The danger of email attachments for accountancy firms, wealth- & asset managers and attorney firms.

Due to increasing cybercrime accountancy firms, wealth- & asset managers and attorney firms must continuously protect themselves against threats. One of the biggest threats to cybersecurity are attachments, files that are often added to emails or messages. These seemingly harmless files can pose a serious threat to online security. In this blog you can read more about the dangers and risks of attachments and get practical tips to keep criminals at bay.

 

The rise of malware

It is becoming increasingly easier for criminals to launch cyber attacks. For example, cybercrime-as-a-service (CaaS) is a real business model where criminals can easily purchase malware – also known as malicious software. With the rise of AI, it is also easier to develop malware yourself. Even for criminals without hacking skills. Once cybercriminals have the software, they start looking for targets.

The danger of malware is that it is distributed randomly on the Internet. You never know where it will come from or when it will come. As an accountancy firm, wealth- & asset manager or attorney firm you are extra attractive because you have a large amount of information and personal data at your disposal. Because the more data can be stolen, the more ransom can be demanded. The malicious software is packaged in a seemingly harmless attachment. Often in the form of a Word document, PDF file or executable file. Think of a financial document or an investment report in an Excel or a compressed ZIP file.

 

Different types of malware

The increasing threat of malware poses a business risk for accounting firms and the likes. It is therefore important to be aware of the different types of threats.

Viruses

Viruses are the most common form of malware. These are programs that can copy and distribute themselves to other files and systems. They damage files, programs or even hardware.

Ransomware

Ransomware encrypts files on a system and then demands a ransom from the victim in exchange for the decryption key. You can then use this key to restore the files. Even if you pay the ransom, there is no guarantee that you will get your data back. You also do not know which files have been leaked and where they are located on the Dark Web.

Spyware

Spyware secretly collects information about the use of a computer or device. This includes browser history and personal data such as passwords and PIN codes. An example of spyware is a keylogger – every keystroke on a computer, smartphone or tablet is recorded. This data is then offered for sale on the Dark Web.

Trojan horse

Trojan horses are seemingly legitimate programs that contain malicious functionality. They can steal sensitive information, open backdoors, or perform other malicious activities. This type of malware hides in attachments in phishing emails.

The most common way to spread malware is through phishing attacks. Cybercriminals send emails with attachments that look legitimate, such as an invoice. If the recipient opens the attachment, the malware is spread. It often happens that cyber criminals pretend to be someone the victim knows. The attachment is then downloaded because the victim trusts the sender or is curious about the attached document. This is also called social engineering.

 

What could an infected attachment do to your company?

The risk of cybercrime is underestimated by many companies. Small offices do not think they can be an attractive target or prevent a cyber attack by simply staying alert. Awareness training is offered at larger companies, but the weakest link often still lies with the individual employee. With all its consequences.

Attacks are carried out fully automatically and on every type of company, in ways that are difficult for employees to recognize. Do you let the common sense of a busy accountant determine your security? Then sooner or later you expose personal information, data from your organisation and confidential data from your customers.

It is a horror scenario – with one click the criminal cyber organisation can deny you access to all your own data and systems. The anonymous cybercriminal also demands a large ransom. An infected attachment at an accounting firm or the likes can have serious consequences, as accountants often work with sensitive financial data and confidential information of their clients. Not only the financial damage has an impact; below you can read what the consequences could be for your company:

Loss of confidential data

If an infected attachment is opened, malware can gain access to the accounting or attorney firm’s systems. This can lead to the loss of confidential financial data, customer information, tax returns, legal documents, investment reports and other sensitive documents.

Financial damage

If malware is activated, it can cause financial damage by, for example, plundering bank accounts, conducting fraudulent transactions or stealing money from both the accounting firm and its clients. The damage can also have legal consequences. Accounting and attorney firms may be held liable for violations of current laws (POPIa) and regulations and may have to pay fines and damages to affected parties or the Information Regulator. Example: https://mybroadband.co.za/news/security/498859-information-regulator-tests-its-teeth-slaps-department-of-justice-with-r5-million-fine.html

Damage to reputation

The loss of sensitive data can seriously damage the reputation of the accounting or attorney firm or asset & wealth manager. Customers may lose confidence in the office, which can result in loss of business relationships. Examples: https://www.news24.com/fin24/companies/psg-wealth-ordered-to-pay-client-more-than-r800-000-lost-in-cybercrime-fraud-20230331 and https://www.iol.co.za/sundayindependent/news/woes-pile-up-for-ensafrica-following-r5m-order-to-cyber-crime-victim-55ef9467-48f6-4004-a68d-62c0e7d8dddf.

Interruption of services

A malware infection can disrupt the normal functioning of the accounting and attorney firm. This can lead to computer system failure, loss of data, and disruption of daily operations, which can cause financial and reputational damage.

 

What does 4S do to protect accounting-, attorney firms and asset & wealth managers against this?

The alertness of an individual employee should never be the weakest link in your company. That is why 4S does everything it can to ensure that harmful attachments do not reach your staff.

With a secure, cloud based client portal you are able to share and receive documents and files from clients, suppliers, tenants, investors, shareholders and other parties without the risks mentioned above. The portal includes a virus scanner and a digital signing functionality for signing documents and agreements.

The portal also connect with other (API based) software solutions like your CRM and DMS (like SharePoint) to make external continuous sharing as easy as possible.

Contact us for more information and implement your own company’s client portal this month! Clients in South Africa are Moore South Africa, Coronation, De Klerk & van Gend attorneys, Global Produce, CGA accounting, Maven Wealth and others.