Karen McDonald, Accountancy Insurance
Cyber incidents are not hypothetical. This case study outlines a real cyber claim that Accountancy Insurance was involved in and demonstrates how quickly a phishing email can escalate.
Cyber incident case study: Phishing and invoice fraud
The insured received multiple phishing emails sent to employees which contained a link to Dropbox. The insured reported the emails as suspicious to Centra Networks, their IT provider.
A week later, one of those employees received MFA notifications to their mobile, requesting her to approve logins. They declined and lodged an IT ticket with Centra Networks advising of the issue.
They then received an email purporting to be from Centra Networks which provided a viewer code to assist, but it was later understood that the email was from the threat actor and not Centra Networks.
The employee left their computer and returned sometime later to discover the threat actor operating their computer via TeamViewer. The threat actor had accessed their mailbox via Outlook and was in the process of drafting an email.
They immediately contacted Centra Networks, who provided immediate containment and remediation services. Corporate spyware was identified that enabled screen capture, screen logging, and key capture. Their compromised user account was shut down and the threat actor removed. It was later found that three employees had clicked on the initial Dropbox link contained in the phishing emails.
It was further identified that the threat actor accessed ten files contained on the insured’s accounting software platform while using their device. The threat actor was also able to log into the online banking portal of one of the insured’s clients and edited three invoices by changing bank account details to fraudulent accounts.
The insured reported the matter to their bank, which was unable to recover the funds. Indemnity payment and expenses of over: $60,500.00
Why cyber insurance has become essential
Cyber insurance is now as fundamental to an accounting firm as professional indemnity insurance.
When a cyber incident occurs, speed and expertise matter. The earlier specialists are involved, the greater the chance of limiting financial loss, containing data exposure and protecting client relationships.
Every Cyber Shield cyber insurance policy arranged through Accountancy Insurance provides access to a full incident response team following a cyberattack. This includes legal negotiators to manage communication with attackers, forensic IT specialists to identify and close the breach, regulatory advisers to handle notifications, and PR support to manage client communications.
Firms are not left to deal with criminals, regulators and system failures on their own. The response is coordinated, structured and focused on restoring the business as quickly and safely as possible.
A smarter way to protect your firm
Cyber risk is now part of doing business in accounting. It affects compliance, client trust, cash flow and professional standing.
Strong systems, informed staff and sensible technology choices all play a role. But when something does go wrong, having the right insurance and the right response team can be the difference between a temporary disruption and a lasting business crisis.
Accountancy Insurance specialises in protecting accounting and bookkeeping firms. Cyber Shield is designed to sit alongside other methods of protection. It’s the line of defence when the inevitable happens and you need to get your systems back up and running.
Want an obligation-free quote?
Complete the relevant Cyber Shield quick quote form by clicking one of the links below. Once you have completed each question and submitted the form, a member of the Professional Risks team will be in touch with you.
Accountants and Financial Planners, click here.
Bookkeepers/BAS Agents, click here.