Cyber-Security for Working Remotely

CAMICO's recent cyber claims experience shows that the cyber-security of employees working remotely has not been as effective generally as cyber-security in an onsite office location. The lower security is being exploited by hackers, many of whom are increasing their ransomware demands.

Another result is that claims for false tax returns are being filed more frequently. With the tax deadline extended to July 15, hackers have more time to design and deploy social engineering techniques to trick users into clicking on links, attachments, pop-ups, and other malware carriers. Many ransomware attacks are launched just before a tax deadline, with a high frequency of attacks on CPA firm email systems. Now is the time to tighten cybersecurity.

Here is a checklist of tips to help safeguard your firm from ransomware and other malware:

  • Educate, train and frequently remind firm staff members about good cyber-hygiene and avoiding phishing attempts. Annual training sessions are not enough to keep good cyber habits a priority for staff, who should be regularly reminded to avoid human errors such as clicking on links, attachments, PDFs, WAV files, pop-ups, and other potential malware carriers. By going directly to a website for information or confirmation, or making a phone call to verify an email, staff will reduce many of the cyber risks plaguing firms.

  • Regularly update and patch the security software (anti-virus and anti-malware) on all devices (laptops, tablets, phones, etc.). Updated software will help to recognize and block the newer threats and hacking campaigns.

  • Ensure that proper and adequate backups are performed frequently. Secure the backups in a remote or external location (such as the cloud) where they are safe from ransomware that seeks out backup copies. The more frequent the backup (daily vs. weekly), the less time and work that will be lost in the event of a ransomware attack or other security incident, or a physical incident such as a fire or flood.

  • Use strong passwords that contain a mix of special characters, numbers and letters. Avoid using the same password on multiple devices or accounts. Change passwords regularly and/or use a password manager.

  • Set up a virtual private network (VPN) with multi-factor authentication for a strong defense. This creates an encrypted tunnel for your internet traffic and prevents it from being seen by third parties.

  • Call to verify email requests for changes to tax refund destinations or wire transfers of funds. Do not rely on email replies.

  • Have an IT consultant work with the firm on cyber-security and an incident response plan. In the event of a suspected breach, the consultant can work with the cyber insurance carriers, advisers and attorneys to help minimize losses.

To learn more about CAMICO’s loss prevention services and professional liability insurance, visit

Share this post

Latest Articles

  • 19 Aug

    Do You Believe You Will Never Be Sued?

    Some CPAs believe that they will never be sued and therefore believe they do not need professional liability or other forms of insurance. The reasons for this position vary, but some common ones include, "I don't make mistakes," "All of my clients are friends," or "I do tax work only." The... read more

  • 27 Jul

    Exclusive Policyholder Benefits

    Risk management services and resources to help you with today's practice challenges

    CAMICO knows that insurance alone is not a solution for reducing risks. That's why you have access to CAMICO’s proven approaches that have helped numerous CPA firms manage risk and avoid claims.... read more

  • 27 Jul

    War Story 117 - Ransomware Attack

    A staff member of a mid-size CPA firm logged into a public wi-fi network at a coffee shop and spent the morning working on firm files while on the public network. A few days later the employee received an email message from a hacker stating that a ransomware attack had encrypted all of the... read more