It is no secret that CPAs have faced an increasing level of cyber-security threats, even under normal conditions. Audit Analytics reports in its June 2020 “Trends in Cybersecurity Breach Disclosures” that cyber breaches increased 400% between 2011 and 2019. The most common breaches include malware, and the theft of Social Security numbers, which are likely to be stored by CPA firms, have become an increasing target for data thieves. The IRS warned of tax and financial fraud scams related to the coronavirus (COVID-19) pandemic (IR-2020-15), and it cannot be stated any more succinctly than IRS Commissioner Chuck Rettig, “Criminals seize on every opportunity to exploit bad situations, and this pandemic is no exception”.

注册会计师面临的网络安全威胁越来越高，这已不是什么秘密，即使在正常情况下也是如此。Audit Analytics在其2020年6月发布的“网络安全漏洞趋势披露”报告中指出，2011年至2019年间，网络漏洞增加了400%。常见的漏洞包括恶意软件，而窃取可能由会计师事务所存储的社保号码已成为越来越多数据窃贼的目标。美国国税局警告与冠状病毒（COVID-19）大流行（IR-2020-15）有关的税务和金融欺诈诈骗案。关于这一点，没有比国税局局长查克·雷蒂格（Chuck Rettig）更简洁的表述了：“犯罪分子抓住每一个机会去利用恶劣的情况，这次大流行也不例外。”。

Compounding the already existing cybersecurity threats, the physical shift to working from home has the potential to put the protection of client data, software, and hardware under even greater stress. This month’s column focuses on free materials for CPAs, including resources that may be new to readers. The Center for Internet Security and CSO Online, are just a few of many resources to help secure the remote technology environment.

再加上已经存在的网络安全威胁，从物理上转移到在家工作有可能给客户数据、软件和硬件的保护带来更大的压力。本月的专栏关注注册会计师的免费资料，包括读者可能不熟悉的资源。互联网安全中心（ Center for Internet Security ）和CSO在线（CSO Online）只是帮助保护远程技术环境的众多资源中的一小部分。

A must-see tool on the CIS website is the “Resource Guide for Cybersecurity During the COVID-19 Pandemic,” which is accessible as a webpage or downloadable four-page PDF (https://bit.ly/3jUAcmY). The guide is a fast read with hyperlinks to more detailed resources. The first page covers COID-19-related cyberattacks, addressing phishing and malspam, credential stuffing, ransomware, remote desktop protocol (RDP) targeting, and distributed denial of service (DDoS) attacks, with connections to a variety of tools, including one CIS newsletter article: “What You Need to Know About COVID-19 Scams.”

CIS网站上的一个必看工具是“COVID-19大流行期间的网络安全资源指南（Resource Guide for Cybersecurity During the COVID-19 Pandemic）”，它可以作为网页或可下载的四页PDF格式访问(https://bit.ly/3jUAcmY).这是可以快速阅读的指南，其中有指向更详细资源的超链接。第一页介绍了与COID-19相关的网络攻击，解决网络钓鱼和恶意垃圾邮件、凭证填充、勒索软件、远程桌面协议（remote desktop protocol, RDP）定位和分布式拒绝服务（distributed denial of service, DDoS）攻击，并连接到各种工具，包括一篇CIS时事通讯文章：“您需要了解有关COVID-19诈骗的信息(What You Need to Know About COVID-19 Scams)”。

On a related note, “Cleaning up ‘Dirty’ Wi-Fi for Secure Work-from-Home Access,” pulled from Cyber Defense Magazine (June 11, 2020), is an eye-opening discussion of the risks of home workplace access. Wi-Fi networks, which cannot be resolved by a virtual private network (VPN). VPNs have grown in popularity for providing a secure Internet connection, particularly in the work-from-home environment. VPNs cannot, however, address on their own the threats created by the “dirty” nature of many home Wi-Fi networks. Internet users may not realize the large number of connected devices in their home, each of which create an entry point for a cyberattack. The article references the CIS Wireless Access Controls, Control 15, which recommends the use of a separate wireless network for personal (or untrusted) devices versus home office equipment (https://bit.ly/3f7O4Hb).

另一篇相关文章[摘自《网络防御》（Cyber Defense Magazine）杂志（2020年6月11日）]提到的“清理被污染的”Wi-Fi，让人大开眼界地讨论了家庭工作场所接入的风险。Wi-Fi网络，无法通过虚拟专用网络（VPN）解决。VPN由于其提供安全的互联网连接而越来越受欢迎，特别是在家工作的环境中.然而，VPN无法独自解决许多家庭Wi-Fi网络的“污染”性质所造成的威胁。互联网用户可能没有意识到家中有大量联网设备，每一个设备都是网络攻击的切入点。本文引用了CIS无线访问控制方法（CIS Wireless Access Controls）中的“控制方法15”，该方法建议对个人（或不受信任的）设备使用单独的无线网络，而不是家庭办公设备。

Another CSO Online article, “8 Key Security Considerations for Protecting Remote Workers” (https://bit.ly/30aOE2D) presents links to examples of the types of products addressed in the recommended practices. The discussion begins with determining what protection should be required for employees’ home computers, with specific consideration of Windows and Macintosh products and a link to a five-minute video that identifies good questions to ask. In determining what software remote employees might need, be aware that, on the positive side, some licenses do allow installation on multiple devices; on the negative side, firewalls must be configured properly to prevent ransomware attacks.

CSO在线（CSO Online）的另一篇文章“保护远程工作者的8个关键安全注意事项（ Key Security Considerations for Protecting Remote Workers）”列举了推荐方法中提到的产品类型的链接(https://bit.ly/30aOE2D)。相关议题的讨论中首先要确定员工的家用电脑需要什么样的保护措施，具体考虑Windows和Macintosh产品，并提供一个5分钟视频链接，确定了值得提出的问题。在确定远程员工可能需要哪些软件时，请注意，从积极的一面来看，有些许可证确实允许在多个设备上安装。消极的一面是，防火墙必须正确配置以防止勒索软件攻击。

More Cybersecurity Tools for a Remote Workforce

更多远程办公网络安全工具

Cybersecurity & Infrastructure Security Agency (CISA)

网络安全与基础设施安全局（Cybersecurity & Infrastructure Security Agency, CISA）

Home Network Security Tip

https://www.us-cert.gov/ncas/tips/ST15-002

Global Cyber Alliance

Cybersecurity Toolkit

https://gcatoolkit.org/smallbusiness/

SANS Institute

Tips for a Work-from-Home Environment

https://www.sans.org/blog/tips-to-secure-your-organization-in-a-work-from-home-environment/

SANS Institute

Work from Home Deployment Kit

https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit

原创编辑：ICPA中国办事处