As the coronavirus continues to spread, a growing number of companies are telling employees to work from home.
While it is one way to avoid exposure to the virus, remote work presents a unique set of problems for companies unprepared to conduct business entirely or even partially over the internet. Besides the potential for overtaxing in-house systems and inadequate connectivity at home, cybersecurity concerns present an even greater concern. With tax season well underway, few sectors are at greater risk than accounting firms.
Phishing scams typically increase during tax season as cybercriminals attempt to obtain sensitive financial information from unsuspecting taxpayers. This year could see a rise in these and other attempts.
Citing guidance from the Secret Service, AccountingToday cautioned that, “Cybercriminals are exploiting the coronavirus through the wide distribution of mass emails posing as legitimate medical and or health organizations.”
Monique Becenti, of the website security solutions provider SiteLock, told AccountingToday, “Companies should be communicating cybersecurity best practices — don’t click on links; don’t download any attachments. Cybercriminals could also take advantage of remote work by impersonating someone from HR.”
Many accounting firms have already taken steps to limit direct contact with clients, encouraging them to submit documents through encrypted portals and to meet via phone or video conferencing, rather than schedule in-office meetings.
At Paramount Tax and Accounting in Georgia, Chris Hardy says, “We’ve been trying to get more clients to use the portal and upload their documents since the outbreak. We’ve been stressing to every client to use this avenue along with Zoom for video conferencing if they have questions.”
However, options like these are more limited when working remotely. In an advisory memo, the Skadden, Arps, Slate, Meagher & Flom law firm advises, “Companies must review what cybersecurity controls are in place, or need to be supplemented, prior to initiating or significantly expanding remote working technology.”
CPAs and enrolled agents are certainly sensitive to client privacy and confidentiality, but working remotely they may not be as aware of the different kinds of risks.
“Employees working remotely are more likely to forward company information to personal email accounts or to store information on unprotected laptops or other devices,” the law firm notes, adding that training and reminders about security is essential.
“The ease of using personal services and devices coupled with insufficient cybersecurity protections or noncompliance with company data retention policies can create significant risks of data leakage or unauthorized access.”