Who’s glad to put 2020 behind us? For most everyone, the fresh start of a new year has never been more welcome. And yet, despite hopes for a recovering economy and the anticipation of widespread vaccinations, CPA firms cannot return to the “old normal” of doing business when it comes to cybersecurity protections.
A report in the November 2020 edition of Security Magazine issued this dire warning. “Financial services organizations and other firms that are responsible for the security of consumer financial data must remain vigilant in their cybersecurity efforts throughout 2021. The high value of financial data, including Social Security numbers, banking details, and more, makes it a lucrative target for cybercriminals.”
Here are just a few examples of how today’s cybersecurity threats are increasing in new and different ways.
Targeting Remote Workers
In 2020, when employees suddenly became remote workers to comply with the pandemic’s stay-at-home orders, many employers were not prepared to support the shift in technology and devices. But, cybercriminals were, taking advantage of the disruption to launch “phishing, vishing, ransomware, and a whole slew of other attacks that targeted gaps in companies’ security postures,” according to the report.
In 2021, remote work is expected to continue gaining traction as a viable alternative to the workplace. A survey by PricewaterhouseCoopers found that more than half of responding employers (54%) plan to make remote work a permanent option for roles that allow it. Additionally, nearly half (49%) said they are trying to improve the remote work experience for their employees.
More Sophisticated Cybercriminal Activity
These 2020 cybersecurity statistics illustrate the growing threat from social engineering (the use of deception to manipulate people into divulging confidential or personal information for fraudulent purposes): Phishing attempts rose 600% since the start of the pandemic, and 67% of data breaches were the result of credential theft, human error or social media attacks.
Cybercriminals are capitalizing on the COVID-19 pandemic and rising numbers of remote workers to spoof new corporate policies and legitimate collaboration tools, such as Zoom or Dropbox, to harvest valuable corporate credentials, according to a report in TechRadar.com. “It’s a trend we anticipate will only continue to gain steam in the foreseeable future.”
One of these troubling trends uses phishing campaigns masquerading as emails from HR departments to steal employees’ business login credentials. The emails contain subject lines such as “Employee Enrollment Required” or “Remote Work Access” and asks the recipient to click on a link to enroll in the company’s remote working policy. Doing so sends the employee to a fake phishing site, where their credentials are stolen and potentially sold. Another scam exploits employees’ layoff and payroll concerns by delivering fake “Zoom meeting about termination” emails and false notifications about COVID-19 stimulation/payroll processing, reports (IN)SECURE Magazine.
Vulnerability of Legacy IT Infrastructures
When the pandemic hit, many organizations looked to legacy security architectures like VPNs to quickly ramp up remote operations and comply with stay-at-home orders. However, this is not a sufficient long-term solution as VPNs introduce latency, hamper productivity, can be difficult to scale, and can grant employees excessive access to internal resources.
To meet these and future challenges, CPA firms need to ensure they have the right infrastructure to perform at the highest level of security necessary to maintain their business continuity needs. The best solution is a fully managed cloud hosting service provider that can provide the following advantages to businesses of all sizes.
- Security - The reality of cybercrime is frightening. In 2020, there was a cyberattack every 39 seconds and COVID-19 is blamed for 238% rise in attacks on banks. Secure cloud hosting of your firm's software programs and data files greatly minimizes the threat of cybercrime. In addition, some cloud hosting providers also offer a secure portal for clients to connect and share information with your firm.
Compliancy - Using a cloud hosting service can eliminate the complexities involved in adhering to government and industry regulations. CPA firms will want a cloud hosting provider that not only supports Service Organization Controls (SOC 1 and SOC 2), but also understands the details and demands of other regulatory compliances relevant to the financial industry, such as the Gramm Leach Bliley Act, Sarbanes Oxley Act, Bank Secrecy Act and Payment Card Industry Data Security.
Business Continuity - Business disruptions come in many forms beyond a once-in-a-lifetime global pandemic. From hurricanes and other natural disasters to cybercrimes, the impact of data loss or corruption can be costly and significant. The right business continuity and IT recovery plan can ensure that your firm’s critical services can be safely delivered and essential operations can continue to function securely.
Mobility - From remote work to telehealth, COVID-19 has forever transformed the way people do business. Mobility can enhance productivity, communication and workforce flexibility. Cloud solutions provide an in-office desktop experience – including software, apps, files and permissions – that allow CPAs to securely perform remote accounting and tax services from any location and any device that connects to the internet.
Cost & Efficiency - Maintaining an onsite server can divert both money and human resources away from other parts of a business that produce revenue growth. Cloud hosting reduces IT costs by curbing the demands of maintaining an IT infrastructure and eliminating the significant capital expenses for hardware upgrades.
Scalability - A CPA firm’s workforce and IT requirements often fluctuate in size and seasons. A cloud hosting service offers network scalability that can be tailored to a business’s changing requirements. IT resources (hardware and software) and network users can be added or removed from the network without wasted investment or time to scale.
Ease of Implementation - With the right provider, the transition from your current infrastructure to a fully managed cloud hosting service should be efficient and seamless. You’ll want a provider who can build your new system to replicate your current one as closely as possible. When your firm moves to the new system, workflow disruption and your staff’s learning curve should be as minimal as possible.
Cloud hosting services provide a secure, reliable and remote connection to your IT infrastructure and data. Optimally, you want a company that provides:
- Fully managed data hosting, meaning data plus applications, environment, emails and security.
- A single (not co-located) protected infrastructure. There is peace of mind that comes from knowing that damage to your company’s office, or other disruptions, will not impact the ability to access your protected data or your employees’ ability to do their jobs.
- Data access without limitations, other than an internet connection. Employees can log in – often through a web portal or downloadable application – and access all of your firm’s environment from anywhere in the world.
These seven features of cloud hosting services are a good starting point for any business whose New Year’s resolutions include planning their IT resources for 2021, including migration to a cloud-based infrastructure.
As an endorsed program of the FICPA, Coaxis offers special member pricing for its CPA program package. To learn more, visit www.coaxiscloud.com/ficpa or contact Lisa Bryant, executive vice president of corporate development, at (850) 391-1022 or firstname.lastname@example.org.