Schedule a Demo
Back to cases overview

How accountant Erwin Gritter is securing the client and company data of ZMGroep

ZM Groep

‘The emails containing Dropbox documents turned out not to be from my client.’

In practice, the accountant or tax specialist is increasingly more often a confidant than just a financial or tax expert. This is also experienced by Erwin Gritter, an independent tax specialist at ZMGroep for more than 20 years. He notices that the current digital way of working leads to a greater risk of cybercrime. As far as he is concerned, accountants and tax specialists in particular must make it clear that their client and company data are well secured.

We asked him about how he handles confidential data, what cyber risks he sees and how he covers them as a tax specialist. Tax specialists are not IT specialists, but he explained that it is important to make sure things are as secure as possible.

Confidential data of clients

Gritter explains about his work and the data involved: “We provide tax advice and help companies put the right financial structure in place. That means we know the financial dealings of entrepreneurs both privately and professionally.”

He explains that this means a huge responsibility. “First of all, we handle all client data confidentially. In addition, we understand that precisely this data must not end up on the street, because privacy is extra important in this case.”

The world of accountants and tax professionals has changed in that regard. About 25 years ago, everything was just on paper, so you could literally keep that under lock and key, he explains. Nowadays, everything is digital, so that requires a different kind of security. “Moreover, many of our clients experience us as their confidant, for much more than just financial or tax expertise,” Gritter adds.

How do you deal with cybersecurity?

He knows the risks of cybercrime, at least in outline. “You hear stories about companies being held digitally hostage or shut down, of course you want to avoid that. We don’t want to get into trouble with our firm, but more importantly, we don’t want client data to end up on the streets.”

Awareness among accountants and tax specialists is increasing, he feels. He describes how financial data in particular can be a prime target for cybercriminals.

“That’s why I outsourced that to our IT manager. After all, just because I recognize the dangers doesn’t mean I can do anything with them. I regularly ask him how we are doing. I ask him if we are at risk with the way we work, how we cover those risks and if more needs to be done for that.” It is his IT manager who deals with this on a daily basis, alerting him to new risks or when vulnerabilities are imminent.

Digital works easier, but makes more vulnerable

“Digital obviously works much easier and faster, but it also makes us more vulnerable,” Gritter says. He is referring to the extra security required. More time goes into regulations and other peripheral matters, which means that our own profession disappears a little further to the back.

“Basically we do everything online and via e-mail. That’s very user-friendly and convenient, but it also carries risks. As a result, I have to be more concerned with the potential dangers, regulations that apply and solutions that are available.” Laughing, he adds, “Sometimes I still long for the days when everything was just printed on paper.”

Own experience with cyber threat

Asked about his own experience with cyber threat, an incident immediately springs to mind. He describes how threats suddenly arose a few years ago, during an acquisition project for a client.

“We received a lot of emails with Dropbox documents, to go through. Those went mostly to my colleague, but suddenly I was receiving them too. They were legal documents and indeed that is normally my expertise, so that was not suspicious at all.” Yet the documents turned out not to have come from the client. Hackers had managed to hack the client, and sent documents to Gritter from that e-mail address.

Direct inquiries with the company’s own IT manager fortunately learned that no problems had arisen. “There appeared to be nothing wrong for us. Of course, we did become even more careful and secure ourselves even better against such threats.”

He explains how, as an entrepreneur, you need professional solutions for this. “You cannot possibly call someone after every e-mail to ask if he or she has indeed sent the message. That’s the opposite world; it should be much easier to do that with a good security solution. Of course, in the case of this direct threat, we did contact the client to be able to take immediate actions as well.”

Experience with Guardey

Gritter found that solution in Guardey. “I would describe it as important, innovative and developing,” he replies when we ask him about what Guardey stands for to him.

The software helps us keep threats out as much as possible. In addition, the detection alerts us when something might be going on. Our IT manager then deals with that, so as a team we have that well taken care of.”

He also notices that there is a push from industry associations to get started on this. “Both the RB as a professional organization for tax specialists and the SRA for accountants regularly point out the risks of cybercrime. They do so, for example, in their newsletter, in which they point out what is going on and keep companies informed.”

According to him, there is still a world to be won when it comes to cyber threats and proper protection against them. “Socially, we may have a role. We as tax professionals and accountants should protect both ourselves and clients. We are their confidants, both for tax and financial questions and more than that. Good security against cybercrime is then just something clients should expect from us as a minimum.”

Let us help you protect your business

No matter the industry you are in, you just want to focus on what you're good at. So do we. That is why Guardey is there for you.

Request demo

Frequently Asked Questions

What is gamification?

Gamification is adding game elements into non-game environments, such as security awareness training, to increase participation and foster active learning.

What are the benefits of gamification in security awareness training?

Traditional security awareness training can often be dry and boring. With gamification, the complex subject matter is transformed into an engaging and memorable experience.

By integrating game elements such as challenges, quizzes and rewards, it incentivizes users to actively learn. This makes the training more enjoyable and fosters a sense of competition and achievement. This combination drives better retention and application of cyber security knowledge.

Why is it important to train security awareness on a weekly basis?

Research shows that up to 90% of the learnings from yearly or even quarterly training are forgotten within a few weeks. Guardey was built to keep its users aware of cyber threats 365 days a year. The game comes with short, weekly challenges that slowly builds up the user’s knowledge and eventually drives lasting behavior change.

Which topics are covered in Guardey’s security awareness game?

Guardey covers a wide array of topics to train users about all currently relevant cyber threats, put together in collaboration with ethical hackers and educationalists. The topics covered include phishing, remote work, password security, CEO fraud, ransomware, smishing, and much more.

How much time do the weekly challenges take?

Every challenge takes up to three minutes to complete.

Can I use Guardey to comply with the ISO27001, NIS2, and GDPR security awareness policies?

Yes. ISO27001, NIS2, and GDPR all require that all employees receive appropriate security awareness training. Guardey is always up-to-date with the latest cyber threats, policies, and procedures.

Is security awareness training important for all employees, or just specific roles?

Cybersecurity awareness training is crucial for all employees, not just specific roles. Every staff member can potentially be a target or an unwitting entry point for cyber attacks. Training helps create a security-focused culture and minimizes risks for the entire organization.

While certain roles may require specialized training, a foundational level of training should be accessible to everyone.

In which languages is Guardey available?

Guardey is available in English, Dutch, Italian, French, Spanish, German, Polish, Swedish and Danish.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk CTA Guardey website

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial