Financial fraud and/or the submission of false accounts is an area of great concern for companies of all sizes, particularly for sole traders, partnerships and small to medium sized businesses who could be negatively impacted as the result of accounts-related inaccuracies if they occur.
This blog highlights this business sensitivity as a potential breeding ground for malicious content.
Collation and calculation
End of year and end of quarter accounts periods come around faster than any of us ever seem to imagine and generally catch us not quite as prepared as we would like to be in any given month. So when it does happen, the collation and calculation of accounting-related data should produce a heightened sense of data security awareness; that is to say, at the point any business records it revenues, outgoings and profits etc. the company needs to know how many people will have access to this data.
Financial data should of course not be made available outside of a circle typically including company accountant (either staff or trusted contract services supplier); the management board or business owners; and the national revenue and customs authorities be that HMRC in the UK, the IRS Internal Revenue Service in the USA or any other national body for that matter.
These truths mean that general security awareness and prudence should govern the access and privileges any small to medium sized business grants to its financial records. This in turn means that the process of making tax payments, filing accounts online and submission of trading figures should be associated with business procedures that are stringently controlled and that do not deviate from one accounting period to the next without being ratified for authenticity and checked for security.
Ratified for authenticity?
What we mean by ratified for authenticity is that if online financial payment details change for the tax authorities, your bank, your accountant’s services, your customers, your suppliers or, to be quite honest – any of your central business-related functions – then you need to stand back and check that communications relating to these instructions do not contain spam, malware and/or phishing scams.
It can be as simple as a double check online, a phone call to check a registration number or reconfirmation of security details. Once again it is important to highlight that security controls and passwords will exist to lock down your accounts data, so do not let them become compromised by malware in any form.
Protecting a business with anti-virus controls from firewalls, to email filters to web search protection should be part and parcel of the way any firm is run – and special awareness and consideration for how financial assets could be potentially affected is key to recognizing the importance of security protection in the first place.