April 16, 2020

COVID-19 Means CPA Firms Must Create Bring Your Own Device Remote Work Policy

The ongoing coronavirus pandemic has forced companies of all sizes and in all industries to pivot to a telework environment to remain operational while keeping employees healthy and safe. CPA firms large and small have had to enhance their existing remote work setups while firms behind the tech curve have had to make even more drastic changes to how their teams can collaborate, share information and remain productive during COVID-19.

More staff working from home means that more personal devices will be used on home networks for CPA firm business, which increases the risk for security issues, cyberattacks and data breaches. Providing your team the right tools to work remotely is very important during this COVID-19 “New Normal” — it is equally important, however, that CPA firms also develop and communicate a clear, executable policy for Bring Your Own Device (BYOD) security to its remote employees.

As we’ve noted before, cybersecurity is not just about tech; your people must play a proactive role in keeping your CPA firm’s data and IT infrastructure secure. The human influence on cybersecurity is more important than ever before because so many staff are operating on their own devices and networks due to COVID-19.

Cetrom can help you transition to a strong remote work environment while also providing guidance around creating a sound and practical BYOD policy. Here are some tips for keeping your data safe in the age of increased BYOD work activity during the coronavirus pandemic.

Educate Your Staff on the Why Behind the BYOD Policy

To avoid a negative reaction from staff, take time to explain why it is necessary to create a personal device policy during this work from the home period. You can build out the best BYOD policy in the world, but if your staff, which is likely already stressed, feels put-upon by this policy, they will be less likely to follow the rules.

  • CPA firms need to help their staff understand that as a company they cannot control home networks or what is on personal devices so protocols and rules need to be established to protect individual staff and the company.
  • CPA firms need to deploy a constant educational communication plan around personal device use during COVID-19; this means active, consistent communication about the BYOD policy, accountability and even a summary of the latest threats like COVID-19-themed phishing and email scams.
  • CPA firms need to emphasize that the BYOD policy is not punitive; rather, it’s for the protection of the staff, the company and its clients

Under normal circumstances, it would be advisable to recruit department leads and other staff to help build your BYOD policy. This would help create a sense of collective ownership of the BYOD program and prevent any animosity or negative backlash. However, if your CPA firm doesn’t have a BYOD already in place, this is not feasible since you have to act now to mitigate risks as soon as possible.

What Should Go Into Your BYOD Policy

If your CPA firm doesn’t have a current BYOD policy or an IT emergency response protocol in place already, your BYOD program needs to focus on the basics and low-hanging fruit. However, it’s important to think of the future as you build this BYOD set of rules and employee requirements — whatever policies you build out now in response to COVID-19 should serve as the foundation for a more comprehensive IT security and emergency preparedness model to be built out in the near future. 

Here are some BYOD policy actions you can take relatively quickly to better protect your network and data:

  • Create a reference list of information types that are sensitive and need to be protected that your team can keep handy. This could include client personal information, intellectual property content and a host of other critical data types.
  • Define the acceptable forms of personal devices and remote access methods that can be used for work-related matters
  • Use encryption tools whenever sending sensitive information from a personal device
  • Provide tips and ongoing staff training on how to identify email scams, phishing emails and other threats that attempt to exploit human error
  • Mandate that staff working remotely only access CPA information via the company’s Virtual Desktop (VD) to make sure information is encrypted
  • Require that antivirus and malware protections are installed on personal devices and updated to cybersecurity best practice standards
  • Execute multi-factor authentication (MFA) immediately
  • Prohibit the downloading of company information to any staff personal devices, including laptop computers, tablets or personal cloud storage systems
  • Stratify employee remote access to only information necessary to complete their specific job functions
  • The National Institute of Standards and Technology (NIST) recommends “considering a tiered approach for remote access that allows the most controlled device types [e.g., organization-owned laptop computers] to have the most access and the least controlled device types [e.g., BYOD personal mobile devices] to have minimal access.”      

It’s important to note that every CPA firm’s BYOD policy will have its own nuances; there is no one-size-fits-all approach that will work. The aforementioned recommendations are intended to provide guidance around what CPA firms can more rapidly deploy to plug any security gaps created by the crisis-driven transition to near 100% work-from-home work ecosystems. 

The key takeaway is that every CPA firm, regardless of size, location or industry focus, has to do one of two things immediately: (1) Reassess and augment its existing IT emergency and BYOD protocols; or (2) Create a BYOD policy that can be implemented quickly and effectively and with the build-out of a future, comprehensive security plan in mind. 

Cetrom is here to help CPA firms navigate COVID-19 and better position their IT networks for the future by enhancing existing security policies and IT infrastructure or via the build-out of an effective, efficient and secure IT environment from the ground up.

Green Flags to Look for When Selecting a Managed Service Provider

IT infrastructure is the backbone of modern financial organizations, including CPA firms. Businesses that are responsible for taking measures to..
September 26,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Midwest
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Green Flags to Look for When Selecting a Managed Service Provider

IT infrastructure is the backbone of modern financial organizations, including CPA firms. Businesses that are responsible for taking measures to..
September 26,2024

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?