Cybersecurity is something we must all take seriously, yet itโs rarely a day-to-day priority.
All too often, it means something terrible must happen before we act. Hereโs how you can prepare for a cyberattack before it happens.
Last year, a cyberattack hit Receipt Bank partner and advocate, Pillow May.
โIt looked just like any other emailโ
โIt looked just like any other email,โ says founder, Jessica Pillow. โWhen we opened the invoice, it even sounded like our client. We processed it as normal, and it cost us thousands.โ
The cyber attacker had emulated the tone and feel of the clientโs emails, then sent an invoice from their email address. Pillow Mayโs team paid the invoice on behalf of the client, only to find out that it was fraudulent.
Bookkeepers, accountants and small business-owners are particularly at risk of cyber attacks. As larger companies upgrade to stronger security systems to protect their team, small businesses are the next target. According to Symantec, 43% of attacks are targeted at small businesses. Yet, there are steps you can take to defend yourself, and your clients.
โ[Being attacked] was one of the best things that happened to our firm,โ explains Jessica. โIt made us more aware of cybersecurity risks than ever before, and the way we reacted transformed our client relationships.โ
Hereโs how Jessica turned a crisis into an invaluable lesson for her team, one that strengthened her client relationships and advisory services.
1. Protection in Process
With cyber attacks on the rise, with 88% of UK organisations reporting a data breach in 2018, itโs crucial to establish processes. โCreate processes that help prevent future fraud, yet not work or productivity,โ recommends Jessica. Off the back of the cyber attack, she devised the Bookkeeping Scope Agreement for her team and clients.
โThis details our bookkeeping services in depth. When we bring on a new client, we agree responsibilities, technology, the involvement of any third parties and results. This helps set clear boundaries and client expectations from the very start.โ
Having such documentation also makes teamwork much more transparent. โOnce you have a document like this, you can easily delegate between your team. We recently brought on a junior bookkeeper, and can now also successfully delegate tasks.โ
The document also includes safety checks to protect against fraudulence.
โOur clients approve everything in-house first, with a signature and dual authorisation. Dual authorisation is now easier than ever with online banking, and it hugely reduces the chance of processing a fraudulent invoice. For invoices from new suppliers, we also call them to confirm bank details. If itโs fraudulent, chances are the phone number will also bounce.โ
2. Educate Your Clients
The agreement also poses a great opportunity to talk to your clients about their business in-depth.
โThis conversation has been transformative,โ says Jessica. โWe use it to clearly set expectations. You want your client to know exactly what they need to do and what results they can expect for their business. Plus, youโll leave armed with knowledge about their business needs.โ
โJust as bookkeeping and real-time data became the foundation for advisory services, this conversation alone helped mature our offering. Having conversations like these gives you so much insight into your clientsโ businesses, from which you can build genuinely helpful services.โ
โWe now talk about cyber-security in every meeting. If your client trusts their financial controller or bookkeeper completely, ask them, โWould they want to put them in the position of potentially paying for a fraudulent invoice? Even if they trust them completely, itโs an enormous amount of responsibility. By rolling out fairly simple measures such as dual authorisation, you can help relieve this and better protect your team.”
3. Make sure youโre using technology to its full potential.
Often, the best answer to a digital problem is a digital solution. Sometimes, it takes reviewing your current approach to technology and evaluating how it can better serve you.
Previously, Jessica Pillow needed to use client password credentials to log into supplier accounts and download invoices. Now, Pillow May uses the Invoice Fetch tool within Receipt Bank to fetch monthly invoices automatically. This reduces the amount of time chasing documents while removing the security risk.
Ultimately, Jessica and her team turned what could have been a disaster into a learning curve, improving her internal team structure and client relationships. To hear more about scaling your bookkeeping practice from someone who doubled their client service capacity, sign up to Jessicaโs upcoming webinar.