Last month, the IRS extended the usual April 15 tax filing deadline to July 15. While this brings relief to those facing financial hardship due to the COVID-19 pandemic, it also extends the window of opportunity for cybercriminals to attack accounting firms.
As keepers of sensitive personal and financial information, accounting firms are prime targets for cybercriminals year round, but especially during tax season. Most fears lessen after the April 15 tax filing deadline passes because the volume of cyberattacks against accounting firms decreases after this date. This year, however, accountants likely won't receive relief so soon. Cybercriminals now have more time to plan and execute attacks on accounting firms maintaining a larger-than-normal volume of client information. As accounting firms implement work-from-home policies due to the effects of COVID-19, they must remain extra-vigilant against such cyberattacks.
So what to do?
Accounting firms are increasingly aware that they may fall victim to a cyberattack, especially now that most are working remotely during the COVID-19 crisis. Because of this, these firms must develop new security polices to address unique concerns caused by remote working and must continue to enforce existing security policies. It is also essential for employees to remain as alert at home as they are in the office.
While there is no panacea for preventing all cyberattacks, a few key preventative steps may decrease the odds of an attack:
- Utilizing multi-factor
authentication. Multi-factor authentication (MFA) provides
an additional layer of protection against unauthorized logins to
business accounts and platforms. MFA requires an additional login
step that confirms that the person attempting to login to company
systems and accounts is who they say they are. This provides an
extra layer of security against unauthorized users.
- Using strong
passwords. The importance of using strong, varied
passwords cannot be overstated. It is especially important during
periods of elevated risk to ensure users create different passwords
for every work and personal account, long passwords, and even
consider using passphrases for added complexity. Further, storing
these passwords in a secure, inaccessible location adds an extra
layer of protection.
- Email vigilance. One
of the most common cyberattacks is a business email compromise
(BEC). BECs often originate from incidents where employees enter
their login credentials in response to emails from purported
colleagues. Often these purported colleagues ask the employee to
enter their credentials into a malicious website that appears to be
legitimate. Employees should confirm that email addresses are
spelled correctly and confirm the legitimacy of any links included
in an email before clicking those links or providing the requested
information. If any emails look suspicious, employees should
contact their IT team immediately and never click on links or
provide the requested information.
- Consider your strategy for backups. With ransomware attacks on the rise, it is vital to have a strategy for creating backups of all vital applications and data on a frequent and regular schedule. In general, businesses that maintain effective backups often restore business operations quickly and efficiently. In addition, businesses with effective backups often avoid paying ransom in exchange for decryption keys.
Accounting firms must remember that the extended tax filing deadline creates both additional work and additional risk. Technical security measures and continued employee vigilance decrease the likelihood of a successful cyber attack