Cyber-Security for Working Remotely

CAMICO's recent cyber claims experience shows that the cyber-security of employees working remotely has not been as effective generally as cyber-security in an onsite office location. The lower security is being exploited by hackers, many of whom are increasing their ransomware demands.

Another result is that claims for false tax returns are being filed more frequently. With the tax deadline extended to July 15, hackers have more time to design and deploy social engineering techniques to trick users into clicking on links, attachments, pop-ups, and other malware carriers. Many ransomware attacks are launched just before a tax deadline, with a high frequency of attacks on CPA firm email systems. Now is the time to tighten cybersecurity.

Here is a checklist of tips to help safeguard your firm from ransomware and other malware:

  • Educate, train and frequently remind firm staff members about good cyber-hygiene and avoiding phishing attempts. Annual training sessions are not enough to keep good cyber habits a priority for staff, who should be regularly reminded to avoid human errors such as clicking on links, attachments, PDFs, WAV files, pop-ups, and other potential malware carriers. By going directly to a website for information or confirmation, or making a phone call to verify an email, staff will reduce many of the cyber risks plaguing firms.

  • Regularly update and patch the security software (anti-virus and anti-malware) on all devices (laptops, tablets, phones, etc.). Updated software will help to recognize and block the newer threats and hacking campaigns.

  • Ensure that proper and adequate backups are performed frequently. Secure the backups in a remote or external location (such as the cloud) where they are safe from ransomware that seeks out backup copies. The more frequent the backup (daily vs. weekly), the less time and work that will be lost in the event of a ransomware attack or other security incident, or a physical incident such as a fire or flood.

  • Use strong passwords that contain a mix of special characters, numbers and letters. Avoid using the same password on multiple devices or accounts. Change passwords regularly and/or use a password manager.

  • Set up a virtual private network (VPN) with multi-factor authentication for a strong defense. This creates an encrypted tunnel for your internet traffic and prevents it from being seen by third parties.

  • Call to verify email requests for changes to tax refund destinations or wire transfers of funds. Do not rely on email replies.

  • Have an IT consultant work with the firm on cyber-security and an incident response plan. In the event of a suspected breach, the consultant can work with the cyber insurance carriers, advisers and attorneys to help minimize losses.

To learn more about CAMICO’s loss prevention services and professional liability insurance, visit

Share this post

Latest Articles

  • 29 Oct

    CAMICO and CPA Mutual Reach Agreement

    CAMICO and CPA Mutual Conclude Agreement to Transfer Accountants Professional Liability Insurance Program to CAMICO

    CAMICO, the nation's largest CPA-owned and directed program of insurance and risk management for the accounting profession, has reached an agreement with CPA... read more

  • 02 Oct

    Navigating Complex Conflicts of Interest

    While potential "conflict of interest" issues often arise because of married clients getting a divorce, other types of "splits" that may involve a dispute among shareholders, LLC members, partners and beneficiaries also present potential conflict-of-interest situations. The latter scenario... read more

  • 19 Aug

    Do You Believe You Will Never Be Sued?

    Some CPAs believe that they will never be sued and therefore believe they do not need professional liability or other forms of insurance. The reasons for this position vary, but some common ones include, "I don't make mistakes," "All of my clients are friends," or "I do tax work only." The... read more