Accountancy firm rescued from a cyber-attack in 48 hours

A well-established UK-based accountancy firm faced a critical business disruption when their remote desktop software suffered a devastating security attack earlier this year. An IRIS customer of over 20 years, primarily using the IRIS Accountancy Suite, they had previously relied on IRIS hosted software before transitioning to another hosting provider. Security is a rising concern in the industry, with ransomware attacks becoming increasingly sophisticated, frequent and damaging. With no access to their business, sensitive client data at risk and no answers from their software provider, the firm urgently turned to IRIS for help. What followed was a rapid response that restored operations over the weekend thanks to IRIS Anywhere’s secure, cloud-hosted platform and expert support team.

What happened?

The firm, comprising around 10 employees and two partners, never anticipated becoming the target of a cyber-attack. One of their managers shared their experience navigating the crisis and how they recovered with the help of IRIS. The manager tells us it was a Wednesday morning when they couldn’t access their remote desktop and could tell something had happened. She says, “I think it was on the Friday morning when our software provider sent out an official email about what had happened. From that email, they didn't say how long it was going to take, so we were in a bit of limbo. We kept getting the daily updates from them, and it seemed like it wasn't going in a good way. We were extremely anxious and needed our software provider to put us at ease. This was when we reached out and contacted IRIS.”

The firm reported that tensions were high during the server outage. Fortunately, a third-party data storage solution had safeguarded their data, but the entire business was still at risk. They tell us, “The most stressful part was not knowing what was going to happen and our old provider not giving any details exactly of what was going to happen.”

“We spoke to our account manager, Jon Cooper, and he was great. He organised getting it set up again and that following weekend, they got it all set up and running for us.”

From crisis to back in business thanks to IRIS Anywhere

When the firm reached out to IRIS on the Friday, they were in crisis mode. But by 9AM Monday morning, they were back in business. This rapid turnaround wasn’t just luck, it was the result of IRIS Anywhere’s layered security model and expert response framework built to prevent, detect and respond to threats swiftly and effectively.

Account manager, Jon Cooper and Director of Managed Technologies at IRIS, Andrew Monks were key members of the team who helped get the firm back on track. Andrew says,  “There are three essential points when facing a security cyber-attack. They are:

• Prevention

The most crucial part is stopping threats before they start. IRIS Anywhere is designed with enterprise-grade preventative measures that protect firms of every size. Every user is required to use Multi-Factor Authentication (MFA), which adds a vital layer of protection by ensuring that access is granted only to verified individuals. The platform also incorporates robust security controls that are continuously updated to defend against evolving threats. These controls are backed by Microsoft Azure’s global threat intelligence, which monitors billions of endpoints and adapts its security protocols in real time to counter emerging risks.

In addition, IRIS Anywhere maintains immutable and encrypted backups, ensuring that even if data is compromised, it remains secure and unalterable. To further strengthen defences, enhanced email protection through Mimecast is deployed to intercept phishing attempts before they reach users’ inboxes, significantly reducing the risk of social engineering attacks.

• Detection

Despite strong preventative measures, some threats can still bypass initial defences. IRIS Anywhere addresses this with advanced detection capabilities designed to identify suspicious activity as it happens. The system continuously monitors user behaviour and system performance to flag anomalies that may indicate a breach. This real-time threat detection ensures that potential risks are identified quickly, allowing for immediate investigation and containment before they escalate into serious incidents.

• Response

When a threat is detected, IRIS Anywhere ensures a rapid and effective response. A third-party service provides 24/7 monitoring of system behaviours and actions, enabling the team to react swiftly to any signs of compromise. This constant vigilance allows IRIS to contain and remediate threats before they cause significant damage. The response process is designed to be both fast and thorough, ensuring that affected systems are secured and restored with minimal disruption. As demonstrated in this case, IRIS’s expert team was able to rebuild the firm’s working environment over a single weekend, allowing operations to resume by Monday morning.

The grass isn’t always greener

For the accountancy firm, the ransomware attack was a wake-up call, not just about the importance of cybersecurity, but about the value of having a trusted technology partner. After years of operating without an IRIS hosting solution, the firm’s return was driven by more than just the need for a quick fix. It was about confidence, reliability and peace of mind.

The firm tells us, “We feel secure and happy now, and knowing that it's on such a big platform makes you feel more comfortable as well… We're all big fans of IRIS here, so we've always only said good things about it. From the point of view of hosting us, then we would absolutely recommend it because they were so quick and so helpful, and we feel really comfortable and secure now. Everything's running smoothly.”

Now fully operational and more secure than ever, the firm continues to work confidently in the IRIS Anywhere environment. Knowing that should the unexpected happen again, they’re in safe hands.

(Anonymous IRIS Customer)