Cybersecurity Tips for Remote CPA Firms

Updated February 23, 2022 following rising Global conflict overseas.

What are the Cybersecurity Risks Specific to CPA Firms in a Remote Work Environment?

Cybersecurity risks to CPA firms are not a new concern. Although this concern has recently grown following the the Russian-Ukraine full-scale military invasion and evolving global threats, cybersecurity events are likely and must be top priority for companies across the Unites States.

The transition to the remote work environment has compounded existing cybersecurity threats and created multilayered security concerns, which requires even more emphasis on the protection of client data, software, and hardware. Since CPA firms have access to extremely confidential and sensitive financial information, it is important for C-suite executives and IT professionals to be knowledgeable and up to date on cybersecurity threats.

With the dramatic increase in remote work nationwide, connectivity and bandwidth issues have been challenged — with employees using personal devices in a multitude of unsecure locations, which creates additional security risks. Concerningly, data privacy risks have increased exponentially in this environment. According to a Wall Street Journal article, approximately 53% of remote workers use personal laptops for company business; 23% of the 53% work with personally identifiable information on devices not managed by their employer.

Another example is when an employee clicks on the wrong link, downloads an infected attachment, or sends files over an unsecured network. These actions can significantly damage a CPA firm. Phishing attacks, malware attacks, and employee error are exacerbated in a remote setting without increased cybersecurity precautions.

Breach and ransomware incidents are possible, even in a small or midsize CPA firm. According to cybersecurity researcher Alex Holden in 2018, Russian hacker collectives were specifically targeting individual practitioners and small CPA firms because of the personally identifiable information in their possession. Also, lost or stolen devices create data breaches if sensitive information is on an unencrypted hard drive. Finally, the theft of Social Security numbers from CPA databases is another cybersecurity threat facing CPA firms

CPA Firms Should Implement Effective Cybersecurity Protocols

CPA firms are revered because of their professionalism, expertise, and trusted position in the financial matters and personal information concerning their clients. C-suite executives need to apply the same attention to detail expected in the accounting profession to the cybersecurity equation — in order to protect their clients from cyber threats. As the transition to remote work becomes enduring, cybersecurity guidelines should be updated to address the changes and vulnerabilities created by the remote work environment. Ensuring employees are adhering to implemented security practices while in a remote setting is imperative.

• Require remote employees to follow policy regarding secure passwords on all devices. Include remote work procedures in an IT policy.
• Require the firm’s firewalls, antivirus/malware and other security software are available on all employee’s personal devices which are used for firm business.
• Confirm that all security applications are being updated consistently.
• Confirm the firm is utilizing multi-factor authentication and screen lock to prohibit unauthorized access to data on all devices.
• Use VPNs to ensure the Wi-Fi connection is secure in a remote work locale.
• Utilize a cloud-based system, especially in a remote work environment. Storing files on the cloud ensures a secure environment — with daily updates and safeguards.
• For immediate threats, consider locking down systems to authorized user IPs only.

Presently, more than half of all CPA firms use a cloud provider to host their applications. Employees’ home networks create significant security issues. Remote workers’ computers should be equipped with a host-based firewall, which allows and disallows traffic similar to a network firewall to help prevent a threat from a home network accessing a computer. For extra cybersecurity, employers should also ensure the following is done for their employees’ home networks:

• Install a web filter integrated into a firewall, which offers advanced functions to protect from malicious websites and malware;
• Use a quality anti-virus package programmed to alert a security team of malware — this is crucial in a remote situations;
• Encrypt a computer’s hard drive to make the information unreadable as another important preventative measure for CPA firms, especially those conducting business in remote locales or if a device is lost or stolen;
• Configure a Virtual Private Network to allow employees to connect remotely to the company network; this is an effective protocol while also creating a work experience indistinguishable from the in-office work experience;
• Require multi-factor authentication on everything;
• Provide ongoing cybersecurity awareness training for employees, emphasizing details specific to a remote setting, which should include educating employees consistently about new threats and protocols;
• Install detection mechanisms as well as prevention measures to know when an attack is happening before it gets out of control.

What are the Long-Term Cybersecurity Solutions Provided by Cetrom?

The transition to the remote work environment for CPA firms is expected to continue. According to research by Convergence Coaching, of 223 CPA firms polled in the summer of 2020, only 4% were virtual prior to the pandemic. Post-pandemic, 81% of the firms expect an increase or a significant increase in remote work. The value of remote work has been realized by CPA firms. The goal for CPA practitioners and firms is to develop and implement long-term cybersecurity solutions for the remote work setting.

While many CPA firms have adjusted to the remote work environment, cybersecurity risks continue to present challenges specific to the remote setting. As the evolution to remote work grows, it’s a great opportunity for CPA firms to innovate with new cybersecurity strategies and solutions to ensure protection wherever the employee works. CPA firms who commit to devoting resources to cybersecurity and invest in a cloud-based solution, such as with Cetrom, will help alleviate the ongoing cybersecurity risks posed by remote work settings.

Cetrom works exclusively with CPA firms and specializes in hosting accounting-specific applications. The company is a vital resource to help diverse practitioners and CPA firms realize the goal of long-term, effective cybersecurity solutions by migrating a firm’s infrastructure to the cloud. Partnering with Cetrom means uniting with an expert and experienced cloud host who specializes in cloud solutions to optimize CPA firms’ performance and security. Cetrom is 100% focused on CPA firms and has cybersecurity protection and training perfect for a remote-based CPA firm. Cetrom understands the needs and expectations of a CPA firm and the cloud services are custom designed.

• Cetrom invests in the top-of-the-line, most advanced artificial intelligence security technologies.
• Cetrom is committed to superb service. Level 3 Engineers support their network by email or phone 24x7x365.
• Cetrom offers cybersecurity training for the remote workforce. Cetrom’s cloud-based cybersecurity platforms are specifically designed to meet the needs of CPA firms.
• CPA firms interested in adapting to the remote work environment and current cyber threats can request a consultation from Cetrom to understand any gaps in their security system.

For additional information on a cloud-based solution, contact Cetrom today.