Data Theft Is the New Ransomware—Is Your Practice Ready?

Written By Eszter Rapanos

This article will count 0.25 units (15 minutes) of unverifiable CPD. Remember to log these units under your membership profile.

Think ransomware is the worst it can get? Think again.

Cybercriminals aren’t just locking your files anymore, they’re stealing them. And if you're running a South African accounting firm, that could land you in serious legal and financial trouble.

Data exfiltration, where criminals steal sensitive client info before launching ransomware, now happens in over 90% of cyberattacks, according to BlackFog. Once that data is out, it can be sold on the dark web, leaked, or used to extort both firms and their clients. Even if you restore your data, the crooks still have a copy.

Why Accounting Practices Are Easy Targets

Criminals target accounting practices because:

  • You handle highly sensitive client data: tax returns, payroll, audit results, financial forecasts.

  • Remote work has made systems easier to breach, especially when staff use personal devices.

  • Many practices, especially smaller ones, don’t have strong cybersecurity teams or tools.

And let’s not forget: in South Africa, the Protection of Personal Information Act (POPIA) holds firms responsible for keeping client data safe. A breach isn’t just a PR problem it’s a legal one.

What South African Law Says

📌 Under POPIA, you’re legally required to:

  • Secure personal and financial data with appropriate safeguards.

  • Report data breaches to both the Information Regulator and affected clients.

  • Limit access to personal information only to authorised staff.

Non-compliance can lead to:

  • Fines up to R10 million

  • Civil lawsuits from affected clients

  • Investigations and audits by the Information Regulator

📌 If you work with international clients, European Union's General Data Protection Regulation (GDPR) and other global laws may also apply and carry hefty penalties.

Traditional Defences Aren’t Enough Anymore

Practices rely on basic detection tools that kick in after an attack. But by then, the data is often already gone. Today’s attackers:

  • Steal data first, then hit you with ransomware later.

  • Use sophisticated methods like Domain Name System (DNS) tunnelling and encrypted cloud uploads to sneak data out without detection.

  • Take advantage of overworked or understaffed IT teams who miss real threats in a flood of false alerts.

What You Should Be Doing Instead

🔒 Go prevention-first. Don’t wait for an alert, stop attacks before they start. Here’s how:

  • Limit data access. Only give staff access to what they need

  • Secure remote devices. Use endpoint protection software for all laptops/desktops

  • Watch your logins. Track who’s accessing what and flag suspicious activity

  • Test your breach plan. Update and rehearse your incident response procedures

  • Train your team. Human error is still the biggest cybersecurity gap

This also helps meet compliance obligations under POPIA, GDPR and others.

What is At Risk

If that attack succeeds, your practice could lose:

  • Client trust

  • Audit credibility

  • Money (through lawsuits, fines, and recovery costs)

  • Your entire business.

Bottom Line

Data theft is now the main risk not just ransomware. And in South Africa, you could face major legal and financial consequences for failing to protect your clients’ personal information.

It’s time for firms to stop reacting and start preventing. This is about more than IT it’s about trust, compliance, and staying in business.

Source Article: Why exfiltration prevention is now a compliance imperative for accounting firms | Accounting Today

Eszter Rapanos
Previous

Want to Move Money Offshore? Here's What You Should Know
Next

When AI Does the Work—Should Clients Pay Less?