In a central office, accounting firms can more easily maintain control over how their team members manage sensitive client data. But when teams transition to a hybrid or work from home environment, control via proximity evaporates and additional risks can arise.
Luckily, there are some simple policies, settings, and tools that firms can deploy to significantly reduce their risks. In this article, we share our top 11 free and low-cost tips for doing this. But first, it’s important to understand...
What’s the risk with work-from-home anyway?
While many accounting teams are discovering that working from home can be easier than they first thought, it does come with some additional risks. These arise because:
Home IT environments tend to be a lot less secure than business IT environments.
- Home devices tend to have multiple users who may be downloading unsafe programs hidden in browser extensions, movies, software, etc.
- Home computing practices tend to be less strict. For example, many people save passwords in browsers or keychains on their personal devices.
Each of these two factors causes a “blending” of data between home and business use. This introduces risks for the business and your client data.
Measures to Improve Data Security
Here are 11 insights to help mitigate the risk of work-from-home team members.
1. Where possible, have staff use a dedicated business computer at home.
Home computers tend to harbor more cyber threats. These are relatively innocuous if all you’re doing is watching Netflix and playing games. However, they can become a serious risk if business data becomes exposed.
Where practical, the best solution is a dedicated business machine for each team member. However, if this isn’t immediately practical and some team members must use their own devices. If that is the case, then...
2. Have every team member run a malware scan on their home computer. (Free or Low-Cost)
We recommend getting every team member to run a malware scan on their home computers with software such as Malwarebytes.
Malwarebytes works on both PCs and Macs. Additionally, the program offers a 14- day free trial that allows a thorough scan to be run at no cost.
You may be surprised what gremlins this initial malware scan uncovers. Recently, we saw a home computer scan return 220 threats and viruses on one machine.
3. Ensure your team is aware of security best practices. (Free)
Teaching your team security best practices is one of the best free risk mitigation actions. A good place to start is to share this article internally. Also, make sure that team members know what scams are going around at the moment, and know how to identify common phishing emails and scams.
Here is a blog article on an email scam and how we identified it.
4. Download a separate browser for work use. (Free)
If team members must use their home computer, download a separate browser for work use. For example, if you tend to use the Chrome browser at home, download Firefox or Brave for work.
Browsers themselves tend to be quite secure. It is the browser plugins and extensions that can introduce threats. By using a separate work browser, you quarantine your browsing from home-use plugins.
Browser plugins and extensions from reputable organizations (e.g., Google) are safe, but be wary of other extensions that may reset or control browser settings in the background to steal your data.
5. Never save business passwords on your personal computer, browsers, or keychains. (Free)
Never save business passwords on your personal computer, or indeed in any browsers or keychains. One risk is that these passwords will be captured by keylogging software. Another is that these methods may make your passwords available on any connected device.
6. Clear out your Downloads Folder and Recycle Bin daily. (Free)
Over time, your downloads folder can accumulate a cache of sensitive client information. We recommend clearing out your downloads folder and recycle bin on a regular basis. In a business setting, we recommend a 14-day clear-out rule, but for home computers, we suggest once daily.
7. Consider setting up a dedicated business internet connection for work. (Low Cost)
The advantage of a dedicated business internet connection is two-fold. Firstly, it preserves bandwidth for business purposes such as video calls. Secondly, it cordons off your business internet traffic from home internet traffic.
8. Install a firm-wide password management tool such as Practice Protect. (Low Cost)
The above tips are all useful and important but there’s really no way to ensure that all of them have been actioned across your whole firm. A tool like Practice Protect’s Access Hub (book a free Demo here) encrypts passwords and shields them from being captured by keyloggers, phishing attacks and other schemes.
9. Implement a Geofencing Policy.
This is a setting that can be switched on centrally, which will automatically restrict login attempts from overseas. Most cyber-attacks originate from overseas and this is a useful policy to shut down much of the risk.
For firms that have implemented Practice Protect, a free geofencing tool is available.
10. Use a policy and tool that locks out access during unusual time periods.
Similarly, a useful policy is to lock out app access during unusual time periods (e.g., 10 PM to 5 AM) when you wouldn’t expect team members to be logging in. This is another free tool available for firms that implement Practice Protect.
11. Implement a Work-From-Home Policy and a Data Security Plan. (Free)
Implementing a formal Work-From-Home Policy is a crucial step. A firm-wide policy not only sets expectations but also limits your liability in the event of a data breach.
Additionally, having a Data Security Plan in place ensures your firm remains compliant with government mandates on keeping data secure. Get a free Data Security Plan template here.
What steps should you take next after reading this article?
While reading about the above tips will significantly reduce your risk, if data is breached while your team is working from home, the first thing an insurer will look for is evidence that the employee knew what to do in the first place. If you can’t demonstrate that such guidance was in place, your insurance policy may be rendered useless.
For some firms, working from home is already normal behavior. However, it’s still important to reduce the risks, whether your staff have been working from home for years or are starting to explore remote work.
To mitigate your cyber risk, take these three action steps.
1. Circulate this article firm-wide
2. Put in place all free suggestions listed above
3. Implement as many low-cost recommendations as possible, and budget for the rest
Finally, as a reader of The Woodard Report, we encourage you to book a free security consultation. Our team will be happy to analyze your current team setup and propose concrete suggestions for closing off risks and ensuring your team is able to work efficiently and productively, wherever they may be.
Do you have questions about this article? Email us and let us know > email@example.com