A study conducted by Harris Interactive revealed that almost 92% of knowledge workers still prefer email for collaboration and document sharing. However, the rising number of cyber threats on small firms clearly shows that email is not secure enough for sharing documents.

In the wake of a global pandemic and the growing number of cyber threats, how can CPA firms protect themselves and their clients from cyber-attacks through emails?

Let us dive in.

Why is email the most popular forms of social engineering attack?

Social engineering refers to various malicious activities that are achieved through human interactions. Although social engineering attacks can happen through any medium, because of its widespread popularity, email is most vulnerable to cyber-attacks.

Various types of cyber attacks through email

There are different ways in which hackers can target business email users, some of the most common ones are :

Identity Theft

Stealing personal information such as email addresses, passwords, names, addresses, and social security numbers, and using them for malicious activities is known as identity theft. Fraudsters steal your identity and can commit crimes leading to personal and financial losses.

Phishing

Phishing is a cyber-attack technique where hackers collect personal information using deceptive emails. The emails sound so legitimate that they can easily entice recipients to click on malicious links and can gather whatever information that they want.

Spam

Unsolicited emails sent en masse are called Spam emails. Most email service providers offer strong filtering techniques that detect spam emails and move them to spam folders.

Ransomware

Malicious software programs circulated through email are called Ransomware. Once the recipient clicks on any links, the software gets downloaded. Hackers try to encrypt computer networks through ransomware and block access to them. If you do not take any timely action, you may permanently lose all your business data.

Cryptojacking

The goal of cryptojacking attacks is to take control of your cryptocurrency by hacking your devices. Hackers deploy sophisticated hacking techniques to gain access to your devices and use them for transacting with your cryptocurrency. Because of the secrecy of transactions with cryptocurrencies, these attacks can neither be traced back to nor detected early.

Business Email Compromise

Hacking business email accounts and initiating unsolicited bank transfers is called Business email compromise (BEC). Hackers plan BEC attacks by infiltrating a senior executive’s email account and sending out manipulative emails to the rest of the staff provoking them to initiate bank transfers. Like phishing, all that the hacker has to do is to trick somebody to take an action.

Various reasons for choosing email as a target

Emails continue to be the most popular and easy choice for a widespread cyber-attack because of the human element involved in them.

Human carelessness

According to a survey conducted by Ipsos, human error and carelessness is the most common cause of cyber-attacks through email. Despite regular education and awareness, email users still tend to be reckless while sharing sensitive information and fall prey to fraudsters.

Using business email for personal use

Needless to say, employees still use business emails for signing up for free services or on websites that have the least security measures in place.

Hackers using sophisticated technologies

Email attacks are becoming more and more sophisticated by the day. Hackers are regularly evolving along with technology and are using more complex attacking techniques such as password spraying for attacking vulnerable business networks.

Using generic passwords

Many employees tend to use generic passwords for the ease of remembering them. These passwords are so easy to crack that fraudsters tend to invade into your accountants with a few attempts. If you store a weak password in an app, it becomes easy for hackers to crack into your accounts.

Using multiple devices

Most of us check emails on mobiles phones as well as on the computer. If your phone lands in the hands of unauthorized personnel, they can easily gain access to your entire firm’s network.

How can email jeopardize your business and clients?

Sharing sensitive financial information and documents via email is not only risky but also a threat to your business and clients.

Unsolicited access

to information You may accidentally forward business information to unintended recipients, and even before you realize, you would have created enough damage. Similarly, the recipient of your email can forward it to anybody, risking you and your business.

Lack of visibility

As much as we try to avoid information silos, emails result in information black holes in your firm. Let’s assume you and your co-worker are working on a project and share documents. When you share an important file with your co-worker, they will have ownership of the file. Now, what if your peer accidentally deletes the document? or Leaves on vacation when an important deadline is fast approaching? There is no way to access the file without their intervention.

Loss of productivity

According to McKinsey, the average worker spends an estimated 28 per cent of the workweek managing emails and nearly 20 per cent looking for internal information or tracking down colleagues who can help with specific tasks. By sending another email, you are not only adding to the frustration of the person but also risking the possibility of losing your data in the ever-growing pile of emails.

Advantages of using secured document sharing?

Cloud-based file sharing solutions come as a sign of relief for accountants. These solutions allow you to share, store and retrieve files safely and securely.

Paperless office

Going paperless also saves time on tracing updates and errors. Old and new documents, as well as various versions of each file, are all stored at the same location, making it easier for employees to track updates and versions.

Digitizing documents makes document sharing and collaboration with co-workers and clients more efficient.

Safety and security

The cloud offers multiple security features such as user permissions, two-factor authentication, role-based authentication, data encryption, activity tracking etc. in compliance with industry-standard protocols such as HIPAA, GLBA, and FINRA. You will also have the ability to see the timestamps to understand when the documents were last accessed and by whom.

e-Signatures powdered by KBA

Knowledge-Based Authentication or KBA is an authentication system that verifies the identity of the person to ensure that the documents are signed but the correct signatories. As the name indicates, KBA includes knowledge-based questions that are unique to an individual. You can request for signatures from any device and can receive alerts once the person signs the document.

Dedicated client portal

The dedicated client portal takes customer experience to another level altogether. Clients get a dedicated portal along with login credentials for sharing their documents and for collaborating with you, allowing you to complete your tasks quickly and get paid immediately.

Enhanced productivity and efficiency

Going paperless helps you to optimize your workflows and enhance your productivity and efficiency.

Streamline your document collection process by scanning all documents and attaching them to your workflows. You can spend less time searching for documents and focus on work that adds value to your clients.

No loss of information

The chances of losing physical documents are very high when compared to digital files. As paper clutter continues to pile up in your firm, important documents can get buried on your desk or underneath large files. Digitizing documents and storing them on the cloud ensures that every piece of information is stored securely, and no single detail goes missing.

Audit Compliance

Not having a particular document on hand during an audit can become extremely stressful. By digitizing documents and creating a structure for their storage, companies can meet their audit and compliance requirements without dreading fines or penalties.

Suggestions for improving the document productivity of your firm

Before concluding this post, here a few suggestions for improving the document productivity of your firm:

• Avoid sharing documents over emails. Sharing documents over email can jeopardize the safety of your firm as well as that of your clients
• Digitize documents and avoid storing physical copies of important documents
• Adopt secure collaboration tools for collaborating with your colleagues and clients
• Encourage employees to store all their documents in cloud-based document management systems
• Maintain a document storage structure that is easy to remember
• Prioritize your documents. Assign a business value to the documents that you store and decide upon which ones to store and archive and which ones you should let go

Schedule a free demo to see Qount's secured document sharing features in action.