11 essential tips for controlling data in remote accounting teams

Luckily, there are some simple policies, settings and tools that firms can deploy to significantly reduce their risks. In this article we share our top 11 free and low-cost tips for doing this. But first it’s important to understand…

What’s the risk with work-from-home anyway?

While many accounting teams are discovering that working from home can be easier than they first thought, it does come with some additional risks. These arise because:

• Home IT environments tend to be a lot less secure than business IT environments;
• Home devices tend to have multiple users who may be downloading unsafe programs hidden in browser extensions, movies, software etc; and
• Home computing practices tend to be less strict. For example, many people save passwords in browsers or keychains on their personal devices. 

Each of these factors causes a “blending” of data between home and business use. This introduces risks for the business and your client data. 

Luckily, these risks are very easily and cheaply addressed. Here are our top 11 tips for doing this:

1. Where possible, have staff use a dedicated business computer at home. 

Home computers tend to harbour more cyber threats. These are relatively innocuous if all you’re doing is watching Netflix and playing games. However, they can become a serious risk if business data becomes exposed. Where practical, the best solution is a dedicated business machine for each team member. However, if this isn’t immediately practical and some team members must use their own devices…

2. Get every team member run a malware scan on their home computer (Free or Low Cost)

We recommend getting every team member to run a malware scan on their home computers with software such as Malwarebytes.

This works on a PC and Mac, and offers a 14-day free trial that allows a thorough scan to be run at no cost. You may be surprised what gremlins this uncovers. Recently we saw a home computer scan return 220 threats and viruses on the one machine.

3. Ensure your team are aware of the risks best practices

A good place to start is sharing this article internally. One additional risk that teams should be aware of right now is the prevalence of COVID-19 phishing scams.

Cyber criminals are taking advantage of the COVID-19 situation to send emails and messages that trick people into clicking official-looking links to steal their data. We are seeing a lot of these at the moment, so extra vigilance is required.

4. Download a separate browser for work use

If team members must use their home computer, download a separate browser for work use. For example, if you tend to use the Chrome browser at home, download Firefox or Brave for work.

Browsers themselves tend to be quite secure. It’s browser plugins and extensions can introduce threats. By using a separate work browser, you quarantine your browsing from home-use plugins.

Browser plugins and extensions from reputable organisations (e.g. Google) are safe, but be wary of other extensions that may reset or control browser settings in the background to steal your data.

5. Never save business passwords on your personal computer, browsers or keychains

Never save business passwords on your personal computer, or indeed in any browsers or keychains. One risk is that these passwords will be captured by keylogging software. Another is that these methods may make your passwords available on any connected device.

6. Clear out business your Downloads Folder and Recycle Bin daily

Over time, your downloads folder can accumulate a cache of sensitive client information. We recommend clearing out your downloads folder and recycle bin on a regular basis. In a business setting, we recommend a 14-day clearout rule, but for home computers we suggest once daily.

7. Consider setting up a dedicated business internet connection for work

The advantage of a dedicated business internet connection is two-fold. Firstly, it preserves bandwidth for business purposes such as video calls. Secondly, it cordons off your business internet traffic from home internet traffic.

8. Install a firm-wide password management tool

The above tips are all useful and important but there’s really no way to ensure that all of them have been actioned across your whole firm. What’s needed is a tool that encrypts passwords and shields them from being captured by keyloggers, phishing attacks and other schemes. 

9. Implement a Geofencing Policy

This is a setting that can be switched on centrally, which will automatically restrict login attempts from overseas. Most cyber attacks originate from overseas and this is a useful policy to shut down much of the risk.

10. Lock out access by policy during unusual time periods

Similarly, a useful policy is to lock out app access during unusual time periods (e.g. 10pm to 5pm) when you wouldn’t expect team members to be logging in.

11. Implement a work from home policy

Implementing a formal work from home policy is a crucial step. A firm-wide policy not only sets expectations, but it also limits your liability in the event of a data breach.

While all the above tips will significantly reduce your risk, if data is breached while your team is working from home, the first thing an insurer will look for is evidence that the employee knew what to do in the first place. If you can’t demonstrate that such guidance was in place, your insurance policy may be rendered useless.

Conclusion and Next Steps

For many firms, working from home is an emerging development that may prove to have many benefits. However, it’s also important to cover off the risks, which you can do by putting in place all our free suggestions and considering our low-cost recommendations.

Published by Practice Protect