The pandemic drastically and quickly changed much of society over the past year and it appears that some of those changes will be at least semi-permanent. In-person office closures prompted mass teleworking, and virtual offices are becoming the new normal. During the pandemic many tech-based businesses have boomed, while others like gyms and restaurants have seriously struggled. At Cetrom, we’ve helped our CPA clients navigate transitioning their firm to the cloud and helping them stay protected from emerging cyber threats in 2021. We’ve seen firsthand how the pandemic is reshaping cybersecurity. The big cybersecurity changes include protecting IT platforms in light of an increase in remote work and cloud services, ensuring data security regardless of where it’s accessed, and fighting an increase in phishing attacks and other creative COVID-19 themed threats.
Surveys show that providing secure remote access to resources, apps, and data is the main priority for security teams. COVID-19 prompted a never-before-seen shift toward remote work with some estimating that teleworking jumped 900% in the past year. Now, many firms are planning to move forward with more permanent telework options even after the pandemic gets further in the rear view. Cybersecurity continues to grow in importance as 44% of executives surveyed in May 2020 expected cybersecurity costs to increase and the majority of companies keep looking to increase their cybersecurity budget and staff. Financial services companies are now allocating nearly 11% of their total IT budget to cybersecurity needs. The massive increase in working at home has led to a corresponding increase in firms moving to the cloud.
At Cetrom, cloud services for CPA firms are our specialty as is cybersecurity for cloud-based IT solutions. Some of the security factors we think are most important for cloud based security are disaster recovery plans, artificial intelligence (AI) based security products, anti-spam and anti-virus (no not the COVID-19 kind of virus) detection programs, as well as strong intrusion detection and prevention systems. The pandemic has made cloud cybersecurity more important now than ever. As firms transition to more remote work, they can take some of the cost savings from eliminating physical office space and put it toward protecting and upgrading their online platforms.
Increased remote work on laptops, cell phones, and other devices allows employees to collaborate on projects and access client data and information anywhere. During the pandemic, and even after it, some of a firm's most productive and busy days occur even as most of their employees and clients are off-premises. As such, keeping client data and other critical information secure across multiple platforms and applications should be the goal of all cybersecurity experts. Complicating matters even further is the fact that firms need to continue to protect their on-premises data and staff that work there as well as their off-site staff who might be working at all hours and a wide range of places.
For remote work, virtual private networks (VPNs) and virtual desktop options (VDOs) are vital security precautions that firms need to stress to their employees to use while offsite, even if they can access files and shared drives without it. Cetrom uses secure file sharing and syncing technology that is safer than the common consumer grade file sharing services and can be accessed anywhere with an internet connection.
Since CPA firms are 100% of our focus, data security across all the platforms from in-person to any remote option is our priority. We believe that backing up all data using two methodologies (we also use Amazon Web Services as a third backup method) that are disconnected from the network is the gold standard today. Our state-of-the-art security measures protect the physical location of all our data center infrastructure. After the pandemic, protecting data accessed and shared remotely is a key priority.
Even as the pandemic inspired massive increases in charitable donations and relentless work on scientific innovations, hackers and cybercriminals also seized on opportunities created by COVID-19. According to Kaspersky, DDoS attacks tripled from Q2 2019 to Q2 2020 and there have been similar spikes in phishing, ransomware, and social engineering attacks. Many of these threats are disguised as charitable campaigns, critical communications about government aid, and legitimate news information about the pandemic. What’s more, as employees are working out of the office, they may not be as diligent as they normally would be at the office, potentially leading to a compromised security system.
The rapid move to working from home, before many firms could properly prepare, was an unprecedented chance for hackers. Even the best walls won’t work if someone on the inside opens the gate, and that is exactly what happened in many common attacks during the pandemic. Security firms will need to track trends in phishing and social engineering scams to better warn their clients of emerging threats.
We always recommend that CPA firms have enterprise level security systems for the best protection, but they also need to be sure to train their staff to avoid common as well as sophisticated scams. To make sure our clients are trained on the evolving nature of cybercrime we offer best practices and cybersecurity training to educate our clients’ employees.
There are other cybersecurity changes brought on by COVID-19 like patch management for remote work environments and securing the IT supply chain in an ever-interconnected world. But the biggest changes brought on by the COVID-19 pandemic are related to huge increases in working from home and combatting all the potential vulnerabilities that come from remote work. At Cetrom, we pride ourselves on offering robust cybersecurity services for cloud-based clients and believe our services are even more relevant and important in the post-COVID world. Remote protection, data security, and combatting COVID-themed threats and scams are examples of the main ways COVID-19 has reshaped cybersecurity threats.