Cyber Best Practices for Remote Work

What cyber best practices does CAMICO recommend for remote work, given the pandemic’s "new normal?"

The sudden transition to accommodate employees working remotely in response to the pandemic had many CPA firms rushing to establish or update their policies and security protocols to address working remotely, given the security challenges not present in traditional office environments.

Many firms are opting to offer staff more permanent remote work arrangements. CAMICO is encouraging these firms to revisit their written policies and security protocols to assess their specific threats, risks, and vulnerabilities to ensure that appropriate safeguards are in place to address the new paradigm.

When evaluating the propriety of a firm’s policies and security protocols in light of the new remote work environment, first assume that threats will occur. Assuming that threats will occur can be a difficult pill to swallow, especially for firms that do a good job of securing their on-premises infrastructure. However, potential vulnerabilities exist within the infrastructure and applications employees use to work remotely.

Although not meant to be all-inclusive, the following basic best practice measures for firms continue to be extremely critical given remote work’s increased cyber exposure:
  • Ensure all software has the latest security options/patches. This will help protect against malware, viruses, and hacker attacks.
  • Frequently back up all important data and information and verify your backups. Regular backups reduce the likelihood that critical data is lost in the event of a cyber- attack. Protect the backups in all remote and external locations, outside of your network, where they are safe from ransomware that targets backup copies. Periodically verify that your data backup process is working properly to assure that your data will be recoverable were a crisis to occur.
  • Require employees to change and strengthen passwords frequently. Systems are only as secure as the passwords used to access them.
  • Use multi-factor authentication. This can add an extra level of security to help prevent an account hack, especially when employees work remotely.


And remember, even the best employees can become complacent about adhering to cybersecurity best practices when working remotely. Setting clear rules to govern how employees work remotely is an important step in managing remote access threats. Claim trends show that employees are the weakest link and the first line of defense against most, if not all, cybersecurity attacks. Special attention should be given to ensure that your firm continues to prioritize appropriate firm-wide cybersecurity awareness training.

Although not meant to be all-inclusive, firms should enforce the following basic best practice measures for remote employees:
  • Maintain strong work-from-home cyber hygiene. Adhere to the firm’s policies and cyber protocols when working remotely (e.g., machine use restrictions, WiFi passwords, virtual private network (VPN), firewalls, properly secured router, etc.) In addition to strong WiFi passwords, the wireless router should be no more than five years old and frequently updated with latest firmware updates.
  • Slow down to avoid being yet another "phishing scam" victim. Take the time necessary to validate suspicious or unexpected email. And do not click a link, pop-up or attachment without first hovering the cursor over the link to display the URL to assess its legitimacy. If there is an urgent call to action, rather than clicking on a link, consider a different way to validate the request, such as calling to get verbal confirmation that the communication is legitimate, or going directly to the purported sender’s URL.
  • Power down computers when not in use, whether in the office or when working remotely. Computers are not accessible to attacks or intrusions when powered off.
  • In the event of a potential cyber security “incident,” immediately inform the appropriate parties within your firm. Examples include, but are not limited to, unauthorized use, malicious code, compromise of confidential client information, unauthorized disclosure or loss of information, information security breach, etc. Remote work has inherent security risks. However, firms will certainly be better positioned to mitigate these risks by adhering to these basic best practices and proactively refining their policies and security protocols to encompass the unique security challenges of remote work arrangements.

Share this post

Latest Articles

  • 12 Jul

    Malpractice Risks Increase During Difficult Economic Times

    In CAMICO's 35 years of experience, economic conditions have had a significant impact on CPA professional liability claims. In light of the current economic challenges, now more than ever, CPAs will need to be prepared and vigilant to minimize the potential of additional liability exposure... read more

  • 09 Jul

    Creditworthiness Verifications and PPP Loans

    CPA firms receiving requests from lenders for creditworthiness verifications for clients who had requested Paycheck Protection Program (PPP) loans were often unsure of how to respond. The advice CAMICO gave CPAs assisting their clients with PPP loan applications is valid for similar circum... read more

  • 07 Jul

    War Story 119

    Subject: Business Management Services; Wire Transfer Fraud

    John Duval, CPA, had been engaged for several years by a high-net-worth client, Ed Robertson, who developed commercial and residential real estate. Duval provided business management and bill-paying services, which inclu... read more

  • 07 Jul

    Recognizing the Signs of Elder Abuse

    By Randy R. Werner, J.D., LL.M./Tax, CPA

    The elderly population in the U.S. (those 65 and older) is projected to grow to 80 million by the year 2050, and the incidence of elder abuse, including the hard-to-detect financial and material exploitation perpetrated against ... read more