/** * The main template file * * This is the most generic template file in a WordPress theme * and one of the two required files for a theme (the other being style.css). * It is used to display a page when nothing more specific matches a query. * E.g., it puts together the home page when no home.php file exists. * * @link https://developer.wordpress.org/themes/basics/template-hierarchy/ * * @package WordPress * @subpackage Tally * @since 1.0.0 */ ?>
In today’s era of digitization and automation, every business function is investing in transformation and upgradation. The pandemic and remote working requirements of today, have further accelerated the pace of this revolution. Professional firms are no exception to this. Many professional firms quickly started upgrading to remote working technologies within a short span of time. From remote audits to performing compliance on remote basis, professional firms have gone reasonably digital. But equally important is to understand the cyber security risks while we evolve using these technologies. While on one side these technologies have made life easier, but on the other side they come with considerable risks. This article explores them in detail and gives practical tips on securing remote working.
Cyberattacks are malicious and deliberate attempt by an individual or organization to breach the information system. Usually, the attacker seeks some type of benefit from disrupting the victim’s network. Every attacker works with a different malicious intention, but largely to make money exploiting the weakness. This sort of cybercrimes has increased over the years and even more during the last 2 years. According to various news reports, In July 2020, India recorded its highest number of attacks at 4.5 million. In February 2021—nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks, a type of attack where multiple combination of passwords is used to with the hope of eventually guessing a combination correctly. This is a far cry from the 93.1 million witnessed at the beginning of 2020. India alone witnessed 9.04 million attacks in February 2021. Most of these Cyberthreats were also launched with ulterior motives. Some attackers look to obliterate systems and data as a form of “hacktivism.” Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
We often come across the term cyber-attacks and cyber risks. They are closely interrelated but do not share the same concept. A cyber-attack is an offensive action, whereas a cyber threat is the possibility that a particular attack may occur, and the cyber risk associated with the subject threat estimates the probability of potential losses that may result.
For example, a Distributed Denial of Service (DDoS) is a type of a cyber-attack where multiple connected online devices, collectively known as a botnet, are used to overwhelm a target website with fake traffic, thereby making a genuine customer wait or deny the access of the website or application. This sort of a cyber-attack by a botnet is a cyber threat for many enterprises with online retail websites, ecommerce etc., where the associated cyber risk is a function of lost revenues due to website downtime and the probability that a DDoS cyber-attack will occur. The same can be related with that of a professional firm, where a Ransomware attack encrypts the entire office server and demands for a “ransom” in order to decrypt the server. These ransoms are often asked in methods which make it difficult to trace the origin with anonymous payouts.
While cyber security in the office may seem challenging, it is essential to understand that security extends well beyond the office these days. The use of smart phones and tablets has become widespread. The ubiquitous and cheap nature of portable storage devices makes them a useful tool for the backup and transportation of data. Those features mean they are also a target for data thieves. The work from home has made many firms to download data either in the office laptops or personal computers of the employee which could be subject to attack.
Impact: Financial Loss; Reputational Damage; Operational Downtime; Legal Action; Loss of Sensitive Data.
Precautions: Passcode locks, 2 factor authentication for mobile devices; GPS Tracking and option of remotely wiping of device; use of encryption software etc.,
Pro Tip: Ensure data always resides only in one premise. Office Servers or on Cloud Storage such as Google Drive, Microsoft OneDrive. SharePoint, Zoho WorkDrive, Dropbox etc. It is very critical to ensure that the download / sync access is restricted to the personal computers or laptops. Alternatively, Data Loss prevention tools (DLP) tools can be installed in all the end user machines which have capabilities to detect potential data breaches / data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.
Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. It is often done on publicly facing computers or those systems which are exposed to internet. For instance, if an office server is exposed to the internet where people can access on remote basis, there is certainly a risk of hacking.
Impact: Outsiders may gain access to bank account information or credit card databases, office data including accounting and tax information, intellectual property and any other source of value.
Precautions: Use of network Firewalls; Data access security; procedures for providing and removing access, and user awareness and training; ensuring usage of encrypted connections or virtual private networks etc.
Pro Tip: It is highly recommended to use end to end encrypted connections or applications which provide such features. Zoho Assist and Unattended Access, for instance provides such a facility there by protecting the entire set up. In case the organization has set up a VPN connectivity, it is highly recommended to have a Firewall in place which can monitor the traffic and also prevent unauthorized users.
Insider threats in cyber security are threats posed by individuals from within an organization, such as current or former employees, contractors, and partners. These individuals have the potential to misuse access to networks and assets to disclose, modify and delete sensitive information willingly or unwillingly.
Impact: Financial Loss; Reputational Damage; Loss of Sensitive Data; etc
Precautions: Proactively manage permissions and privileges; Implement a device management policy; Regular Staff training; Continuous Monitoring; Develop and incident response plan; Regular Backups, etc.
Pro Tip: Keep a track of the access each employee has to the various IT resources and the privileges in place. Enable a log feature, which is available in most of the software. These should be regularly reviewed, by senior management. Further, the access to applications should also be disabled, on the last working day of the employees. It is also critical for professional firms to use password Vault Managers such as 1Password, Zoho Vault, LastPass etc., which enables to store credentials of clients safely without sharing them over excel sheets and unencrypted methods.
A few regular and simple practices can prove to be effective on safety from Cyber Attacks and Risks. Following are practices:
The pandemic times has made the work from remote locations, the new normal. To ensure that remotely work is secured, the following measures can be followed:
Virtual Private Network (VPN): Using a VPN will bypass geographic restrictions on streaming sites and other location-specific content. A VPN encrypts all of your internet traffic, making it unreadable to anyone who intercepts it. Make sure employees exclusively use the VPN when working and when accessing company information systems remotely.
Wi-Fi Connections: Most Wi-Fi systems at home these days are not fully secure. Enable encryption of home Wi-fi connections, changing default username (admin, 12345, user etc.), hiding Wi-Fi from view or visibility, Enabling MAC Address Filtering are few things worth considering. In case of accessing outside the home, employees should be aware that unsecured public Wi-Fi networks in restaurants and public spaces are prime spots for malicious parties to spy on internet traffic and collect confidential information.
Home Routers: Many people don’t change their home router password when it is first installed, leaving their home network vulnerable. It’s important for employees to take simple steps to protect their home network in order to prevent malicious parties having access to connected devices. Changing the router password and firmware updates are necessary.
Passwords: It’s as important as ever to ensure that all accounts are protected with strong and different passwords.
Two-factor Authentication: Two-factor authentication and two-step verification involve an additional step to add an extra layer of protection to an employee’s accounts. The extra step could be an email or text message confirmation, or a biometric method such as facial recognition or a fingerprint scan.
Firewalls: Firewalls act as a line of defence to prevent threats from entering your company’s system. They create a barrier between your employees’ devices and the internet by closing ports to communication.
Antivirus Software: A good, advanced antivirus software can act as the next line of defence by detecting and blocking known malware. Even if malware does manage to find its way onto an employee’s device, an antivirus may be able to prevent it.
Locking Devices - If employees have to work in a public space, then it’s important for them to keep their device secure. Password protecting their device will usually protect its contents until someone enters the password. A policy requiring them to do this should be in place.
The significance of Cybersecurity is almost inevitable across all domains of the industry considering the pace and requirement of the needs of digitization. On a statistical note, The Kaspersky Security Network (KSN) report showed that its products detected and blocked 52,820,874 (37% Increase) local cyber threats in India between January to March 2020. So, cybersecurity risk management is vital for professionals and to be secure.
Stay Safe. Stay Protected.
This article was originally published in the Karnataka State Chartered Accountant Association, July 2021 Edition.
About the author
CA Narasimhan Elangovan - Partner, KEN & Co.
B.COM, FCA, CS, DISA, DIPIFR(UK), CISA(USA), LLB, CDPSE (USA), ISO 27001 Lead Auditor
Email: narasimhan@ken-co.in
https://www.cisco.com/c/en_in/products/security/common-cyberattacks.html
https://www.icaew.com/-/media/corporate/files/technical/business-and-financial-management/smes/bas-for-pba/top-five-cyber-risks.ashx
https://www.cpaaustralia.com.au/
https://www.accountancyage.com/2017/04/18/making-cyber-security-your-business-and-your-firm-cyber-secure/
https://www.cybereason.com/blog/cyber-security-tips-for-allowing-employees-to-work-from-home
For a good control over your inventory, you need to have best practices in place. In this blog, we will talk about the best inventory management practices you can introduce to your business to enhance
Read More
The Government of India has introduced many schemes and incentives to help micro, small, and medium enterprises (MSMEs). These schemes, such as UDYAM registrations, ensure that MSMEs get easy credit..
Read More
Excel spreadsheets are a ubiquitous tool used in businesses of all sizes. They are used to store and manage a wide variety of data, from customer records to financial data to inventory information and
Read More
A good dashboard is like your business's command center in today's data-driven business world. It helps you keep an eye on everything that matters. To truly understand how your company is doing, here.
Read More
Excel spreadsheets are a common tool used in businesses for managing a wide range of data, like customer info, finances, and inventory. They're the go-to format for sharing transaction details in.....
Read More