Preserving client confidentiality goes hand-in-hand with our work as accountants. We’re relied upon to keep our clients’ personal information secure and protect this information from unauthorized disclosure or public release. Within our firms, maintaining confidentiality is supported with the addition of secure networks with firewalls and blacklisted IP addresses, upgraded software, and high-level permission settings.

Unfortunately, in recent years, financial services organizations have been among the biggest targets for hackers. With most of us working remotely, our security measures may not be as secure as working in the office. Many remote employees regularly use personal devices for work, increasing the risk that sensitive information will become unsecure.

Whether it’s due to being distracted or fatigue, remote work challenges place us at risk of making poor decisions that threaten the security of confidential information. For example, perhaps we rush when sending an email, releasing confidential information to the wrong person or upload a document in the wrong location.

When we deal with a client’s financial information, trust is everything. Research shows that after a firm reveals it’s experienced a data breach, 64 percent of clients will likely move to a competitor. Even though data breaches are unintentional, clients expect to work with a firm that has a better history of security.

Let’s unravel the top five ways that remote employees can pose cybersecurity risks to our firms and what we can do to keep safe from cyberattacks.

#1) Phishing Schemes

Phishing scams are emails sent from attackers to fool employees into revealing confidential data or downloading a malicious attachment containing a keylogger. Hackers and cybercriminals can then access our network and our firm’s sensitive data.

Phishing is potentially the most significant cybersecurity risk that we’re facing during the COVID-19 pandemic. Since February 2021, there has been a 600 percent increase in reported phishing emails, many of them exploiting the pandemic’s uncertainty. Although email filters can often detect phishing emails, they are becoming so sophisticated that many are now making it straight into our primary inboxes.

#2) Weak Passwords

Even the best firewalls and other cybersecurity software are futile when employees use weak account passwords.

Modern security software is more difficult to crack than weak passwords, which is why hackers frequently try this avenue first. There are many different measures that hackers use to access poorly protected accounts, including bots. These computerized programs have code with different variants that continuously attempt to uncover a password – and are often successful unless the password is very complex. If they gain access, they will likely try to access other accounts using that same password. When employees have the same password for multiple accounts, there’s a higher risk of a hacking incident.

#3) Unencrypted File Sharing

From sending client account information to files and documents, working remotely increases the sharing of sensitive information between team members. Encrypting data sent from one device to another is just as important as encrypting data stored on a network. Without it, firm information is at risk of being intercepted, leading to identity fraud, ransomware attacks, and theft.

#4) Unsecured Home Wi-Fi

Your staff may be using your firms’ work laptops, but with their home Wi-Fi networks – which could be posing a security risk to company information.

Most people neglect to update their home router software, leaving security gaps unaddressed and the potential for data breach risks. Home networks also typically lack firewalls or less secure firewalls than what’s found in the office. Without secure firewalls, malicious activity is more likely to get through.

#5) Working from Personal Devices

Remote employees often use their smartphones, home printers, and personal computers to conduct their work. As convenient as these options are, they can pose security risks.

In general, home technology is typically not as secure as work computers. For example, personal smartphones usually lack encryption, and home printers and computers create potential security issues due to their less secure networks.

How to Stay Protected from Cyberattacks

As CPAs, we highlight business risks for our clients – but need to do the same for our own firms to protect it from cybersecurity risks.

Hire Qualified IT Staff

Simply having an anti-virus program installed on our devices isn’t enough; we need someone qualified to keep a close eye on company software and conduct relevant updates and malware scans.

Secure All Files and Information

Complete work on corporate laptops with remote access security controls and make data centralized and on a strict need-to-know basis. Eliminate any weak spots in employee workflow, and install two-factor authentication to lessen the opportunity for a vulnerable attack.

Protect Account Information

Have employees change their passwords to other complex to guess passwords regularly. Request employees use a secure password-storing program rather than tracking passwords on phones or sticky notes. Secure file-sharing platforms amongst teams that ensure data encryption from end-to-end, such as Dropbox or OneDrive.

Educate Staff on Cybersecurity Risks

Creating a remote working policy helps manage cybersecurity risks while working remotely. The document should include guidelines on storing devices securely, creating and maintaining strong passwords, technical solutions used to protect sensitive details, and outline the risks that working remotely presents. In addition, hold regular employee training on cybersecurity risk management practices.

Prepare a Cybersecurity Risk Management Plan

Creating a cybersecurity risk management plan ensures we’re ready if a cyberattack were to happen. The plan should outline the steps that need to be taken in the wake of a cyberattack. It should also provide preparation on compliance with laws regarding informing clients of a breach of their information.


A cyber attack can create immense damage to a firm – and even more so if the organization lacks a proper cybersecurity risk management plan. As of 2020, the average cost of a data breach in the U.S. was $8.64 million, with the risk of identifying and containing a data breach only increasing due to remote work. Safeguarding confidential information in the most secure ways possible and educating ourselves and our team members of the potential of cyber threats can help protect our firms.

Enrolling staff in the course “Cybersecurity for Employees Working from Home” is a great way to learn about cybersecurity risks and effective responses while also achieving PD credits.We also offer a comprehensive selection of over 100 other courses and webinars to help your firm succeed. Browse our pricing for more information.