The recent IT outage at CrowdStrike, a leader in cybersecurity solutions, sent shockwaves across various industries, marking the largest IT outage ever. The disruption, caused by a mix of technical failures and unforeseen glitches, rendered many of CrowdStrike’s services temporarily unavailable, affecting numerous clients globally.
Logic Monitor’s Outage Impact Survey gives us a sense of how widespread downtimes are with 96% of global IT decision makers having experienced at least one outage in the past three years [1]. This highlights the inherent risks in our increasingly digital world and offers crucial lessons for businesses, particularly accountancy firms, which rely heavily on seamless IT operations and strict data security.
Accountancy firms, entrusted with sensitive financial data and dependent on continuous access to client information, must learn from the CrowdStrike incident to strengthen their operations.
Here are five essential takeaways from this outage and their implications for accounting professionals and leaders.
Business Continuity Planning (BCP)
The CrowdStrike outage emphasized the importance of having a strong Business Continuity Plan (BCP). The ability to keep business operations running during an unexpected disruption can mean the difference between staying stable and facing chaos.
Did you know, only 27% of small businesses have an official emergency response plan [2]? For accountancy firms, where timely financial reporting and constant client communication are critical, having a BCP in place is key to mitigate disruptions and secure client trust.
Accountancy firms must ensure that their BCPs cover all critical aspects of their business, including IT infrastructure, data access, and client services. A well-structured BCP will outline how to continue essential functions during an IT outage and establish a framework for quick recovery and communication.
Action Points: Accountancy firms should develop comprehensive BCPs that encompass all critical business functions. Regular drills and simulations should be conducted to ensure all employees are familiar with emergency procedures. Backup systems and alternative communication channels must be established to maintain client contact and data accessibility during disruptions. By proactively preparing for potential outages, firms can minimize downtime and sustain client trust.
Cybersecurity Measures
Given CrowdStrike’s reputation in the cybersecurity field, their outage serves as a strong reminder that no entity is immune to IT disruptions. In fact, Gartner predicts that by 2025, 45% of global organizations will be affected by a supply chain attack [3].
The global tech disruption highlights the necessity for accounting firms to continually evaluate and improve their cybersecurity measures. Accountancy firms deal with sensitive financial data, making them prime targets for cyberattacks.
The takeaway here is clear: investing in cybersecurity is not optional. It’s essential to have strong security protocols to protect client data and maintain trust. Regularly updating security measures and training staff on the latest cybersecurity threats can significantly reduce vulnerabilities.
Action Points: Firms should perform regular security audits to identify vulnerabilities and implement robust firewalls, intrusion detection systems, and encryption protocols. Investing in cybersecurity training for employees can help mitigate risks associated with phishing attacks and other cyber threats. Furthermore, establishing a protocol for regular software updates and patches is crucial to safeguard against evolving threats. Proactive cybersecurity measures can significantly reduce the risk of data breaches and service interruptions.
Vendor Management
The dependency on third-party vendors, as illustrated by the CrowdStrike outage, necessitates a strategic approach to vendor management. In 2023, the Veracode “State of Software Security 2024” report found that 70% of applications had flaws in third-party code [4], showing why third-party vendors need to be evaluated and checked for security measures. Ensuring that service providers have resilient infrastructures and contingency plans in place is critical.
For accountancy firms, whose operations may rely on various external software and services, an outage at a third-party vendor can disrupt their entire workflow.
Evaluating vendors’ risk management practices and ensuring they align with your firm’s standards is crucial. Establishing clear lines of communication and understanding the vendor’s own BCPs can help mitigate risks associated with vendor outages.
Action Points: Accountancy firms should rigorously assess the reliability and security protocols of their IT service providers. Establishing clear communication channels and service level agreements (SLAs) can help manage expectations and responsibilities during outages. Regular reviews and audits of vendor performance can ensure adherence to agreed standards and prompt identification of potential issues. By maintaining a close watch on their vendors, firms can better anticipate and mitigate the impact of third-party disruptions.
Data Backup and Recovery
The CrowdStrike incident emphasized the need for efficient data backup and recovery processes. Ensuring data integrity and availability during outages is crucial for maintaining business operations and client confidence. According to Uptime’s 2022 Data Center Resiliency Survey, 80% of data center managers have experienced outages in the past three years, a slight increase from the typical 70% to 80% [5].
For accountancy firms, which handle vast amounts of critical client data, the ability to recover quickly from an outage is vital. Regular data backups and a clear recovery plan ensure that data can be restored with minimal loss and disruption. Testing these recovery processes regularly can help firms identify and fix potential issues before they become critical.
Action Points: Implementing automated, regular data backups to secure, offsite locations can prevent data loss during IT disruptions. Testing recovery procedures periodically ensures that backups can be restored swiftly and accurately when needed. Accounting firms should also consider tiered backup solutions, prioritizing critical data for faster recovery times. Establishing robust data backup and recovery protocols can help firms safeguard their essential information and ensure operational continuity.
Client Communication Strategy
The “Cost of a Data Breach Report 2023” by IBM and the Ponemon Institute states that it takes an average of 277 days for security teams to identify and contain a data breach [6]. But that doesn’t have to stop us from keeping our clients informed on any possible breach, right?
Effective communication with clients during IT disruptions is vital to maintaining trust and transparency. The CrowdStrike outage underscored the importance of having a well-defined communication strategy to manage client expectations and provide timely updates. For accountancy firms, maintaining open lines of communication during a disruption is critical to managing client concerns and maintaining confidence.
A clear communication plan ensures that clients are informed about the nature of the disruption, the expected downtime, and the steps being taken to resolve the issue. This transparency helps maintain trust and reassures clients that their data and services are being managed diligently.
Action Points: Develop a comprehensive client communication plan that includes predefined messages for different types of disruptions. Designate a team responsible for managing client communications and ensure they are trained to handle inquiries and concerns effectively. Utilizing multiple communication channels, such as email, phone, and social media, can ensure that clients receive timely and accurate information. By keeping clients informed and reassured during outages, firms can strengthen their relationships and demonstrate reliability.
Conclusion
The CrowdStrike IT outage serves as a wake-up call for accountancy firms to reassess and strengthen their operational resilience. Proactive preparation and strategic planning are key to safeguarding against potential outages and ensuring sustained client trust and business success.
Accountancy firms must take these lessons to heart, recognizing that the digital landscape is full of uncertainties. By implementing these takeaways, they can build a more resilient, secure, and client-centric practice, ready to face the challenges of the modern business environment.
Bibliography
- https://www.logicmonitor.com/resource/outage-impact-survey
- https://wifitalents.com/statistic/business-continuity/
- https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
- https://www.veracode.com/sites/default/files/2024-02/SOSS-Report-2024.pdf
- https://uptimeinstitute.com/about-ui/press-releases/2022-outage-analysis-finds-downtime-costs-and-consequences-worsening
- https://www.ibm.com/security/data-breach
Reviewed by:
Arun Mehra
Samera CEO
Arun, CEO of Samera, is an experienced accountant and dental practice owner. He specialises in accountancy, financial directorship, squat practices and practice management.