DCG Logo DCG Logo
  • About Us

    Where there's unique perspective, there's DGC. 
    Learn more

    • Service Philosophy
    • Team
    • News & Events
    • Community Involvement
  • Services
    • Private Client
    • Business Tax
    Assurance & Accounting
    • Accounting & Business Advisory Services
    • Audit, Review & Compilation
    • Employee Benefit Plan Audit
    • Overhead Rate Audit
    Business Advisory
    • Alternative Dispute Resolution
    • Bankruptcy & Restructuring
    • Forensic Accounting
    • Human Capital Consulting
    • IT Risk Assurance & Advisory
    • Litigation Support
    • Succession Planning
    • Technical Accounting Advisory
    • Transaction Advisory
    • Valuation
  • Industries

    Architecture & Engineering

    Healthcare

    Manufacturing & Distribution

    Not-for-Profit

    Professional Services

    Restaurant & Hospitality

    Real Estate

    Retail & Consumer

    Technology

  • Perspectives

    Articles & Podcasts

    Case Studies

    Newsletters

  • Careers

    DGC is looking for talented professionals to join our team.
    Learn more 

    Working Environment

    Life @ DGC

    Benefits

    Professional Development

    Student Resources

    View Open Positions

  • Contact Us

    Send a Message

    Office Locations & Directions

  • Client Portal
  • LinkedIn
  • Twitter
  • Facebook
  • About Us

    Where there's unique perspective, there's DGC. 
    Learn more

    • Service Philosophy
    • Team
    • News & Events
    • Community Involvement
  • Services
    • Private Client
    • Business Tax
    Assurance & Accounting
    • Accounting & Business Advisory Services
    • Audit, Review & Compilation
    • Employee Benefit Plan Audit
    • Overhead Rate Audit
    Business Advisory
    • Alternative Dispute Resolution
    • Bankruptcy & Restructuring
    • Forensic Accounting
    • Human Capital Consulting
    • IT Risk Assurance & Advisory
    • Litigation Support
    • Succession Planning
    • Technical Accounting Advisory
    • Transaction Advisory
    • Valuation
  • Industries

    Architecture & Engineering

    Healthcare

    Manufacturing & Distribution

    Not-for-Profit

    Professional Services

    Restaurant & Hospitality

    Real Estate

    Retail & Consumer

    Technology

  • Perspectives

    Articles & Podcasts

    Case Studies

    Newsletters

  • Careers

    DGC is looking for talented professionals to join our team.
    Learn more 

    Working Environment

    Life @ DGC

    Benefits

    Professional Development

    Student Resources

    View Open Positions

  • Contact Us

    Send a Message

    Office Locations & Directions

  • Client Portal
  • LinkedIn
  • Twitter
  • Facebook
DGC and PKF O'Connor Davies Join Forces

Effective January 1, 2022 DGC merged with PKF O’Connor Davies (PKFOD), the 27th largest accounting and advisory firm in the U.S. Click here for more information.

Perspectives

Categories

  • All
  • Articles & Podcasts
  • Case Studies
  • Newsletters
Popular Tags
  • COVID-1992,
  • Coronavirus89,
  • Cybersecurity47,
  • IT Risk Assurance and Advisory40,
  • Tax Reform40,
  • Business Tax36,
  • Private Client36,
  • Paycheck Protection Program32,
  • PPP Loans30,
  • Podcasts26,

Cybersecurity and Phishing: Working Remotely Requires a New Type of ‘Home Security’

4/6/2020 Articles & Podcasts

Many companies are operating in contingency mode because of the coronavirus pandemic with physical offices closed and the majority of employees working from home. For many companies, this is the first time they are enacting their Business Continuity Plan.

Companies are dealing with an uncertain economic outlook and many IT employees who are tasked with cybersecurity and compliance responsibilities are overwhelmed. They are challenged with keeping networks and servers up and running, as these alternative work arrangements have placed a strain on the IT infrastructure in unpredictable ways. And let’s not forget about managing personal matters like having children home from daycare or school.

This crisis has another group working extra hours: Hackers and fraudsters. COVID-related phishing is noticeably on the rise. Knowing that almost everyone is working from home has encouraged them. Many corporate networks are designed with a philosophy called “defense-in-depth,” whereby layers of protective technologies are put in place like firewalls, antivirus software, strong passwords, and other protective measures.

Depending on your network design, some protective mechanisms might only apply when employees are physically in the office. For example, some companies might be configured to use a domain name service (DNS) that blocks employees from inadvertently accessing known-malicious websites. But this service would only be adequate protection for an employee who was plugged into the network or connected to that network via VPN and using its DNS service.

Examples of Remote Working Phishing Vulnerabilities

There are many additional examples that demonstrate that when employees are working remotely, they are more vulnerable to phishing, among other attacks.

  • A hacker targets remote workers with an email message purportedly from their HR department, warning of a positive COVID-19 test within the company. The email contains a malicious file attachment which executes ransomware on the victim's computer
  • Cybercriminals impersonate the World Health Organization with an email attachment that purports to list preventative medicines
  • Hackers pretend to be Netflix giving away free memberships to entertain people during the crisis
  • Fraudsters appear to be officials from the U.S. government asking victims to provide their financial account information in order to receive a stimulus check

This activity might not surprise you if you have been following cybersecurity for the last decade. Still, the risks are heightened with so many people outside of the bounds of the traditional corporate network.

What can we do to address these risks of working from home?

There are several steps that companies can take to secure their employees as they work from home. The National Institute of Standards and Technology (NIST) distributed a publication (SP 800-117) which outlines these protective steps:

  • Ensure a firewall or router is in place between the employee's network and the ISP's network (i.e., do not plug the computer directly into the ISP's cable modem)
  • If using a wireless network, ensure modern encryption is being used. Look for WPA2 or WPA3
  • Change default passwords. Some home office equipment, like routers, firewalls, and printers, come with passwords that are widely known and easily exploited. They should be changed during setup

Another significant risk presents itself when remote workers are using their computers to connect to corporate resources over a VPN, commonly known as a Bring Your Own Device (BYOD) scenario. BYOD PCs present an additional risk as these devices are not controlled or secured by your IT department. This allows for the possibility that the BYOD PC may not have up-to-date patches, functioning antivirus software, a secure password on its user accounts, as well as numerous other issues. Also, the computer might be shared with other family members who may be downloading potentially unwanted software, which may compromise its security.

The NIST guidelines recommend, at a minimum, the following settings and practices should be adopted for BYOD employees:

  • Ensure the BYOD computers are set to automatically apply software updates, including operating systems, web browsers and productivity software, among others
  • Antivirus software should be turned on and kept up-to-date
  • The computer's firewall should be turned on
  • Users should be logged in using non-administrator accounts
  • Users should be using a complex, hard-to-guess password that is over 12 characters and includes upper-case and lower-case letters, and numbers
  • To the greatest extent possible, limit the number of people using the computer

While no solution is foolproof, taking these protective measures can help to ensure that your organization is protected through this crisis.

For additional information, please contact a member of your DGC client service team or Nick DeLena, CISSP, CISA, CRISC at 781-937-5191 / ndelena@dgccpa.com. You can also visit our coronavirus web page at dgccpa.com/coronavirus which is frequently updated with new articles and checklists to help you deal with the impact of the coronavirus on you and your business.

If you would like to get alerts and insights like this sent directly to your inbox, sign up here.

Articles & Podcasts
    Business Continuity, Coronavirus, COVID-19, Cybersecurity, IT Risk Assurance and Advisory, Phishing, Working Remotely

About the Author

Nick DeLena, CISSP, CISA, CRISC, CDPSE
Nick DeLena, CISSP, CISA, CRISC, CDPSE Partner
More Articles by Nick
Author Profile

About the Author

Nick DeLena, CISSP, CISA, CRISC, CDPSE
Nick DeLena, CISSP, CISA, CRISC, CDPSE Partner
More Articles by Nick
Author Profile
SBA Loans – What You Need to Know and How DGC Can Assist 4/2/2020
Webinar Recording - COVID-19 – Business Interruption: Mitigating Risk, Managing Liquidity, and Unlocking Economic Relief 3/27/2020
Coronavirus: Business Interruption Insurance Coverage and Preserving Your Claim 3/24/2020
Coronavirus Concerns - Recommendations for Businesses 3/18/2020
Cybersecurity and the Coronavirus – Questions to Consider 3/17/2020
Coronavirus – Mitigating Risk for Your Business 3/6/2020
  • Home
  • About Us
  • Contact Us
  • Careers
  • Privacy
  • Disclaimer
  • Newsletter
  • LinkedIn
  • Twitter
  • Facebook
© 2022 DGC, a division of PKF O'Connor Davies.
All Rights Reserved.

Get alerts and insights
sent directly to your inbox.