All too often, it means something terrible must happen before we act. Here’s how you can prepare for a cyberattack before it happens.
Last year, a cyberattack hit Receipt Bank partner and advocate, Pillow May.
“It looked just like any other email,” says founder, Jessica Pillow. “When we opened the invoice, it even sounded like our client. We processed it as normal, and it cost us thousands.”
The cyber attacker had emulated the tone and feel of the client’s emails, then sent an invoice from their email address. Pillow May’s team paid the invoice on behalf of the client, only to find out that it was fraudulent.
Bookkeepers, accountants and small business-owners are particularly at risk of cyber attacks. As larger companies upgrade to stronger security systems to protect their team, small businesses are the next target. According to Symantec, 43% of attacks are targeted at small businesses. Yet, there are steps you can take to defend yourself, and your clients.
“[Being attacked] was one of the best things that happened to our firm,” explains Jessica. “It made us more aware of cybersecurity risks than ever before, and the way we reacted transformed our client relationships.”
Here’s how Jessica turned a crisis into an invaluable lesson for her team, one that strengthened her client relationships and advisory services.
With cyber attacks on the rise, with 88% of UK organisations reporting a data breach in 2018, it’s crucial to establish processes. “Create processes that help prevent future fraud, yet not work or productivity,” recommends Jessica. Off the back of the cyber attack, she devised the Bookkeeping Scope Agreement for her team and clients.
“This details our bookkeeping services in depth. When we bring on a new client, we agree responsibilities, technology, the involvement of any third parties and results. This helps set clear boundaries and client expectations from the very start.”
Having such documentation also makes teamwork much more transparent. “Once you have a document like this, you can easily delegate between your team. We recently brought on a junior bookkeeper, and can now also successfully delegate tasks.”
The document also includes safety checks to protect against fraudulence.
“Our clients approve everything in-house first, with a signature and dual authorisation. Dual authorisation is now easier than ever with online banking, and it hugely reduces the chance of processing a fraudulent invoice. For invoices from new suppliers, we also call them to confirm bank details. If it’s fraudulent, chances are the phone number will also bounce.”
The agreement also poses a great opportunity to talk to your clients about their business in-depth.
“This conversation has been transformative,” says Jessica. “We use it to clearly set expectations. You want your client to know exactly what they need to do and what results they can expect for their business. Plus, you’ll leave armed with knowledge about their business needs.”
“Just as bookkeeping and real-time data became the foundation for advisory services, this conversation alone helped mature our offering. Having conversations like these gives you so much insight into your clients’ businesses, from which you can build genuinely helpful services.”
“We now talk about cyber-security in every meeting. If your client trusts their financial controller or bookkeeper completely, ask them, ‘Would they want to put them in the position of potentially paying for a fraudulent invoice? Even if they trust them completely, it’s an enormous amount of responsibility. By rolling out fairly simple measures such as dual authorisation, you can help relieve this and better protect your team."
Often, the best answer to a digital problem is a digital solution. Sometimes, it takes reviewing your current approach to technology and evaluating how it can better serve you.
Previously, Jessica Pillow needed to use client password credentials to log into supplier accounts and download invoices. Now, Pillow May uses the Invoice Fetch tool within Receipt Bank to fetch monthly invoices automatically. This reduces the amount of time chasing documents while removing the security risk.
Ultimately, Jessica and her team turned what could have been a disaster into a learning curve, improving her internal team structure and client relationships. To hear more about scaling your bookkeeping practice from someone who doubled their client service capacity, sign up to Jessica’s upcoming webinar.