With the sudden evolution of the Covid-19 virus across the globe, we have been hearing the Covid-19 era giving rise to a new normal of doing things. As the virus continues to fan in and out, our work environment is moving towards a digital transformation. With this, cybercrimes and vulnerabilities of cyber scenery are and will increase in times to come. Security lapses in video conferencing tools alongside malware and ransomware attacks on digital systems have grown. The sudden thrust towards this digitization has increased the risk for the non-seasoned computer user drastically as well. Statistics reflect that global cost of cybercrime will be in trillions in times to come. It is perceived as a great threat to humanity than nuclear or virus attacks. It is imperative that CPA or CA firms should be better equipped for such cybercrimes more now than ever as its prevention is a business necessity to keep their as well as their Client’s financial data safe.
As some of you might already know, that cybercrimes include various forms of computer related actions, e.g. cyber theft of personal info or monies from banks, cyber-attacks like viruses, ransomware, malware, adware, email phishing, password phishing are some other forms of e-diseases that impede one’s ability to function safely. The cybercriminals perceive financial data of value for extortion and protecting it vigilantly is now a priority.
CPA firms need to remember that there is no “one pill that cures all” solution to prevent all these cyber diseases and keep your practice digitally secure. Various modes of cybercrimes or attacks warrant corresponding various measures to maintain a formidable defence. Hiring a Computer consultant is the first step in this direction in order to have one’s practice evaluated for digital health check and data safety.
Due diligence on part of your firm employees is also equally mandatory these days and relying on digital safety measures may not be alone enough. Their education is of vital importance in order to assure success of the technological solutions that you might put in place like antivirus software, daily data backups, firewalls, encryption, strong password protection and web browsing rules. If an employee unintentionally or carelessly becomes victim of cyber criminals, by way of an email phishing attach or social engineering, by getting induced into clicking links that could affect the entire office network or the data on a computer. This is why security awareness training for yourself and your employees is essential.
You can have the most up-to-date software and technology deterrents in place, but in reality, you are always one click away from data loss. We at GJM discuss all new methods being used by cybercriminals with clients to keep them informed of threats. We ourselves, as well as ask our clients as employers to, teach their employees to PAUSE, WATCH & BROOD—and avoid clicking links that are unknown. Common sense and information are a business owner’s most valuable assets in the war against cybercrime.
Let’s briefly talk about certain areas of your digital management that need quick attention:
1. Email Security:
One of the biggest threats today for majority of the companies, emails need to be secured against phishing attacks. Emails need to be protected from unauthorized access, one of the ways being enabling a two factor authentication, which most email services like Gmail, Microsoft etc. offer easily. It is imperative to use a reliable email service provider.
2. Internet Security:
Surfing the internet, though so fascinating with the amount of information available these days, can lead one to compromised websites, clicking through which can infect your network with viruses or malwares. It is necessary to have installed latest security patches onto your office computers and laptops. Install a firewall router with gateway antivirus, gateway anti-malware, and intrusion protection to stop the virus before it gets into your private network. Subscription to a good antivirus program that provides a plug-in to your browser will help you qualifying safety of websites and thereby prevents your system from any infections.
3. Remote Access:
While you work from the safety of your home these days and in times to come, your work data should be centralized in a secure work space, suitably guarded with physical and logical protections, and enable access to you and your employees only through a secure virtual private network (VPN).
4. Data Security:
Transferring financial data using just a USB drive isn’t a secure way. You need to assure your USB drive is one that offers data encryption built in and one which additionally requires a password for access. Good USB drives offer self-destruction alternatives if password for access is entered incorrectly multiple times. Some of our accountant friends who transport their clients QuickBooks or Tally data over a simple USB drive to and fro from their client office believing their QB or Tally files unencrypted and believing they are password protected, are unaware that there are tools available to hackers today to read or wipe off passwords to such financial data files and access them easily. So it is very important to protect your and your client’s financial data. Further, Laptops are another security problem. Laptop hard drives should be encrypted. Also, disposal of computer equipment should be carefully handled to assure there is no financial data left over.
5. Wireless Security:
Wireless access into your network needs to be protected. Of course, use passwords, but a guest network should be set up for visitors to your office that need internet access. This prevents any guest user access to the computers and resources on your network. This is especially needed in case one of those laptops or devices used by the guest is infected.
6. Data Backups:
Despite all measures in place digitally, a ransomware can still affect your system and network and hijack all your data. Your only recourse in such a situation is having a good data backup system in place. There has to be daily back up happening of the data on to a secure office system. Any CPA or CA firm that doesn’t protect itself by way of real time or periodic backups is setting itself up for an eventual catastrophe. Virtualization of a computer or server makes a virtual software photocopy of your system which can then be brought to life rather quickly with an accompanying virtual host environment. This is a key part of any Backup Disaster Recovery plan and is the best solution for business continuity and minimizing system downtime. A backup is a must for any CPA/CA firm to assure their clients’ accounting data isn’t lost. We need to realize that Cybercrime is with us and will remain. We need to be safe, vigilant and smart and always have backups.
For any CPA/CA firm or for that matter any business, which has questions pertaining to cyber security and data protection, feel free to write to us at info@gjmco.in or Schedule a Call, in order to share our journey and experience in achieving a pragmatic cyber secure work environment.