We Run Your Practice

Accountants: How to Stay Safe from Cyberattacks When Working Remotely

Accountants: How to Stay Safe from Cyberattacks When Working Remotely

Accountants: How to Stay Safe from Cyberattacks When Working Remotely

COVID-19 has forced nearly every business in the UK to shut its doors or to start working remotely. For those of us whose businesses are built around remote-working tools and cloud-based methods of accounting, the impact has been minimal. For those who are unfamiliar with cloud solutions, it can feel a little like being thrown into the deep end of a pool.

The learning curve is steep. And, unfortunately, part of that learning curve must include how to guard yourself and your clients against cyberattacks and online fraud.

Modern hacking is not like the movies

We all love to see the Hollywood film with the young hacker pounding away at a keyboard and suddenly cracking through the Department of Defense’s firewall through sheer ingenious skill. But for those of us who know even only a little about cybersecurity, this kind of scene in the movies is laughable.

Factually, almost all successful “hacking” these days is done through “social engineering” or password-theft as a result of poor security practices.

Social engineering — beware of email and online communication!

If you ever get an email from “someone you know” and that person is requesting delicate information such as passwords or other confidential information, politely refuse to send the information via email and then phone the person up personally to ensure the email was actually sent by them.

This is an extremely common method of obtaining sensitive information and was, in fact, the method used behind the notorious (and highly embarrassing) hack of the federal security firm HBGary.

If, upon calling the purported sender of the email, you discover the email was not sent by them, then inform them that their email account has likely been hacked. The first step they should take is to immediately and without delay change their email password to a strong password consisting of 12 or more characters, lower and upper case letters, numbers, and at least one special symbol.

Never send passwords by email — do this instead

Never ever ever send a password by email. When sent by email, the password sits in the email account…forever. It’s the easiest way for hackers to find passwords for sensitive accounts.

Google has recently implemented the option to send “confidential emails” in Gmail. But if you are not using Gmail as the email backend for your business, this option is not open to you.

One tool we like to use is OneTimeSecret which allows you to send sensitive information in an encrypted manner. The information sent is then destroyed after it is viewed.

If you choose to add a passphrase to the encrypted message in OneTimeSecret, then send the passphrase to your client via SMS, or phone them.

Never save passwords in a text file on your computer

Best security practice dictates that you should use a different password for everything. That’s a lot of passwords to remember and is quite impossible to do.

You do need to save your passwords somewhere, but these should only ever be saved in tools that are designed specifically for the saving of passwords — definitely not in a text file or Word Document or Excel spreadsheet.

“Password Managers”, as they are called, encrypt the passwords stored in them so that they cannot be viewed by anyone else. The only password you need to remember, then, is the one to access the Password Manager itself.

Make sure that password is an extremely strong one. Write it down and put it in a safe or in a safe deposit box.

Some Passwords Managers are:

Download free Ebook

Your Google Account

Using the Google Chrome Browser your passwords are automatically saved in Google and can be accessed at the link https://passwords.google.com/. Just make sure your Google Account’s password is really strong.

The benefit of this password saver is that you can access it from anywhere.


This is a free tool where you have to type in the details manually for every password you save. You can also configure it online so you can access it through a website, but that starts getting a little advanced.

There are very many other tools you can use as well.

Phishing — another typical hack

Phishing is when someone sends an email and makes it look like it comes from someone else. Con artists often try and get banking details from people by sending an email that looks like it comes from an official bank.

They could do this to your clients as well.

Phishing is a well-known scam which is unfortunately difficult to combat because it targets the client.

Fighting against phishing can only be done by properly informing your clients on a regular basis that you will never ask them for things such as passwords, account details, etc. in an email. You can then also put a notice on your website to inform clients not to fall for this practice.

No doubt you’ve seen these kinds of messages and alerts from many of the popular UK banks such as this page on Lloyds Bank or this one on Barclays Bank.

The only way to fight a phishing scam is to be proactive. Send an email to your clients informing them that you would never ask for account details or payments via email. Not only does such an email help reduce phishing scams but it also makes you look professional in your accountancy practice. And that inspires confidence, which is always good for business.

Latest Posts

How We Helped a UK PCR Test Kits Provider with Its Marketing
How We Helped a UK PCR Test Kits Provider with Its Marketing

Through one of the accountancy firms that operates under our umbrella, we had the opportunity to oversee the accounts of a UK-based company that provides PCR and Antibody tests to London residents. We took a particular interest in this company because we felt that what it was doing was important for the UK at the […]

Read More
How to Improve Your Accountancy Practice's Brand
How to Improve Your Accountancy Practice’s Brand

Many accountants feel adrift on the subject of marketing in today’s world. Between “Tickety Tocking”, “Vulnerability Posts” on LinkedIn, and all the hype around Inbound Marketing, even veteran marketers have trouble staying on top of what works and what doesn’t these days — not to mention your average accountant. Everywhere you look, it seems that […]

Read More
How to Prevent Accountant Burnout during Lockdowns
How to Prevent Accountant Burnout during Lockdowns

It might come as odd that “burnout” — which is defined as “physical or mental collapse caused by overwork” — would come about when people are being told not to work. But accountants in the UK are in the unfortunate position of needing to provide guidance and assistance to clients on everything from countless new […]

Read More