News
The Importance of Securing Business Data in Remote Work Environments
2020-09-10 | by Gene B. Reynolds, CPA
Recent industry studies on fraud and data protection have indicated that small businesses are most at risk for cyber attacks. This is typically because small businesses cannot dedicate as many resources to cybersecurity, many small businesses store data in an unsecured manner, and cyber attackers can more easily advance their schemes through methods such as phishing.
This year, cyber attacks have been on the rise against small businesses during the COVID-19 global pandemic. Attackers have taken advantage of the workforce transition with many employees working remotely or at home.
According to new data released by Microsoft, the attack volume spiked to nearly 1.0 million total per day against all types of businesses during the very early stages of the workforce transition in March.
And, according to an IBM Security survey, 40 percent of small business owners believe they were targeted by malicious coronavirus-related attacks, most prominently in the form of phishing schemes and spam emails.
Now that we’re on the other side of the initial health crisis event, the obvious conclusion for small business owners is to proactively take steps to secure data to prevent future attacks. However, there is the human element that is commonly overlooked to secure small business data that cyber attackers attempted to exploit.
The Importance of Alertness to Cyber Attacks
Many small businesses were unprepared to make a sudden transition to their teams exclusively working from home. Whether it was lacking equipment (e.g. laptops and monitors), IT support, remote access to data, or the overall infrastructure to support heavy work-from-home scenarios, small businesses were left exposed from a technological perspective.
During the rush to maintain productivity, especially as revenue streams were drying up and business continuity was a real concern, businesses may have overlooked the need to provide education to their employees on how to safely and securely perform the work outside of the typical work environment.
The human side of needing to secure small business data is precisely what cyber attackers were looking to exploit.
During the initial stages of the workplace disruption, many employees were simply trying to figure out their work set-up, when they could work, whether childcare was available for their children, whether schools were going to close, where they could find essential home supplies, and where to find groceries and meals. Nevermind worrying about a cyber attack.
That left many employees in a small business vulnerable to phishing and email attacks that were prevalent in the early stages of the coronavirus, such as imitating government agencies promising COVID-19 relief.
- According to the IBM survey, 45% of consumer respondents reported receiving an unsolicited email related to COVID-19.
Unfortunately, many employees were unprepared for these types of attacks. According to a new report from the Cyber Readiness Institute (CRI), their research indicates that small businesses spent less time focusing on cybersecurity education during COVID-19 compared to larger businesses. Believing that because they are small and not on the radar of cyber attackers, small businesses spent a disproportionate amount of time educating employees on how to support data integrity.
- 89% of surveyed small businesses moved toward a remote workforce during COVID-19.
- Only 31% of small business owners with less than 10 employees increased their cybersecurity concerns.
“For malicious actors looking for vulnerable targets, small businesses remain a primary target, particularly during the COVID-19 pandemic,” said Kiersten Todt, executive director of the CRI. “Small businesses can make themselves resilient against common attacks, such as phishing, by focusing on employee education and awareness and creating a culture of cyber readiness within the organization.”
The Importance of Education on Cyber Attacks
Protecting small business data comes down to education. While it’s easy to assume that everyone knows how to identify and avoid phishing attacks, the level of sophistication can trick even the savviest individuals in your company.
The IBM report includes important information on how to reduce the risk of employees being victimized by phishing attacks and other schemes that could expose your business data and leave your business vulnerable.
- Don’t automatically click on links in emails.
- Don’t open attachments from unknown sources.
- Do not engage with unsolicited electronic communication related to COVID-19.
- Be advised of strange wording, grammar, and typos in emails from bad actors.
Businesses can support their employees on the back-end by proactively installing software updates and patches to protect system vulnerabilities. IBM also recommends using multi-factor authentication (MFA) for any situation that requires remote access to critical data such as financial records, bank statements, or credit card accounts.
The key is being proactive to help employees remain vigilant and aware, especially if many employees continue to work from home the remainder of this year. While cybersecurity attacks peaked in March during the very early stages of the workforce transition, cyber attacks continue to be a real threat, especially against small businesses.
“The data and intelligence should remind us that there is no honor among thieves. Cyber criminals will continue to view times of uncertainty as an opportunity, seeking new ways to exploit targets when they have their guard down,” IBM noted in their report.
Support for Securing Small Business Data
Our CPA firm is proactively involved in securing data for our clients. In 2017, we switched to a more secure server to better serve our clients’ needs during standard business activity and during disaster events such as COVID-19.
We also continuously monitor data security implications for small businesses to stay ahead of the curve protecting the integrity of business and financial records. Through our commitment to data security, we can work with your business in specific ways:
- Help identify troublesome areas.
- Discuss specific events that affected your business during COVID-19.
- Strategize solutions to protect business data when accessed by employees in work-from-home scenarios.
We invite you to contact our CPA firm to discuss the data security needs of your small business. Reach out to us through our website contact form, by calling 713-316-4560, or via email at info@ReynoldsCPAFirm.com.
About the Author
Gene B. Reynolds, CPA
Gene is the Founder and President of Reynolds and Associates, a Houston-based CPA Firm. He has spent 42 years helping Houston entrepreneurs navigate their enterprises through both calm and stormy waters.