With our new normal of hybrid work environments come both pros and cons. Specifically in the accounting profession, the implementation of new technology creates more efficient processes, but can also inadvertently lead to additional risks such as fraud.
While all industries face privacy and data security challenges in hybrid environments, the sensitive and confidential information in accountants’ routine work demands a higher level of cybersecurity to ensure that all client data is totally secure. It is essential that accountants remain vigilant for possible fraud and actively safeguard network systems to ensure continued strategic growth for small and midsized businesses.
How does fraud happen?
Fraud can occur in many ways. While the concept of physical fraud risks may seem outdated (especially in hybrid environments), the majority of confidential data — such as Social Security numbers and credit card information — is still stolen the “old-fashioned” way, via theft of physical laptops or important documents (e.g., paper checks, invoices, sticky notes) from unsecured areas. Even with the potential of artificial intelligence to reduce the burden and risk of many manual processes, many accountants and bookkeepers are still remarkably reliant on paper with
Hybrid and remote work models have also exacerbated many existing cybersecurity risks for many accounting firms. In the early days of the pandemic — when the transition to remote work needed to happen essentially overnight — it wasn’t uncommon for firms to put necessary “Band-Aid” solutions in place. Many companies and accountants moved their data to the cloud for the first time, which is a positive development, but not a silver bullet to safety.
Phishing attempts have continued to rise, preying on the stress of employees and owners, and the lack of updated protections and employee education as they managed through a crisis. These deceiving emails and notes, often disguised as emails from colleagues, are one of the most common ways that hackers can gain access to even the most secure networks. Now is the time to refine and improve those new processes put into place over the past two years, prioritizing more secure practices and the safeguarding of sensitive data.
Preventing fraud
There are a variety of practices that firms can implement to mitigate the risks of fraud in hybrid work environments. From a data security perspective, it starts with the cloud.
Cloud-based solutions and Software-as-a-Service providers are the most secure way to store client data, as these systems have more secure encryption methods than what accounting firms can offer in-house. This also removes the risk of stolen computers from a “smash and grab” robbery. While it’s now generally accepted that storing data in the cloud is far more secure than relying on a paper trail, decentralized personnel and the lack of pre-developed protocols for remote work left many firms exposed to additional cyber risks from unsecure networks and personal devices.
Going forward, accounting firms should ensure that all accountants are trained on an ongoing basis in the best cybersecurity practices while in a hybrid environment, including how to identify, prevent and address all types of fraud threats, from physical to digital. Employees should be vigilant about diversifying their passwords, keeping their login credentials private and updating them regularly.
It’s also critical to use secure devices and networks, implementing multifactor authentication for all services, and software to monitor for phishing and other scams. Lastly, with the rise in popularity of automated workflows to process data and transactions in daily accounting practices, accounting firms should consider investing in and implementing AI systems that scan for mistakes, such as duplicate payments, fraud — and even basic human error.
Strengthening tech security
In light of many major players in the accounting profession embracing more permanent hybrid and remote work models, accounting firms of all sizes should identify what, if any, interactions really require paper or physical interaction. For practices (such as accounts payable and payroll) that can easily be digitized, accounting firms should ensure they’re supporting those practices through secure, online systems and cloud-based storage solutions to ensure the highest levels of data protection.
Additionally, for communication with clients, firms should establish secure portals for the transfer of sensitive documents that contain personal or sensitive information, such as Social Security numbers, bank account information and credit card details. Never send these documents over email. A cloud-based document sharing solution is much more secure. All-in-one SaaS solutions that allow you to manage your workflow, approvals and payments can provide high security and convenience in hybrid environments.
Prior to the pandemic, many accounting processes were based primarily on physical work models and paper-based processes, but the acceleration of flexible and remote work models has only increased the overdue
As firms seek to implement new workflows, it’s essential to prioritize educating the teams about how to mitigate new and emerging fraud risks and secure data on cloud-based servers before the Trojan horse is wheeled through the front gates.