Another result is that claims for false tax returns are being filed more frequently. With the tax deadline extended to July 15, hackers have more time to design and deploy social engineering techniques to trick users into clicking on links, attachments, pop-ups, and other malware carriers. Many ransomware attacks are launched just before a tax deadline, with a high frequency of attacks on CPA firm email systems. Now is the time to tighten cybersecurity.
Here is a checklist of tips to help safeguard your firm from ransomware and other malware:
- Educate, train and frequently remind firm staff members about good cyber-hygiene and avoiding phishing attempts. Annual training sessions are not enough to keep good cyber habits a priority for staff, who should be regularly reminded to avoid human errors such as clicking on links, attachments, PDFs, WAV files, pop-ups, and other potential malware carriers. By going directly to a website for information or confirmation, or making a phone call to verify an email, staff will reduce many of the cyber risks plaguing firms.
- Regularly update and patch the security software (anti-virus and anti-malware) on all devices (laptops, tablets, phones, etc.). Updated software will help to recognize and block the newer threats and hacking campaigns.
- Ensure that proper and adequate backups are performed frequently. Secure the backups in a remote or external location (such as the cloud) where they are safe from ransomware that seeks out backup copies. The more frequent the backup (daily vs. weekly), the less time and work that will be lost in the event of a ransomware attack or other security incident, or a physical incident such as a fire or flood.
- Use strong passwords that contain a mix of special characters, numbers and letters. Avoid using the same password on multiple devices or accounts. Change passwords regularly and/or use a password manager.
- Set up a virtual private network (VPN) with multi-factor authentication for a strong defense. This creates an encrypted tunnel for your internet traffic and prevents it from being seen by third parties.
- Call to verify email requests for changes to tax refund destinations or wire transfers of funds. Do not rely on email replies.
- Have an IT consultant work with the firm on cyber-security and an incident response plan. In the event of a suspected breach, the consultant can work with the cyber insurance carriers, advisers and attorneys to help minimize losses.
To learn more about CAMICO’s loss prevention services and professional liability insurance, visit www.camico.com.