By Beverley Head

Accountants around the world are working with their clients to keep their people safe and their businesses intact. Increasing numbers are working from home to rein in the spread of the coronavirus – but firms need to be just as diligent about guarding against computer viruses and cyber-attacks.

Since the start of the year, the Australian Competition and Consumer Commission’s (ACCC) Scamwatch service has received 94 reports of coronavirus-related scams and it warns that the number is escalating.

Phishing scams have included emailed attachments with information about coronavirus “cures” that load malware onto people’s computers – or straightforward rip-offs where people are invited to pay online for facemasks that never arrive.

‘Rush hour’ for threat actors

Simon Howe, vice president of Asia Pacific Sales for cybersecurity software developer LogRhythm, describes the pandemic as triggering “rush hour for the threat actors” and warns CAs and their clients to be particularly vigilant about clicking on links or opening attachments.

"Instead, find your information through trusted sources – government websites and known media sources," Howe says.

It’s critical that accounting firms remind staff and clients about the rising risk of cyber-attack, and the need for good computer hygiene, says Ashley Diffey, country manager for identity management vendor Ping Identity.

In particular, he warns people working from home not to automatically assume that an email that looks like it has come from the CEO did come from the CEO.

“We know that hackers and bad actors masquerade as CEOs and ask you to click on a link and provide some details,” he says. Instead, it’s critical that people double-check if there is any doubt about the sender's identity.

“We know that hackers and bad actors masquerade as CEOs and ask you to click on a link and provide some details.”

In terms of which sectors are most at risk, data breach statistics from the Office of the Australian Information Commissioner suggest that the health sector and finance firms are most often targeted by cyber-attacks. That seems unlikely to alter during the pandemic.

Security for online border crossing

Queensland may now have shut its physical borders to protect citizens, but the virtual world is still open, says Chris Shay CA, a director of Queensland-based accounting firm Viden. Its local accountants in south-east Queensland work with a team based in Delhi – many of whom are now starting to work remotely, with their access to systems protected using multi-factor authentication which confirms a users' bona fides before they can log onto the system and access confidential client data.

Shay says the firm's offices in Australia remain open for the moment, but Viden personnel – especially those who are older or have young children or vulnerable family members at home – are starting to work remotely and using Microsoft Teams to collaborate and communicate.

Viden's IT group is also supporting clients with practical insights about how to stay safe working remotely, and how to download tools such as Zoom so that they can stay in contact.

Simple steps to cybersecurity at home

LogRhythm's Howe recommends people use their work computer rather than a personal device to work from home, and connect to company systems using a virtual private network if possible.

If not, and people have to use the home WiFi, he recommends changing the default name of the router and choosing a strong password at least 20 characters long.

For people taking work computers home, it's important to remind family members that unlike the household's iPad, it's not something that can be used by anyone else to watch a movie or access the internet, says Diffey.

“You can also enable network encryption on WiFi – take the time to check the settings on the wireless router, choose WPA2 if available, turn off broadcasting and keep the router software up to date,” Howe adds.

David Smith FCA, founding director of Smithink and a former president of the Institute of Chartered Accountants in Australia, says that the priorities for CAs and their clients now working from home should be:

• Ensure the machine you are using at home has name-brand malicious software scanning installed to stop viruses and protect you from intrusion
• Maintain good cyber hygiene and use two-factor authentication to access core systems and maintain the security of your and your clients' personally identifiable information
• Protect your and your clients' data. Cloud-based accounting platforms offer some protection, but don't be tempted to download data or documents to an unsecured home hard drive
• Ensure any work is properly backed up – if you are subject to a ransomware attack a recent back-up is the surest way to restore operations.

Resources:

For more information on securely working from home and your responsibilities visit: