Updated February 23, 2022 following rising Global conflict overseas.
Cybersecurity risks to CPA firms are not a new concern. Although this concern has recently grown following the the Russian-Ukraine full-scale military invasion and evolving global threats, cybersecurity events are likely and must be top priority for companies across the Unites States.
The transition to the remote work environment has compounded existing cybersecurity threats and created multilayered security concerns, which requires even more emphasis on the protection of client data, software, and hardware. Since CPA firms have access to extremely confidential and sensitive financial information, it is important for C-suite executives and IT professionals to be knowledgeable and up to date on cybersecurity threats.
With the dramatic increase in remote work nationwide, connectivity and bandwidth issues have been challenged — with employees using personal devices in a multitude of unsecure locations, which creates additional security risks. Concerningly, data privacy risks have increased exponentially in this environment. According to a Wall Street Journal article, approximately 53% of remote workers use personal laptops for company business; 23% of the 53% work with personally identifiable information on devices not managed by their employer.
Another example is when an employee clicks on the wrong link, downloads an infected attachment, or sends files over an unsecured network. These actions can significantly damage a CPA firm. Phishing attacks, malware attacks, and employee error are exacerbated in a remote setting without increased cybersecurity precautions.
Breach and ransomware incidents are possible, even in a small or midsize CPA firm. According to cybersecurity researcher Alex Holden in 2018, Russian hacker collectives were specifically targeting individual practitioners and small CPA firms because of the personally identifiable information in their possession. Also, lost or stolen devices create data breaches if sensitive information is on an unencrypted hard drive. Finally, the theft of Social Security numbers from CPA databases is another cybersecurity threat facing CPA firms
CPA firms are revered because of their professionalism, expertise, and trusted position in the financial matters and personal information concerning their clients. C-suite executives need to apply the same attention to detail expected in the accounting profession to the cybersecurity equation — in order to protect their clients from cyber threats. As the transition to remote work becomes enduring, cybersecurity guidelines should be updated to address the changes and vulnerabilities created by the remote work environment. Ensuring employees are adhering to implemented security practices while in a remote setting is imperative.
Presently, more than half of all CPA firms use a cloud provider to host their applications. Employees’ home networks create significant security issues. Remote workers’ computers should be equipped with a host-based firewall, which allows and disallows traffic similar to a network firewall to help prevent a threat from a home network accessing a computer. For extra cybersecurity, employers should also ensure the following is done for their employees’ home networks:
The transition to the remote work environment for CPA firms is expected to continue. According to research by Convergence Coaching, of 223 CPA firms polled in the summer of 2020, only 4% were virtual prior to the pandemic. Post-pandemic, 81% of the firms expect an increase or a significant increase in remote work. The value of remote work has been realized by CPA firms. The goal for CPA practitioners and firms is to develop and implement long-term cybersecurity solutions for the remote work setting.
While many CPA firms have adjusted to the remote work environment, cybersecurity risks continue to present challenges specific to the remote setting. As the evolution to remote work grows, it’s a great opportunity for CPA firms to innovate with new cybersecurity strategies and solutions to ensure protection wherever the employee works. CPA firms who commit to devoting resources to cybersecurity and invest in a cloud-based solution, such as with Cetrom, will help alleviate the ongoing cybersecurity risks posed by remote work settings.
Cetrom works exclusively with CPA firms and specializes in hosting accounting-specific applications. The company is a vital resource to help diverse practitioners and CPA firms realize the goal of long-term, effective cybersecurity solutions by migrating a firm’s infrastructure to the cloud. Partnering with Cetrom means uniting with an expert and experienced cloud host who specializes in cloud solutions to optimize CPA firms’ performance and security. Cetrom is 100% focused on CPA firms and has cybersecurity protection and training perfect for a remote-based CPA firm. Cetrom understands the needs and expectations of a CPA firm and the cloud services are custom designed.
For additional information on a cloud-based solution, contact Cetrom today.