Will Working from Home Make Us Get Serious About Two-Factor Authentication?

by Dr. Sean Stein Smith, CPA, City University of New York-Lehman | March 25, 2020

With an increasing number of accountants working from home, working remotely, telecommuting or only coming into the office one or two days a week there is more work occurring in a non-traditional setting. Be it a home office or (in many cases) a table or room that is serving as an ad hoc home office, there is more client information being transmitted over either personal WiFi or – hopefully – some sort of VPN. Even with a VPN, however, there are still risks that can occur with regards to how potentially client information is being transmitted electronically between colleagues as well as between practitioners and clients. Two-factor authentication (2FA) has been a conversation simmering on the back burner for several years now, only periodically ratcheting up in the fall out of a major hack or data breach.

With so many accounting and financial services functions, however, occurring off-site and potentially on unsecured networks, this work-from-home upswing might finally kick the conversation to the mainstream. Let’s take a look at a few ways to introduce this topic to employees and clients alike during this stressful time:

  1. Be sure that everyone understands what exactly 2FA is and what it is not. Especially for clients or colleagues that might not be especially tech-savvy or experienced this might seem like an overly technical topic or process to try and implement. That is not the case; even relatively mundane applications like Gmail has 2FA options available which demonstrates just how widespread this conversation has become. People are under pressure right now and might not want to hear about a new technology policy, but the sheer amount of data being handled outside of normal channels is all the more reason to have these conversations.
  2. Practice how 2FA will actually function. Oftentimes having to wait for a code or confirmation before accessing information that you have access to can be frustrating especially if you are already under stress and dealing with connectivity issues. That is no reason to not implement; those same connectivity issues might be indicative of an insecure or otherwise weak network connection. Practicing a few logins for colleagues and clients may take a few minutes but it is well worth the time to make sure everyone is comfortable using 2FA.
  3. Make sure that everyone understands the business implications and benefits of 2FA. Technology policies are not normally the conversations that excite people the most, accounting or otherwise, but there is a quantifiable business case to be made for implementing a 2FA policy. Hacks and breaches are unfortunately a fact of life in the modern economy, but that is no reason to be passive about them. If after the fact there is an investigation and your firm is found to have not taken appropriate safeguards or implemented appropriate policies, there could be both reputational and financial repercussions.

Two-factor authentication is certainly a technology topic, but it is also a business planning, continuity and cybersecurity issue as well. With so much uncertainty in the air these days it is more important than ever to make sure that you, your team and your clients are operating in as secure a manner as possible. Be sure to stay connected to the NJCPA Emerging Technologies Interest Group for updates on this, and many other emerging technology topics and trends.

Sean D. Stein Smith

Sean D. Stein Smith

Dr. Sean Stein Smith, CPA, DBA, CMA, CGMA, CFE, is a professor at the City University of New York – Lehman College. He is a member of the NJCPA Board of Trustees and participates on several interest groups.

More content by Sean D. Stein Smith:

Learn more from Sean D. Stein Smith:

Leave a comment