David Smith, accounting technology consultant and founding director of Smithink, hired a professional hacker to test the strength of 10 of his clients’ cyber security parameters.
Nine out of the 10 firms put to the professional hacker had their servers cracked, with the databases of eight of those firms downloaded by the hacker.
Mr Smith said it’s really “basic stuff” that can often see a firm come undone, like using guessable passwords or having passwords visible at a workstation.
“In my own case, I reckon I’ve got about 200 passwords and you’ve got to have some way of managing that,” he told My Business’ sister publication Accountants Daily.
Disgruntled ex-staff not effectively locked out of a firm’s systems is also a contributing factor.
“Remember that many of the high-profile hacks that have occurred, have actually been internal jobs. The very famous Ashley Madison situation was somebody inside Ashley Madison being unfaithful. Who would’ve thought of that?” Mr Smith said.
However, Mr Smith being the “eternal optimist”, believes that time will take care of these basic but persistent security issues.
“The issue will always be there because there will always be very smart, bad people out there. At the end of the day, the internet for most people is only a bit over 20 years old, so we still haven’t worked a lot of the stuff out. You go another 10 or 15 years from now, I think you’ll find the internet will be a lot more secure than it is today,” he said.