Facing Increased Cyber Threats Against Legal and Accounting Professionals During the COVID-19 Pandemic


By: Renata Hoddinott

Millions around the world have had their daily routines disrupted and a wide variety of companies are participating in the largest “work from home” mobilization in history. While the ability for professionals to work remotely is key to business continuity in the midst of this pandemic, in doing so, firms and professionals have open their networks to unprecedented exposure.
Bad actors are capitalizing on the intense focus on COVID-19 panic and fear and security professionals have already noted an increase in malicious schemes. Those include phishing emails framed as alerts regarding the coronavirus outbreak containing attachments purportedly with information about COVID-19 and how to protect against the virus. When people are already stressed, fearful, and desperate for the most up-to-date information to protect themselves and loved ones, there is a significant risk to the security of any network.
Another prevalent threat for professionals, and particularly for CPAs, is in the realm of wire transfer requests. These types of scams are on the rise and can be very convincing, duping even the most cyber-savvy of professionals. Bad actors often begin well in advance of an attack by laying in wait and collecting information over an extended period. When the opportunity presents itself, such as now, these criminals use that information to launch convincing wire transfer requests. They can be framed as emails from “clients” requesting emergency funding and providing fraudulent wire instructions. CPAs often find themselves on the front lines against these malicious schemes and need to remain diligent and exercise extreme caution when responding to any requests. With professionals working remotely it can be more difficult to ensure a request is valid, but it is vital for requests to be double and triple checked and validated directly by phone or video to ensure accuracy before a single dollar is transferred.
Now is the time for all professionals to be vigilant about the cyber dangers. An unprecedented number of professionals are accessing company networks remotely and continuing to service clients including handling sensitive and confidential client data. In an office environment, when a threat is detected, IT can immediately quarantine and disconnect the compromised device and conduct an investigation of the company network. Now, however, employees may be connecting to firms’ servers from their own perhaps less secure networks and IT professionals are not on-site in those locations to troubleshoot issues and contain threats more easily. Failure to appropriately protect the sensitive and confidential data of clients may be the cause of malpractice claims in certain circumstances.
Firms should ensure IT security professionals are accessible to remote working professionals and able to isolate remote devices when necessary and limit the potential damage to the firm’s network through that compromised device. Now more than ever firms and professionals must remain diligent and prepared against new risks of fraud and cyber-attacks. Keeping mindful of cyber threats in the midst of this crisis is critical to ensuring ongoing success.
Additional information: 
The FMG Coronavirus Task Team will be conducting a series of webinars on Coronavirus issues every day for the next week. We will discuss the impact of Coronavirus for companies in general, but also for business in insurance, healthcare, California specific issues, cybersecurity, and tort. Click here to register.
FMG has formed a Coronavirus Task Force to provide up-to-the-minute information, strategic advice, and practical solutions for our clients. Our group is an interdisciplinary team of attorneys who can address the multitude of legal issues arising out of the Coronavirus pandemic, including issues related to Healthcare, Product Liability, Tort Liability, Data Privacy, and Cyber and Local Governments. For more information about the Task Force, click here.
You can also contact your FMG relationship partner or email the team with any questions at
**DISCLAIMER: The attorneys at Freeman Mathis & Gary, LLP (“FMG”) have been working hard to produce educational content to address issues arising from the concern over COVID-19. The webinars and our written material have produced many questions. Some we have been able to answer, but many we cannot without a specific legal engagement. We can only give legal advice to clients. Please be aware that your attendance at one of our webinars or receipt of our written material does not establish an attorney-client relationship between you and FMG. An attorney-client relationship will not exist unless and until an FMG partner expressly and explicitly states IN WRITING that FMG will undertake an attorney-client relationship with you, after ascertaining that the firm does not have any legal conflicts of interest. As a result, you should not transmit any personal or confidential information to FMG unless we have entered into a formal written agreement with you.  We will continue to produce educational content for the public, but we must point out that none of our webinars, articles, blog posts, or other similar material constitutes legal advice, does not create an attorney client relationship and you cannot rely on it as such. We hope you will continue to take advantage of the conferences and materials that may pertain to your work or interests.**