July 30, 2020

IT Security Vigilance More Important Than Ever in COVID-19 New Normal

Just as your CPA firms have rapidly adapted to a near 100% telework environment for months now, hackers and cybercriminal syndicates are evolving their techniques to exploit this expanded work-from-home IT ecosystem.

The cyber security threat matrix is always shifting, changing and adapting at light speed to exploit gaps created by vulnerabilities in software, IT tools, and, most of all, human error and inconsistent cyber security training on the part of companies.

The COVID-19 pandemic forced CPA firms that were lagging behind the IT and security curves to rapidly deploy a remote work infrastructure. And in some cases, security was superseded by a desperate need to remain operational within a chaotic situation. 

This is all understandable. But be aware that cybercriminals and hackers understand this too, and will seize any opportunity to “get in” via more vulnerable home networks tapped into your CPA firm’s IT infrastructure. The threat is real and the Big 5 are not the only companies in the hackers’ sites.

Cetrom is here to help. We’ve been operating as a near 100% telework company for years and have unparalleled experience in cyber security measures, software and tools that can keep your CPA firm client data as safe as possible. We’ve gained new knowledge during the initial phases of COVID-19 and we continue to learn as the situation has changed over time. 

Here are Cetrom’s top eight telework cyber security tips for CPA firms adjusting to the pandemic new normal:

  • Widespread Telework Is Here to Stay: Make Peace With This. This sounds really trite and simple, but it is important. If your CPA firm leadership is always thinking that a return to the 8 a.m. to 6 p.m. in-office workday is right around the proverbial corner when a SARS-CoV-2 vaccine gets approved, a commitment to building security for a long-term approach to increased telework won’t be there. Near 100% telework, or at a minimum, a significant piece of your workforce operating remotely, is the future. Accepting this new reality is critical to keeping your firm’s data safe.
  • Provide Your Team the Tools They Need to Stay Secure at Home. More people are working from home because of the coronavirus, which means an increased risk of security breaches via home networks working with your CPA firm’s data. Here are some tips for securing home networks:
    • Use a wired connection
    • Review equipment that’s being used by staff at home
    • Run updates, patch and reboot until all updates are made
    • Subscribe to antivirus software
    • Use two-factor authentication (2FA)
    • Remain vigilant both about updates and staff behaviors/education about the threat environment
  • Establish or Enhance Companywide Security Policies. Technology like Artificial Intelligence (AI) will not solve security issues. People remain a huge factor in the success of any cyber security system. Therefore it is critical that CPA firms build out, distribute and update an enterprise security policy that is clear and promotes accountability. This policy should include:
    • Clear, enforced password rules
    • Restricted access and permissions
    • Protection for all devices
    • Two-factor authentication
    • Documentation disseminated to all staff
  • Create a Bring Your Own Device (BYOD)/Telework Policy for Your Employees. If your CPA firm doesn’t have a current BYOD protocol in place already, your BYOD program needs to focus on the basics and low-hanging fruit. However, it’s also important to think of the future as you build this BYOD set of rules and employee requirements — whatever policies you build out now in response to COVID-19 should serve as the foundation for a more comprehensive IT security and emergency preparedness model to be built out in the near future. Create a reference list of information types that are sensitive and need to be protected that your team can keep handy. This could include client personal information, intellectual property content and a host of other critical data types.
    • Define the acceptable forms of personal devices and remote access methods that can be used for work-related matters
    • Use encryption tools whenever sending sensitive information from a personal device
    • Provide tips and ongoing staff training on how to identify email scams, phishing emails and other threats that attempt to exploit human error
    • Mandate that staff working remotely only access CPA information via the company’s Virtual Desktop (VD) to make sure information is encrypted
    • Require that antivirus and malware protections are installed on personal devices and updated to cyber security best practice standards
    • Execute multifactor authentication (MFA) immediately
    • Prohibit the downloading of company information to any staff personal devices, including laptop computers, tablets or personal cloud storage systems
    • Stratify employee remote access to only information necessary to complete their specific job functions
    • The National Institute of Standards and Technology (NIST) recommends “considering a tiered approach for remote access that allows the most controlled device types (e.g., organization-owned laptop computers) to have the most access and the least controlled device types (e.g., BYOD personal mobile devices) to have minimal access.”      
  • Make Certain Your Telework and Bring Your Own Device (BYOD) Policy is Integrated Into Your Business Continuity (BC) and Disaster Response (DR) Plans. In a recent blog we discussed the importance of having a BC plan that included a DR plan with a focus on IT. Your CPA firm might have had a BC, but in COVID-19 aftermath, it’s important to apply what your firm’s IT team has learned during the pandemic to your BC, DR and IT disaster protocols. 
  • Create Consistent, Redundant Data Backup Processes. Implement multiple daily backups using different methods like the cloud and hard drive backups, for example. Backups should live outside your network, outside your physical office space and should not be virtually connected to your network. The key is diversity of backup types and consistency.
  • Keep Your CPA Firm Leaders and Staff Trained and Educated. The cyberthreat environment is constantly changing, so keeping abreast of the latest reports and threats is critical to keeping your data safe. Follow IT security-related resources like MSSP Alerts, Crowdstrike, Cybersecurity SmartBrief, and Tech Republic for cyber security updates. Committing to continuous security improvement is the name of the security game. Nowhere is this more important than in staff security training. Your people can be your biggest security asset or biggest threat. The choice is yours.
  • Once You Have Your New Normal Footing, Pursue Migrating to the Cloud and Partnering With an Experienced IT/Cloud Provider. Part of the long-term solution to supporting telework productivity and security is migrating your infrastructure to the cloud and partnering with an experienced, expert cloud host and services provider. Cloud computing and cloud services will not only improve productivity and efficiency, but they also provide significant risk mitigation against the unexpected, like a pandemic.

Four Critical Actions CPA Firms Must Take in 2021

Let’s be real. None of us really knows what the end of 2020 and the beginning of 2021 are going to look like. The good news is that CPA firms that..
November 19,2020

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like this, it would be a better world...

- Mid-sized
View All

One of the things we appreciate wholeheartedly about working with Cetrom is how great the people in the service area are and the high-level of responsiveness we have received. I’ve been very pleased..

- Mid-sized
View All

Cetrom’s services and support really stood out against the other cloud vendors. We thought their Citrix delivery platform would have a higher level of adoption because our employees would have the..

- Mid-sized
View All

Our accounting services users working in the field have greatly benefited from our migration to the cloud. They’re now able to be much more efficient while working in a client’s office because they..

- Mid-sized
View All

The decision to migrate to the cloud was one of the best business decisions Rub & Brillhart has made. It required an investment, but we have determined that our year two IT costs will be reduced by..

- Small
View All

Our migration process with Cetrom was very smooth and we had an excellent experience with their support during the demo process. We have 24/7 monitoring on our onsite equipment and they have the..

- Small
View All

We are extremely happy with the service and support we receive from Cetrom. Our staff is more efficient overall in our day-to-day activities and we don’t have any downtime. It’s a good feeling..

- Mid-sized
View All

Cetrom is an extremely cost-effective option for IT services. Not only do we receive significantly improved customer service, but we were also able to add a new VoIP system, better internet service,..

- Mid-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- Mid-sized
View All

We use two programs that often posed a challenge for our previous IT providers. Cetrom handled the situation professionally, coordinated with the software vendors, did all the backend testing, and..

- Mid-sized
View All

After interviewing and reviewing the proposals from various IT providers, it was really a night and day comparison about price, service, and performance—Cetrom was just outshining the others on every..

- Mid-sized
View All

I just want to drop you a line and let you know how pleased we are with our move to Cetrom. Your people knocked it out of the park for us and are doing a great job getting us up and working. On our..

- Small-sized
View All

Because we use specialized software for CPAs, we were concerned about the migration process. Cetrom’s CEO reassured us that there’s no concern because they understand how the software operates in the..

- 97%
View All

Cetrom’s Cloud Computing offers a high-quality, reliable and secure alternative to traditional IT management and provides immediate access to all my IT resources whether I’m in the office, at home or..

- High-quality,
View All

blog Archives

See all

Four Critical Actions CPA Firms Must Take in 2021

Let’s be real. None of us really knows what the end of 2020 and the beginning of 2021 are going to look like. The good news is that CPA firms that..
November 19,2020

Cetrom Support fixed all of my problems, their engineers are very professional, courteous, friendly and very efficient. If all customer service out there was like...

- Mid-sized
View All

blog Archives

See all
Is Cetrom Your Cloud Services Solution?