Some say that remote work is the future of accounting. It’s one of those industries that lends itself to being able to work from anywhere, and thus take advantage of the benefits of remote employees.
But many firms aren’t properly prepared for the types of security protocols that one needs to have in place, especially when sharing the type of sensitive information that CPA and tax firms deal with every day.
While 99% of surveyed accounting firms offer some type of remote work program, just 35% of them have put a remote work security policy in place.
Accountants and tax preparers store some of the most lucrative data that cybercriminals can get their hands on, including Social Security Numbers, bank account records, dependent details, and more.
Without proper safeguards and managed security, remote connections can leave data at risk of being breached and staff that are working remotely don’t realize they may be adopting risky workflows.
Some of the most common types of data breaches of accounting offices are:
- General unauthorized access
- Hacking
- Phishing
- Physical media stolen/lost
- Ransomware
- Inadvertent disclose (data leakage)
- Improper employee access
Remote working offers multiple cost-saving and stress reducing benefits for both companies and employees and it can be done securely if you put the right remote work policies into place.
How to Ensure Secure Remote Connections
Even though employees may be working from home, they should still be considered part of your overall technology infrastructure, especially when it comes to cybersecurity policies.
In a recent report on work-from-home (WFH) employees and cybersecurity, 75% of employees working remotely stated they follow their IT team’s advice when it comes to cybersecurity.
A full 20% of WFH employees said they didn’t receive any security tips when they shifted to remote work.
What this reveals is that a majority of employees want to be responsible when it comes to working remotely, they just need policies in place to know how to do that.
Here are several important tips for WFH cybersecurity and a remote work policy to protect your CPA firm from a data breach.
Require that Approved Hardware/OS Be Used
Another interesting statistic from the WFH report was that during the pandemic, 56% of employees sent to work from home used their personal computers for work. If any of those PCs have an older operating system (OS), that could leave your firm at major risk of a remote data breach.
You should have minimum requirements in place if employees are using personal computers for work. This not only ensures productivity doesn’t lag due to a system not having enough memory or processing power, but also that it meets minimum security requirements.
Have All Remote Connections Done Through a VPN
Home Wi-Fi networks are generally more at risk than a business networks for two reasons:
- Consumer routers have lower security standards that business-grade routers
- Residential networks can have more “high-risk” devices sharing the connection
A business virtual private network (VPN) encrypts data that’s being transmitted and received remotely. It protects connection security, even when employees may be on a public Wi-Fi. VPNs can also give you important insight into remote data access of your assets.
Use a Single Remote Portal for Data Access with MFA
Accounting firms use multiple software and systems, meaning each employee will have several different logins and the security of each may differ. The more username/password combinations your firm has used on a daily basis, the more you’re at risk of credential theft or hack.
81% of data breaches are caused by credential theft.
You can reduce the risk as well as standardize security and improve your user experience by putting a single sign-on (SSO) portal in place that’s secured with multi-factor authentication (MFA).
This allows you to add additional authentication standards for data access, for example, including a challenge question if an employee is signing in from an unrecognized IP address. Once employees sign in through the portal, they have access to all their business apps.
Develop & Require Remote Work Training
When employees are working remotely, they don’t have the same oversight or support as when they’re in an office. It’s easier to get fooled by a phishing email when you can’t ask a colleague at the next desk for a second opinion.
Develop training on remote working security and require your employees go through that prior to working from home. Some of the topics to include would be:
- How to identify phishing emails
- What to do if you suspect phishing
- Importance of password security
- Dangers of shadow IT (using apps that your firm hasn’t approved)
- Why updates/patches are vital
- How to securely connect to work apps and data
- Physical device security
Ensure WFH Computers are Properly Managed/Updated
Things like managing anti-malware, managed updates, and proactive maintenance are all things that come with a managed IT services plan.
You can address a significant area of remote worker risk by having managed services in place for all computers being used by employees for work, especially those being used outside your office.
Using an MSP not only helps prevent cybersecurity risk, it also gives your remote employees the support they need when they have an IT issue. They have a “go to” person to ask for help, meaning less time is wasted struggling with tech issues.
Put an MSP in Place for Your Firm’s Remote Staff
Keep your firm protected from a costly data breach and ensure your team can work remotely with confidence. Connect2Geek can help you put managed services in place for remote staff and help you with other remote security tips too.
Schedule a free security consultation today! Call 208-468-4323 or reach out online.