Latest News

The Rise of Cybercrime in the Accounting Profession Continues
The July 15 tax filing deadline is finally behind you. Now is the perfect time to address the growing number of cyberattacks still taking place in the accounting industry.  Many accounting...
Read More >>

IRS Says Companies Are Responsible for Deferred Payroll Taxes
The Internal Revenue Service said companies will be responsible for collecting and paying back any deferred payroll taxes under a directive by President Donald Trump aimed at helping workers while...
Read More >>

Guidance Issued on Payroll Tax Deferral
The IRS issued much-anticipated guidance on the payroll tax deferral that was ordered by President Donald Trump in a presidential memorandum on Aug. 8 (Notice 2020-65). The notice allows employers to...
Read More >>

Will PPP Fraud Turn into the Next Wave of 'Liar's Loans'?
In April, Andrew Marnell of California applied for millions of dollars of loans in federal assistance through the Paycheck Protection Program. Based on his applications, Marnell received...
Read More >>

IRS Issues More Bonus Depreciation Rules
The IRS issued final regulations (T.D. 9916) providing guidance on additional first-year (bonus) depreciation under Sec. 168(k), which was amended by the law known as the Tax Cuts and Jobs Act, P.L....
Read More >>

View News Archives >>

10 Cybersecurity Practices That Create the Best Remote Environment

Published on September 14, 2020

As firms work remotely and cloud applications and security become more important than ever, accountants should be thinking about cybersecurity in new ways. As they say, the best defense is a good offense. But what may have worked in the past to protect you from hackers and other security threats is likely no longer sufficient as methods of attack become increasingly more sophisticated. There are, however, many cybersecurity strategies and controls that accounting firms can implement in order to significantly reduce the likelihood of a successful attack and minimize the resulting damage if attackers do gain access to systems. Here are some.

Password requirements
Passwords are the first line of defense against illegal access to systems and information. You need strict requirements for employee passwords that ensure length, complexity and randomness. A system wide requirement should also mandate that employees change their passwords at frequent intervals.

Multifactor authentication policy
Multifactor authentication is one of the best ways to prevent unauthorized access to email accounts and systems. A multifactor authentication policy requires a user to have two pieces of information to gain access, not only a password. This prevents attackers from gaining access even if user passwords or credentials have been compromised.

Role-based action control
Role-based access control is a neutral access policy that restricts every user’s access rights solely on the basis of the role played in the organization, granting specific access to specific roles. Also known as a zero-trust model, this approach restructures access within your firm’s systems based on a “never trust, always verify” philosophy targeted at preventing improper access.

Strong encryption at rest and in transit
Strong encryption is crucial to protecting your data from outside eyes, and you need to be sure that your data is secure regardless of where it is or how it’s being used. Encryption must exist when data is at rest, or simply residing in your system, as well as when it’s in transit, or moving from one location to another. Equally important is knowing who has access to the encryption keys at all times.

Patch management and regular vulnerability scanning
A crucial aspect of security is always knowing what systems are connected to your network and ensuring they are up to date. Regular vulnerability scanning will identify those systems for you, along with any potential vulnerabilities in them. Patch management pinpoints and installs any patches that are missing, confirming that your devices and systems always meet the most current security standards.

Network architecture and boundary protections
Preventing attacks requires understanding the structure of your systems and networks. Network architecture is the physical components of your technology stack and how they are configured, organized and interconnected. Boundary protections are processes for monitoring and controlling communications at the external boundaries of the network to prevent infiltration.

Audit logs
Spotting anomalies in networks and systems requires keeping detailed records of all activity. Audit logs are critical to collecting information on security incidents in order to analyze them, reverse-engineer the attack to identify vulnerabilities and determine whether changes are needed going forward.

Proactive security monitoring with AI behavior-based protection
Proactive security monitoring is crucial to detecting threats before they wreak havoc on your systems. Behavior-based security measures that incorporate advanced AI and machine learning are designed to proactively monitor all activities in order to identify anomalies and deviations from normal patterns and offer a protective response as soon as anything is detected.

Third-party audits and penetration tests
Cybersecurity threats aren’t limited to your own systems. Most accounting firms work with several third-party vendors, including cloud providers, which offer alternate avenues of access to firm systems. Firms should regularly audit those third parties to ensure that their security measures meet firm standards, including running penetration tests to probe if the third party’s defenses are sufficient to notice and prevent simulated attacks.

Backups and other resilience planning
If an attack happens, firms need to have a plan for recovering both data and applications. This requires having backups in place, but your strategy should go even further. IT resilience planning involves implementing tools and applications that will automatically take the necessary steps to protect your data and systems as soon as an issue arises, before backups are even necessary.
(Source: AccountingToday – Best of the Week – August 29, 2020)