The Impact of COVID-19 on Cybersecurity for Accounting Firms

The COVID-19 Pandemic has completely changed the dynamics of how business is conducted across the planet. The concept of remote work was not a new one, however, before the pandemic, organizations were not very comfortable with this idea. With countries going to lock down overnight to stop the spread of the virus, remote working became a part of the ‘new normal’.

But remote working came with its own set of challenges – one of them being the increased number of attacks in cyberspace.

The remote work of Chicagoland accounting firms is not immune to these attacks and better cybersecurity for accounting firms must be implemented.

The combination of remote work and increased attacks has left your company’s data more vulnerable.

Employee Trouble

Part of this vulnerability is your employees – both CPAs and administrative staff.

Many employees are not so tech-savvy and they probably cannot distinguish between the black and white areas of this virtual world. This lack of cybersecurity education might lead to your company’s sensitive data (and your client’s private information) being exposed.

Ransomware Danger

There has been a dramatic increase in the number of ransomware attacks throughout the pandemic. In one dramatic example from April 2020, an accounting firm in Toronto, Canada – our neighbor to the north –  MNP LLP had to notify and shut down/change workflow in 80 offices to investigate and remediate after a ransomware attack.

Cybersecurity for accounting firms must be at the top of a CPA firm’s “to do” list because of the wealth of client data that passes through a firm’s systems. To stay safe, you need to prepare well and be flexible enough to make the needed changes.

How Cybercriminals Attack Accounting Firms

Cybercriminals have become smarter, so it’s better to stay one step ahead of them. We’ll present some of the methods that are commonly employed by criminals in the hope that, with the knowledge in hand, your CPA firm will be able to avoid being victimized by these methods.

Phishing

Phishing is one of the most common cyber-attacks being used to manipulate an organization or an individual. A phishing email pretends to be from a trustworthy entity to obtain secure information from the recipient – like username, password, or credit card details. In fact, there was a 667% surge of COVID-related phishing emails in the month of March 2020 alone.

With such an uncertain environment around us (unemployment, uncertainty, instability), it’s understandable how people might fall for a phishing scam.

How do phishing emails work?

Often the email looks like it came from a credible source and asks you to provide information or click on a link. Both of those courses of action can cause a lot of harm.

However, with little safety and attention to detail, it is possible to spot and avoid a phishing attack. It is always recommended that you should check the domain of the email sender as it might be a minor misspelling of the original email. For example, instead of ‘abc@business.com’, it might have been spoofed to abc@business.co.

Cybercriminals are using emails such as this (supposedly from your employer) to get people to click on their spurious link and be redirected to a problematic website.

Social Engineering

Social Engineering relies on the social aspect of mankind to trick a person into doing something foolish. Spoofing can be another term that refers to the same thing. In spoofing/social engineering, a criminal gains an illegitimate advantage by falsifying data and identifying as some other person. Cybercriminals have gained a definite advantage by playing mind games with people and taking the advantage of the COVID situation.

There have been instances in the recent past where cybersecurity researchers have found that an Android app that was downloaded to track COVID Cases was injected with ransomware which locked the user’s phone and demanded 100 Bitcoins from them to return access.

Similarly, the number of fake COVID-19 tracking sites has also increased. These are a look-alike of the existing sites, making you believe in their authenticity but delivering malware to the site visitors via drive-by methods.

It’s always a good idea to check whether the domains are legitimate and secured before visiting them. The rule of thumb is to download files only from trusted and legitimate sources.

What is Next for the Cybersecurity for Accounting Firms in Chicago?

When the concept of remote work was forced on USA accounting firms due to sudden and unexpected lockdowns, CPAs were anxious to set up a remote working system that could help the employees maintain their productivity. Sometimes, cybersecurity was secondary in this rush to at-home work.

Added to this lapse was the fact that many firms employed older individuals who didn’t know much about work outside the protected confines of the office network. This created another layer of vulnerability.

At this point, we are quite sure that remote work is here to stay. Therefore, your firm needs to level up the cybersecurity for your accounting firm.

The most important thing is that your employees need to be trained in the best cybersecurity practices – irrespective of their position and technical expertise.

Secondly, a cybersecurity for accounting firms strategy and plan of action that takes into account this new “work-from-anywhere” scenario.

The unfortunate reality is that the coronavirus situation is a boon for cybercriminals. CPA firms should reconsider their approach to cybersecurity in light of these changes.

The Alavanca team has defined a cybersecurity strategy that we are quite sure, will help you secure your workflow and your client’s confidential data.

So, what are you waiting for?

Cybercriminals have made this world a dangerous place. Staying vigilant and putting the right strategies into place are the keys to avoiding and mitigating such attacks.

It’s a dangerous time.

We’re here to help you stay safe AND productive. Send an email or call Alavanca to begin a no-obligation conversation about protecting your business.