax consultants

The technical protection (firewall, virus scanner, etc.) of a tax office may be quite excellent, but if your own employees and colleagues are not adequately sensitized to the dangers from the network, even the best virus scanner does not help. The BSI found in studies (IT Security 2018 Management Report) that 70 percent of all successful cyberattacks on small and medium-sized businesses are made via phishing emails. These are supposedly and deceptively genuine e-mails from supervisors, colleagues, partners or service providers. As a tax consultant, if you follow a link in a phishing email or open an attachment, you can quickly infect your computer with malware and risk losing sensitive data and work.

Cyber threats:

  • Infection: Viruses or Trojans can access your computer through phishing emails.
  • Data theft/destruction: With phishing sensitive tax data can be stolen and destroyed.

Social Engineering

Employee manipulation in tax offices

The phishing emails mentioned are a popular form of social engineering, a tactic used by hackers and other criminals to fool tax office staff in order to bypass IT security and get sensitive customer or corporate data or money directly. However, there are other forms of social engineering that can be dangerous for accountants. For example, criminals could present themselves as repairmen to gain access to your office and computer. Of course, the false identity game can be continued via various communication channels, such as via phone or even social media. The hackers then use curiosity, social pressure, or employee fear to get them to do something (open phishing mail, install a program, share information).

Cyber threats:

  • Manipulation: Criminals manipulate your employees with misinformation.
  • Data theft/destruction: Social engineering can get sensitive tax data into the hands of hackers.

Doxing

Blackmail and bullying of tax consultants

Doxing - derived from the English word for documents (docs) - means a collection of sensitive, private or compromising files of individuals on the Darknet. Hackers use many ways to get this employee information from tax offices. Subsequently, the criminals use the documents to extort selected persons with the impending publication, influence (economically or politically) or to bully with the actual publication and publicly bring disrepute. The more hackers get this information because of bad cyber security measures, the easier it will be for your law firm or your employees to become victims of Doxing.

Cyber threats:

  • Extortion: Accountants are blackmailed or manipulated with collected data.
  • Damage to reputation: The reputation of your firm can be damaged by the publication of sensitive information.

Cloud Service

Outsourced data is not automatically secure.

More and more tax offices and law firms use a cloud service to outsource parts of their data processing via an online service from an external provider (DATEV, Microsoft, Deutsche Telekom, Amazon, etc.). As a rule, these cloud service providers work with very high security standards to protect their customers' data. But the data in the cloud is not automatically safe from criminals. Hackers have many options read their employees’ login information and thus gain access to the cloud, such as by reading the browser memory (cache) or with the help of a keylogger. Spying software of this kind can arrive undetected through a phishing attack on your firm’s systems. Once the criminals have penetrated the cloud with these credentials, it is difficult for the cloud provider to determine if their use is unlawful.

Cloud service providers such as Amazon's DATEV and AWS provide convenient service to tax offices and law firms. But if your own data and sensitive customer data are no longer on their own physical storage media, this is not synonymous with higher security. Only with all around protection, including employee training, raised awareness and technical security solutions, can you effectively block criminals' access to your cloud and data.

Cyber threats:

  • Data theft/destruction: Hackers can, such as via phishing attacks, access to your cloud and thus gain access to sensitive data.

Consequential Damages of Cyber Crime

These costs and expenses for personal and third party damage may be incurred by your tax office.

  • Shutdown of the firm, including income loss
  • Replacement of data
  • Possibly of having to re-input data
  • Impairment of current client projects, possibly with claims for damages by third parties
  • New software installations
  • Effort for new encryption
  • Phone costs
  • Costs for Cause Determination - IT Forensics
  • Crisis communication effort
  • Replacement of the hardware
  • Costs for legal assistance in criminal or administrative offenses
  • Claims for the transfer of malicious software to third parties

Cyber Vulnerabilities of Accountants and Tax Consultants

These weaknesses make your firm vulnerable.

Employee Ignorance

Hackers take full advantage of naivety.

Hackers know that people in a law firm are their weakest point in IT security. That's why phishing emails are such a successful attack tactic. 59 percent of all successful attacks are done through phishing (PwC: Im Visier der Cybergangster, 2017). You can therefore figure out for yourself how much safer your firm will be if your employees are properly trained. However, with regard to phishing, knowledge of cyber security and data protection does not stop there. Employees trained in all aspects of cyber security and privacy are openly reducing the risks of cyber incidents or data breaches.

Perseus solution:

Our online training

Lack of awareness among employees

Getting attention in everyday life with phishing tests

Even if tax consultants and their employees have informed themselves about cyber risks, this is usually not enough to sustainably protect against cyber attacks. Proper behavior has to be integrated into the daily work and this only works through continuous employee sensitization. For example, phishing tests regularly raise employees’ awareness of your firm's biggest cyber risk for tax accountants: phishing emails. Soon, your employees will no longer fall for phishing emails, no matter how authentic they may appear to be.

Perseus solution:

Our phishing tests

Conventional virus scanners

Traditional antivirus software misses many dangers!

Unfortunately, the majority of German small and medium-sized companies still assume that the combination of a firewall and conventional virus scanner is sufficient protection against hackers, viruses and Trojans. However, this assumption is a double fallacy, although firewalls and virus scanners can protect against a direct attack by a hacker in case of doubt. However, if an employee falls for a phishing email, virus scanners can do little. In addition, traditional anti-virus programs can no longer withstand many new threats. The solution is Intelligent Endpoint Detection and Response software, as Perseus offers in its 360° cyber security package. Intelligent security software is based on artificial intelligence and also recognizes new variations of known malicious software and alarms in case of irregularities.

Perseus solution:

Intelligent security software

No cyber security strategy

From policies to contingency plans and cyber incident cost coverage

Accountants, in particular, need a defined strategy for cyber security to ensure IT security, operation, protection of customer data and their own data. Such a strategy begins with a pragmatic and simple IT security audit, that identifies the status quo of internal cyber security. This is followed by a series of measures to close the identified weaknesses in IT security. In addition, clear guidelines must be drawn up that define the behavioral security of employees password hygiene, software usage, admin rights, device usage, etc.). There must also be a clear emergency plan, defining which steps must be taken by whom in any cyber incident. Of course, this also includes the follow-up and coverage of possible damage.

Perseus solutions:

Our IT security audit

Our emergency assistance

IT Security and Privacy Solutions for Accountants

Protect your tax office and customer data in four steps.

Perseus' 360° approach provides a personalized service to tax consultants and tax office employees. Flexible cyber security and online privacy training informs all your colleagues and staff about cyber threats and how they can identify and avert them in good time. Regular phishing tests for your employees help them implement the acquired knowledge in their daily work.

Combined with intelligent security software and practical cyber security tools, you are protected at multiple levels. And thanks to our 24/7 emergency service with subsequent reimbursement (when using the Perseus cyber cover), you are fully supported and secured, should it ever come to the point of damage.

1. Ongoing, uncomplicated IT security check of your law firm

2. Raising awareness of your employees through flexible online training, including certification for data protection and cyber security; plus regular phishing email simulations

 

3. Technical toolbox and intelligent security software

4. 24/7 telephone assistance and reimbursement in case of emergency

Perseus Takes Care of Your Cyber Security

So you can take care of your business.

The Perseus 360 ° Cyber Security Package is optimally adapted to the needs of freelancers, such as accountants and tax consultants, but also their clients, small and medium-sized businesses, an uncomplicated online service that you can effortlessly integrate into your daily work routine, without wasting expensive installations or yours and your employees’ time.

  • Activation - Perseus activates your employees for online training.
  • Resource conservation - short online videos for individual learning in between.
  • Relief - Perseus motivates, teaches and sensitizes your employees. They take care of your business.
  • Sensitization - We train your employees in case of emergency with phishing tests.
  • GDPR - Employee Certificates support your obligation to provide proof of any examinations.
  • Technology - Intelligent security software and practical security tools from a single source
  • Emergency Assistance - Our experts are available around the clock and immediately help in cyber emergency.
  • Financial Protection - The Perseus cyber cover covers costs of up to € 50,000 annually for an emergency.

Any questions? We are here for you.

Arrange a free demo appointment with our
IT security experts. We look forward to meeting you.

+49 30/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)

Try a demo now

Perseus Solutions for Tax Consultants

With these services, we make your office secure.

Intelligent Security Software

More than an antivirus software.

Kundendaten und das eigene IT-System Ihrer Firma mit künstlicher Intelligenz jetProtect customer data and your company's own IT system effectively from cyber attacks with artificial intelligence. The intelligent security software (Endpoint Detection and Response) from our partner, "Cylance," by Blackberry, also recognizes new modifications of known malicious software and contacts our experts in case of irregularities.

More information:

Intelligent Security Software

Cyber Protection Plan

Financial security for cyber emergency measures.

The Perseus cyber cover is the ideal complement to a well-rounded security concept. Your tax office will have immediate access to the right local experts in an emergency. Costs of up to € 50,000 a year are reimbursed, such as for forensics, data recovery and followup care.

More information:

Cyber Cover

Emergency Help

You were hacked? We help you.

Hacker attacks are a race against time! Our experts support you around the clock and at the slightest suspicion of a cyber attack, by phone and email. Discretion is important to us - your request is always treated as highly confidential.

More information:

Emergency Help

Phishing tests

Protect yourself against the biggest cyber threat for accountants.

Hackers try to get your corporate and customer information through fraudulent mail. By pretending to be a person (colleague, boss) or organization (bank, service provider) outside the office, the hackers manipulate your employees. With counterfeit phishing emails, Perseus regularly sensitizes its employees to develop a healthy dose of mistrust for this danger in the future.

More information:

Phishing Tests

Online Training

Flexible employee training - when and where you want it.

With short and comprehensible online videos, Perseus makes the staff of your tax office fit for cyber security and privacy. Knowledge tests and certificates complete the program.

More information:

Online Training

Cyber Toolbox

Small technical helpers for more security in your firm.

Technical helpers for more security such as browser check, password generator, data security check and email scanner are all included in the Perseus 360 ° package. Easily accessible online for all your employees, without additional installation.

More information:

Cyber Toolbox

Any questions?
We are here for you.

Arrange a free consultation with our IT security experts. We look forward to meeting you.

+49 030/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)