Date posted: 26/03/2020 5 min read

Guarding against cyber-attacks while working from home

Remote working will help curb the spread of COVID-19, but firms must also protect their staff from computer-borne viruses.

In Brief

  • The massive number of people working from home is making businesses more vulnerable to cyber attacks.
  • The ACCC’s Scamwatch service has received 94 reports of coronavirus-related scams this year and expects that number to rise.
  • Businesses should protect their systems with multi-factor authentication and ensure work is backed up.

By Beverley Head

Accountants around the world are working with their clients to keep their people safe and their businesses intact. Increasing numbers are working from home to rein in the spread of the coronavirus – but firms need to be just as diligent about guarding against computer viruses and cyber-attacks.

Since the start of the year, the Australian Competition and Consumer Commission’s (ACCC) Scamwatch service has received 94 reports of coronavirus-related scams and it warns that the number is escalating.

Phishing scams have included emailed attachments with information about coronavirus “cures” that load malware onto people’s computers – or straightforward rip-offs where people are invited to pay online for facemasks that never arrive.

‘Rush hour’ for threat actors

Simon Howe, vice president of Asia Pacific Sales for cybersecurity software developer LogRhythm, describes the pandemic as triggering “rush hour for the threat actors” and warns CAs and their clients to be particularly vigilant about clicking on links or opening attachments.

"Instead, find your information through trusted sources – government websites and known media sources," Howe says.

It’s critical that accounting firms remind staff and clients about the rising risk of cyber-attack, and the need for good computer hygiene, says Ashley Diffey, country manager for identity management vendor Ping Identity.

In particular, he warns people working from home not to automatically assume that an email that looks like it has come from the CEO did come from the CEO.

“We know that hackers and bad actors masquerade as CEOs and ask you to click on a link and provide some details,” he says. Instead, it’s critical that people double-check if there is any doubt about the sender's identity.

“We know that hackers and bad actors masquerade as CEOs and ask you to click on a link and provide some details.”
Ashley Diffey, Ping Identity

In terms of which sectors are most at risk, data breach statistics from the Office of the Australian Information Commissioner suggest that the health sector and finance firms are most often targeted by cyber-attacks. That seems unlikely to alter during the pandemic.

Security for online border crossing

Queensland may now have shut its physical borders to protect citizens, but the virtual world is still open, says Chris Shay CA, a director of Queensland-based accounting firm Viden. Its local accountants in south-east Queensland work with a team based in Delhi – many of whom are now starting to work remotely, with their access to systems protected using multi-factor authentication which confirms a users' bona fides before they can log onto the system and access confidential client data.

Shay says the firm's offices in Australia remain open for the moment, but Viden personnel – especially those who are older or have young children or vulnerable family members at home – are starting to work remotely and using Microsoft Teams to collaborate and communicate.

Viden's IT group is also supporting clients with practical insights about how to stay safe working remotely, and how to download tools such as Zoom so that they can stay in contact.

Simple steps to cybersecurity at home

LogRhythm's Howe recommends people use their work computer rather than a personal device to work from home, and connect to company systems using a virtual private network if possible.

If not, and people have to use the home WiFi, he recommends changing the default name of the router and choosing a strong password at least 20 characters long.

For people taking work computers home, it's important to remind family members that unlike the household's iPad, it's not something that can be used by anyone else to watch a movie or access the internet, says Diffey.

“You can also enable network encryption on WiFi – take the time to check the settings on the wireless router, choose WPA2 if available, turn off broadcasting and keep the router software up to date,” Howe adds.

David Smith FCA, founding director of Smithink and a former president of the Institute of Chartered Accountants in Australia, says that the priorities for CAs and their clients now working from home should be:

  • Ensure the machine you are using at home has name-brand malicious software scanning installed to stop viruses and protect you from intrusion
  • Maintain good cyber hygiene and use two-factor authentication to access core systems and maintain the security of your and your clients' personally identifiable information
  • Protect your and your clients' data. Cloud-based accounting platforms offer some protection, but don't be tempted to download data or documents to an unsecured home hard drive
  • Ensure any work is properly backed up – if you are subject to a ransomware attack a recent back-up is the surest way to restore operations.

Resources:

For more information on securely working from home and your responsibilities visit:

SANS Institute home deployment kit

Read more

Xero blog “10 tools to support your accounting practice’s business continuity planning”

Read more

Office of the Australian Information Commissioner “Coronavirus (COVID-19): Understanding your privacy obligations to your staff”

Read more

Coronavirus (COVID-19) resources

Coronavirus (COVID-19) presents challenges for businesses. Find out more about the disease and its impact on workplaces and businesses.

Click here for essential weblinks

7 critical tips for leading teams from home

The global jump to working from home amid the COVID-19 pandemic will test leadership, communication skills and empathy.

Read more

10 emerging business impacts of coronavirus

Find out how coronavirus is affecting businesses in Australia – and what to do about it.

Read more

7 key points to discuss with clients during COVID-19 shutdowns

Share this COVID-19 business checklist with clients to help them navigate these uncertain times.

Read the COVID-19 business checklist

COVID-19 Is it time to pause or close up permanently?

With the COVID-19 shutdowns biting, clients are looking for advice on whether to press pause or exit a business entirely.

Read more

How to strategise business survival in the COVID-19 pandemic

For many businesses, a pandemic can derail company strategy and cause a range of unforeseen challenges. So how should organisations respond?

Read more

Mental health for CAs in challenging times

Your clients are anxious, all your family is working from home, and the beach is shut. How do you stop yourself panicking?

Read more

We’re headed for recession but how far will we sink?

A key difference between the predicted recession and those of the past is this one hasn’t been caused by an economic shock.

Read more

Coronavirus relief measures in Australia

Sydney-based Raul Valois CA sent his clients this handy summary of the assistance available during the COVID-19 emergency.

Read more