Are you a slowly boiling frog?

By Sam Thomas | 12th June 2019 | 14 min read

A frog, when placed in boiling water, will jump right out to save its life. If, however, you put the amphibian in cold water and heat it up, it will stay in the water and not jump out.

Although a common myth, this metaphor is used to explain how businesses are often unaware of incremental changes that threaten them and how they will fail to jump out of the water, unless it is already boiling.

Indeed, this is highly apt for the tech sector, where we see firms are often not aware of the small changes that impact the security of their systems until they are figuratively boiling.

Security dangers that could be missed

This, I fear, could be the case in a few months’ time when Microsoft will stop releasing security updates for Server 2008 and 2008 R2.

This is the kind of risk that can easily be missed by accountancy practices, who we know have little time to properly manage their internal IT systems and tend to just leave things alone, if they are working.

But it’s important to realise that when Microsoft stops its security updates for Server 2008 and 2008 R2 the product will be vulnerable to attack from new security risks and not supported in any way. If you have one of these server versions, you should start to plan to replace it.

‘Particular risk’ for accountants

Why is it so important that you have a plan in place to deal with security risks, such as the Microsoft Server issue?

Because if you are running a server that is not updated with security patches you will be in breach of GDPR regulations to keep client data safe and ignoring professional bodies’ guidance on the matter.

The ICAEW is very clear that accountancy firms are “at particular risk of cyber-attacks due to the high level of confidential data and valuable financial information they hold”.

Can you guess how many incidents of fraud and computer misuse occurred in 2018? There were 506,000! That’s 1,300 per day. These figures – the latest published by the Office for National Statistics – are made more alarming by the fact that many other incidents are unreported because they are undiscovered. So, the true figures must be even higher.

How can I avoid becoming a victim?

While leaving your IT systems alone just because they are currently working used to be a questionable approach to running your IT systems 20 years ago, now it is positively dangerous and could see you succumbing to the fraudsters yourself.

The ever-increasing amount of software updates is one significant risk. As the name implies, these patches cover holes in the security of the products. It is very important that these patches are applied as soon as possible after the date they are released to avoid falling prey to security holes in the previous iterations being exploited.

Professional bodies ACCA and ICAEW agree on the importance of software updates, with the latter saying that it’s “essential to keep all your computers and devices up to date with the latest patches”.

ACCA advises to “plan to replace software and hardware that is no longer supported by manufacturers”.

The ICAEW IT Faculty says: “Remember that just one vulnerable computer puts all the others at risk – so it’s important to ensure that all available patches are applied to all machines.”

How can IRIS help?

IRIS offers various services, including hosting, onsite support, and security options, that can help you remove this risk. Please contact your account manager for more information.