遠(yuǎn)程辦公的網(wǎng)絡(luò)安全資源Cybersecurity Resources for a Remote Workforce-首冠教育官方網(wǎng)站- 在線財(cái)經(jīng)教育品牌!CGMA,FCPA,CNMA培訓(xùn),內(nèi)控管理師,管理會(huì)計(jì)師,法務(wù)會(huì)計(jì)師,大數(shù)據(jù)財(cái)務(wù)分析師

當(dāng)前位置：資訊 >> 培訓(xùn)通知 >> 瀏覽文章

遠(yuǎn)程辦公的網(wǎng)絡(luò)安全資源Cybersecurity Resources for a Remote Workforce

來源：本站原創(chuàng) 瀏覽量：發(fā)布日期：2020/10/10 14:13:26

It is no secret that CPAs have faced an increasing level of cyber-security threats, even under normal conditions. Audit Analytics reports in its June 2020 “Trends in Cybersecurity Breach Disclosures” that cyber breaches increased 400% between 2011 and 2019. The most common breaches include malware, and the theft of Social Security numbers, which are likely to be stored by CPA firms, have become an increasing target for data thieves. The IRS warned of tax and financial fraud scams related to the coronavirus (COVID-19) pandemic (IR-2020-15), and it cannot be stated any more succinctly than IRS Commissioner Chuck Rettig, “Criminals seize on every opportunity to exploit bad situations, and this pandemic is no exception”.

注冊會(huì)計(jì)師面臨的網(wǎng)絡(luò)安全威脅越來越高，這已不是什么秘密，即使在正常情況下也是如此。Audit Analytics在其2020年6月發(fā)布的“網(wǎng)絡(luò)安全漏洞趨勢披露”報(bào)告中指出，2011年至2019年間，網(wǎng)絡(luò)漏洞增加了400%。#常見的漏洞包括惡意軟件，而竊取可能由會(huì)計(jì)師事務(wù)所存儲(chǔ)的社保號碼已成為越來越多數(shù)據(jù)竊賊的目標(biāo)。美國國稅局警告與冠狀病毒（COVID-19）大流行（IR-2020-15）有關(guān)的稅務(wù)和金融欺詐詐騙案。關(guān)于這一點(diǎn)，沒有比國稅局局長查克·雷蒂格（Chuck Rettig）更簡潔的表述了：“犯罪分子抓住每一個(gè)機(jī)會(huì)去利用惡劣的情況，這次大流行也不例外。”。

Compounding the already existing cybersecurity threats, the physical shift to working from home has the potential to put the protection of client data, software, and hardware under even greater stress. This month’s column focuses on free materials for CPAs, including resources that may be new to readers. The Center for Internet Security and CSO Online, are just a few of many resources to help secure the remote technology environment.

再加上已經(jīng)存在的網(wǎng)絡(luò)安全威脅，從物理上轉(zhuǎn)移到在家工作有可能給客戶數(shù)據(jù)、軟件和硬件的保護(hù)帶來更大的壓力。本月的專欄關(guān)注注冊會(huì)計(jì)師的免費(fèi)資料，包括讀者可能不熟悉的資源?；ヂ?lián)網(wǎng)安全中心（ Center for Internet Security ）和CSO在線（CSO Online）只是幫助保護(hù)遠(yuǎn)程技術(shù)環(huán)境的眾多資源中的一小部分。

A must-see tool on the CIS website is the “Resource Guide for Cybersecurity During the COVID-19 Pandemic,” which is accessible as a webpage or downloadable four-page PDF (https://bit.ly/3jUAcmY). The guide is a fast read with hyperlinks to more detailed resources. The first page covers COID-19-related cyberattacks, addressing phishing and malspam, credential stuffing, ransomware, remote desktop protocol (RDP) targeting, and distributed denial of service (DDoS) attacks, with connections to a variety of tools, including one CIS newsletter article: “What You Need to Know About COVID-19 Scams.”

CIS網(wǎng)站上的一個(gè)必看工具是“COVID-19大流行期間的網(wǎng)絡(luò)安全資源指南（Resource Guide for Cybersecurity During the COVID-19 Pandemic）”，它可以作為網(wǎng)頁或可下載的四頁PDF格式訪問(https://bit.ly/3jUAcmY).這是可以快速閱讀的指南，其中有指向更詳細(xì)資源的超鏈接。頁介紹了與COID-19相關(guān)的網(wǎng)絡(luò)攻擊，解決網(wǎng)絡(luò)釣魚和惡意垃圾郵件、憑證填充、勒索軟件、遠(yuǎn)程桌面協(xié)議（remote desktop protocol, RDP）定位和分布式拒絕服務(wù)（distributed denial of service, DDoS）攻擊，并連接到各種工具，包括一篇CIS時(shí)事通訊文章：“您需要了解有關(guān)COVID-19詐騙的信息(What You Need to Know About COVID-19 Scams)”。

On a related note, “Cleaning up ‘Dirty’ Wi-Fi for Secure Work-from-Home Access,” pulled from Cyber Defense Magazine (June 11, 2020), is an eye-opening discussion of the risks of home workplace access. Wi-Fi networks, which cannot be resolved by a virtual private network (VPN). VPNs have grown in popularity for providing a secure Internet connection, particularly in the work-from-home environment. VPNs cannot, however, address on their own the threats created by the “dirty” nature of many home Wi-Fi networks. Internet users may not realize the large number of connected devices in their home, each of which create an entry point for a cyberattack. The article references the CIS Wireless Access Controls, Control 15, which recommends the use of a separate wireless network for personal (or untrusted) devices versus home office equipment (https://bit.ly/3f7O4Hb).

另一篇相關(guān)文章[摘自《網(wǎng)絡(luò)防御》（Cyber Defense Magazine）雜志（2020年6月11日）]提到的“清理被污染的”Wi-Fi，讓人大開眼界地討論了家庭工作場所接入的風(fēng)險(xiǎn)。Wi-Fi網(wǎng)絡(luò)，無法通過虛擬專用網(wǎng)絡(luò)（VPN）解決。VPN由于其提供安全的互聯(lián)網(wǎng)連接而越來越受歡迎，特別是在家工作的環(huán)境中.然而，VPN無法獨(dú)自解決許多家庭Wi-Fi網(wǎng)絡(luò)的“污染”性質(zhì)所造成的威脅?；ヂ?lián)網(wǎng)用戶可能沒有意識到家中有大量聯(lián)網(wǎng)設(shè)備，每一個(gè)設(shè)備都是網(wǎng)絡(luò)攻擊的切入點(diǎn)。本文引用了CIS無線訪問控制方法（CIS Wireless Access Controls）中的“控制方法15”，該方法建議對個(gè)人（或不受信任的）設(shè)備使用單獨(dú)的無線網(wǎng)絡(luò)，而不是家庭辦公設(shè)備。

Another CSO Online article, “8 Key Security Considerations for Protecting Remote Workers” (https://bit.ly/30aOE2D) presents links to examples of the types of products addressed in the recommended practices. The discussion begins with determining what protection should be required for employees’ home computers, with specific consideration of Windows and Macintosh products and a link to a five-minute video that identifies good questions to ask. In determining what software remote employees might need, be aware that, on the positive side, some licenses do allow installation on multiple devices; on the negative side, firewalls must be configured properly to prevent ransomware attacks.

CSO在線（CSO Online）的另一篇文章“保護(hù)遠(yuǎn)程工作者的8個(gè)關(guān)鍵安全注意事項(xiàng)（ Key Security Considerations for Protecting Remote Workers）”列舉了推薦方法中提到的產(chǎn)品類型的鏈接(https://bit.ly/30aOE2D)。相關(guān)議題的討論中首先要確定員工的家用電腦需要什么樣的保護(hù)措施，具體考慮Windows和Macintosh產(chǎn)品，并提供一個(gè)5分鐘視頻鏈接，確定了值得提出的問題。在確定遠(yuǎn)程員工可能需要哪些軟件時(shí)，請注意，從積極的一面來看，有些許可證確實(shí)允許在多個(gè)設(shè)備上安裝。消極的一面是，防火墻必須正確配置以防止勒索軟件攻擊。