A 2020 cyber-security survey released by BDO and AusCERT found that data breaches through 2020 more than doubled compared with the previous year. COVID and the resulting push for businesses to go digital likely contributed to this increase. However, the reality is that cyber-attacks are now part of today’s business environment.

Accountants, in particular, are an attractive target to cybercriminals. We’ve seen several incidents occur in the SMB space with firms ranging in size from one-man sole traders through to 50+ person teams. It’s understandable; as an accounting firm, you have access to a lot of confidential information and of course, the finances. Easy pickings for a hacker.

One particular example we’ve seen is where a small accounting firm with 10 staff suffered a ransomware attack after one of the staff opened up what they thought to be an invoice attachment on an email. All the computers froze in the office and a message popped up demanding $8,000 (payable in Bitcoin) for the release of the system.

Attacks come in different forms with the accompanying gibberish sounding names to help identify them. Unfortunately, this is also why we see SMBs throw cybersecurity into the “too hard, too confusing, and too expensive” basket until they actually become the victim of an attack. “She’ll be right”, right?

What we want to share with you in this article is some typical examples and things to watch out for to help better protect both your firm and your client’s interests. Specifically, we want to help you identify the entry points that create breaches leading up to a more serious incident. We hope that by bringing your awareness to the different types of risks you can avoid stressful and costly incidents from happening to you.



Cyberattacks normally start from the action of an external party. However, before even looking as to where the external risks are, it pays to first find and address the risks internal to the business. Many cybercriminals can attack businesses using stolen credentials often obtained through very low-tech means.

Should you wish to change notifications of Teams messages from the Teams app to the native Windows OS notification system, you can do so in the Teams Notifications settings:

As obvious as it seems, we still see clients and their staff leaving identity and credentials lying around for anyone to access. If you are seeing logins on post-it notes on the monitor flag this immediately. 

Remember, it’s not just external attackers that you are trying to protect from. There have been cases where a disgruntled employee of a financial services firm changes all administrator passwords to the network which effectively shuts the entire company out of their systems. The systems’ security access had to be rebuilt before it was up and running again. In this instance, the firm could not operate. 

We have recommendations on great identity and password management tools here.


If you’re starting to receive prompts for the installation of unknown files, patches, or apps, this is usually the indication of malware on your system and the beginnings of an attack. 

It helps to keep apps and software patched and up-to-date. However, if you start seeing these sorts of prompts on your computer,  start asking your IT team whether it is safe to accept the prompts.


One of the latest Australian Taxation Office tax scams is targeting victims of recent natural disasters. It promises an 8% bonus on 2020 tax returns if the receiver clicks on a link that will take them to a fake myGov website. This website is designed to steal personal information, including names, addresses, emails, phone numbers and online banking details.

Any time a text asks you to click a link, call a number, or any other action within the text itself, start becoming sceptical. There’s virtually no reason any organisation would ask you to do anything within a text message itself.


You’ll be getting emails daily, so knowing what to look out for when receiving an unsolicited email is key. Phishing emails tend to include the above elements so if you see one or a combination of:

  • A fake domain
  • Threats or a false sense of urgency
  • Spelling mistakes and grammatical errors
  • Or fake email signatures

Be on the alert. If you’re not sure, ask the techie in your team. Don’t click anything, open anything, reply, or do anything with the email.


Cybercriminals go so far as to replicate legitimate websites with the intent of trying to fool you into entering your information for them to capture. The number one thing to look out for here is the domain. They can’t replicate the real domain of a website. Now, this does require you to know or at least be aware of the real domains of the website, but if you’re unsure, a quick google of the site should yield you the legitimate domain for you to check.

One tip for government websites is they always contain “.gov” in the URL and only the government can claim these domains. If a site is claiming to be a government site like the below example but ends in “.net”, you know it’s fake.

The impact of not taking action

A cyber incident leading to a data breach can have detrimental effects for your firm, but may also carry legal ramifications as well. Apart from the obvious financial loss and stress. We’ve seen an incident where an accounting firm was effectively blacklisted by the ATO when their Quickbooks server was hacked. It only came to the attention of the team when client tax returns were starting to be filed in volume by the hackers. As a result, the firm’s reputation has suffered both with clients, prospective clients, and the ATO.


Prevention is the key

If your data has already been stolen, there is little you can do post-breach to recover the data. So keep an eye out and get your entire firm smarter about what to look out for using our examples above.

It’s hard to provide blanket advice and we don’t want to give you something superficial, so we won’t. However, we urge you and your firm to at least start asking the questions and use this guide to help mitigate the risks.

We’ve found clients often just need an expert they can pick the brain of to help better protect their firms. Please feel free to reach out to us for a chat. We are always happy to provide a complimentary consultation for accounting firms as you are the holder of sensitive information for millions of Australians and Australian businesses.