When COVID-19 sent everyone home to a remote desktop, many companies did not have remote access systems in place. As a result, IT teams scrambled to deploy them amid chaos. It was no minor task, and many IT teams were unprepared for the massive shift to remote work. To no surprise, security flaws stemming from misconfigurations, reliance on insecure remote access protocols, and installations of outdated software were rampant.
Cybercrime during the COVID-19 Pandemic quadrupled. Cybercriminals, especially ransomware creators, set their sites on remote access vulnerabilities. One of the most common vulnerabilities happens when a remote user attempts to connect to a compromised server. The attacker can control the user’s device or gain a foothold in the system and maintain persistent remote access without anyone’s knowledge.
Every day remote access security issues are being discovered and addressed. For companies like professional accountants and CPAs that deal with sensitive information every day, it’s vital to understand best practices and do everything possible to mitigate your risks.
What is remote access?
In simple terms, remote access can access a computer or network from a remote location. Today, most users are using it from home. Access is established with either a local area network (LAN), wide area network (WAN), or virtual private network (VPN).
Businesses, like CPA firms, can use a remote desktop protocol to allow all the team members to access a single server with specialized accounting and tax software. This allows a firm to access client data from anywhere. The benefit is convenience and increased productivity. The team can collaborate on projects and remotely access securely stored documents and backed up in the office. The problem is many remote desktop protocols are far from secure.
Remote access protocol risks
To the surprise of many, most breaches occur through password protection failures. If a firm is not using multi-factor authentication, a hacker can make short work of one-layer password protection. Cybercriminals have access to billions of compromised credentials from past data breaches. They have an automated process that cracks weak single-layer password protection for them. They can often purchase access to compromised servers, steal information, impersonate CPAs, and even make fraudulent filings to the IRS.
Best practices to prevent a security breach
The good news is creating a sizable amount of friction to stop cybercriminals does not take a lot of effort.
- Set up a firewall and antivirus — Choosing a firewall that matches your organizations’ size is the first step in mitigating a remote access security failure.
- Set up IDS and IPS — IT security services offer intrusion detection systems (IDS) and intrusion prevention systems (IPS).
- Set up a VPN — A VPN is a must-have to access sensitive data remotely securely. If you have a business-grade firewall, it will typically have a built-in VPN.
- Multi-Factor Authentication — The single-layer password problem is eliminated with multi-factor authentication.
The final layer of protection for any professional services business that deals with sensitive client data are cybersecurity insurance. CPAs and accounting professionals are a favorite target for cybercriminals. Cyber insurance protects CPAs if a sophisticated hacker breaches the strongest cybercriminal defense measures.
McGowanPRO Professional Liability Insurance offers cybersecurity insurance to cover professionals if personal client information is stolen. Information security and privacy insurance are a must-have for professional services using remote access protocols to conduct business. Contact us today to learn more and get additional resources.