How accountant Erwin Gritter is securing the client and company data of ZMGroep

‘The emails containing Dropbox documents turned out not to be from my client.’

In practice, the accountant or tax specialist is increasingly more often a confidant than just a financial or tax expert. This is also experienced by Erwin Gritter, an independent tax specialist at ZMGroep for more than 20 years. He notices that the current digital way of working leads to a greater risk of cybercrime. As far as he is concerned, accountants and tax specialists in particular must make it clear that their client and company data are well secured.

We asked him about how he handles confidential data, what cyber risks he sees and how he covers them as a tax specialist. Tax specialists are not IT specialists, but he explained that it is important to make sure things are as secure as possible.

Confidential data of clients

Gritter explains about his work and the data involved: “We provide tax advice and help companies put the right financial structure in place. That means we know the financial dealings of entrepreneurs both privately and professionally.”

He explains that this means a huge responsibility. “First of all, we handle all client data confidentially. In addition, we understand that precisely this data must not end up on the street, because privacy is extra important in this case.”

The world of accountants and tax professionals has changed in that regard. About 25 years ago, everything was just on paper, so you could literally keep that under lock and key, he explains. Nowadays, everything is digital, so that requires a different kind of security. “Moreover, many of our clients experience us as their confidant, for much more than just financial or tax expertise,” Gritter adds.

How do you deal with cybersecurity?

He knows the risks of cybercrime, at least in outline. “You hear stories about companies being held digitally hostage or shut down, of course you want to avoid that. We don’t want to get into trouble with our firm, but more importantly, we don’t want client data to end up on the streets.”

Awareness among accountants and tax specialists is increasing, he feels. He describes how financial data in particular can be a prime target for cybercriminals.

“That’s why I outsourced that to our IT manager. After all, just because I recognize the dangers doesn’t mean I can do anything with them. I regularly ask him how we are doing. I ask him if we are at risk with the way we work, how we cover those risks and if more needs to be done for that.” It is his IT manager who deals with this on a daily basis, alerting him to new risks or when vulnerabilities are imminent.

Digital works easier, but makes more vulnerable

“Digital obviously works much easier and faster, but it also makes us more vulnerable,” Gritter says. He is referring to the extra security required. More time goes into regulations and other peripheral matters, which means that our own profession disappears a little further to the back.

“Basically we do everything online and via e-mail. That’s very user-friendly and convenient, but it also carries risks. As a result, I have to be more concerned with the potential dangers, regulations that apply and solutions that are available.” Laughing, he adds, “Sometimes I still long for the days when everything was just printed on paper.”

Own experience with cyber threat

Asked about his own experience with cyber threat, an incident immediately springs to mind. He describes how threats suddenly arose a few years ago, during an acquisition project for a client.

“We received a lot of emails with Dropbox documents, to go through. Those went mostly to my colleague, but suddenly I was receiving them too. They were legal documents and indeed that is normally my expertise, so that was not suspicious at all.” Yet the documents turned out not to have come from the client. Hackers had managed to hack the client, and sent documents to Gritter from that e-mail address.

Direct inquiries with the company’s own IT manager fortunately learned that no problems had arisen. “There appeared to be nothing wrong for us. Of course, we did become even more careful and secure ourselves even better against such threats.”

He explains how, as an entrepreneur, you need professional solutions for this. “You cannot possibly call someone after every e-mail to ask if he or she has indeed sent the message. That’s the opposite world; it should be much easier to do that with a good security solution. Of course, in the case of this direct threat, we did contact the client to be able to take immediate actions as well.”

Experience with Guardey

Gritter found that solution in Guardey. “I would describe it as important, innovative and developing,” he replies when we ask him about what Guardey stands for to him.

“The software helps us keep threats out as much as possible. In addition, the detection alerts us when something might be going on. Our IT manager then deals with that, so as a team we have that well taken care of.”

He also notices that there is a push from industry associations to get started on this. “Both the RB as a professional organization for tax specialists and the SRA for accountants regularly point out the risks of cybercrime. They do so, for example, in their newsletter, in which they point out what is going on and keep companies informed.”

According to him, there is still a world to be won when it comes to cyber threats and proper protection against them. “Socially, we may have a role. We as tax professionals and accountants should protect both ourselves and clients. We are their confidants, both for tax and financial questions and more than that. Good security against cybercrime is then just something clients should expect from us as a minimum.”