In a previous blog, we talked about some legal steps you need to take before bringing on your first remote hire. We outlined a few basic components you should include in your remote accountant policy, but we kept things pretty general.
Hopefully by now you have a remote accountant policy firmly in place. But as the landscape of virtual capabilities and cybersecurity threats continues to evolve, it might be time to revisit it and make sure all your bases are covered.
Here are few items your remote accountant policy should include that you might not have thought about.
But before we dive in, keep in mind that your remote accountant policy needs to contain more than a typical work-from-home policy for in-office employees. Fully remote accountants will be operating from different parts of the country, often on their own devices and with little to no physical oversight. Simply renaming your old work-from-home policy a remote worker policy won’t cut it.
1) Restrict work to VPN/remote desktop on approved hardware
Allowing remote accountants direct access to your systems through their own hardware is just asking for trouble. It’s an entry point for hackers that your IT team can’t control or monitor. And if the remote accountant’s hardware is stolen, all of your data could be at risk.
If you don’t already have a VPN/remote desktop portal in place, work with your IT department to get one set up immediately.
“Most people at home probably don’t spend a lot of time worrying about firewalls and accessing sites they may not want to access,” Bill Thompson, president, CPA Mutual, said. “You may want to limit cloud accountants to only using organizational-approved computer or electronic devices to access the network or systems, via VPN or remote desktop.”
You’ll also want to include a list of approved devices with minimum system requirements. If your IT team can physically inspect or even directly provide the device the remote accountant will be using, that would be ideal. But you’ll at least want to take steps to ensure the remote accountant’s working environment and hardware are as secure as possible.
“One idea is to require remote accountants to have a dedicated system, a dedicated terminal that they use just for work,” Thompson said. “You’ve probably heard about kids getting on iPhones and sending out invites to every single person that’s on the email list. I think at home people don’t realize that they need to make sure that their work stations are secure.”
And putting policies in place for when a remote worker departs your organization is just as important as having good onboarding procedures–if not more so.
“Any equipment that’s provided would either have to be turned in when an employee leaves or there would have to be some sort of remote shutdown procedure to lock the worker out of the network,” Thompson said.
2) Unify remote access via a single client portal
Allowing your remote accountants to do their jobs effectively means giving them access to all of your various software and systems: bookkeeping, CRM, ERP, etc. Handing out separate usernames and passwords to remote workers can be a security nightmare–each password represents another entry point to the network that can be stolen or hacked.
It’s also extremely cumbersome for the remote accountant. Keeping track of all the usernames and passwords he or she will need to access your systems will be almost impossible without writing them down, thus creating further security risks. Inevitably the remote accountant will forget a password and get locked out of the system, preventing him from being productive and creating additional work for IT.
To get around this problem, some firms are creating a single remote portal that automatically allows remote accountants access to all of the various systems and databases. The employee only has to remember one username and password–or if other authentication methods are used, she won’t need to remember any passwords at all. And IT will have a single entry point through which it can set up a firewall, keep security updated with the latest patches, and manage software licenses and upgrades.
“Our firm uses a single remote portal to load in remote workers’ credentials, their user IDs, and their passwords,” Dave Betz, chief success officer, Gineris & Associates, said. “They never know their user ID or password. All they have to do is log into the portal, which we can shut off at the drop of a hat.”
To ensure greater security, many firms are fortifying the username/password credential system through multifactor authentication (MFA). In some cases, firms are absconding passwords altogether in favor of more secure login methods.
“We require two-factor authentication on every cloud tech solution that we utilize,” Melissa Diaz, CFO and shareholder, High Rock Accounting, said. “But keep in mind that not all MFA methods are created equal. Many MFA features can be set to send verification codes to an email address. This leaves your systems vulnerable to email phishing attacks.”
To get around email security concerns surrounding MFA, Diaz suggests a different verification method.
“We require MFA codes be texted to a cellphone number. We definitely recommend making this a standard procedure for any remote worker,” Diaz said.
3) Limit login locations
The typical remote accountant won’t just be working from home. He’ll want to take his laptop to the coffee shop, a relative or significant other’s house, and on the road whenever he leaves town for work or vacation.
This can create further security concerns that should be addressed in your remote accountant policy. Where the employee logs in can be just as important as how.
“Don’t allow employees to connect to your networks through means that aren’t preapproved,” Thompson said. “That includes hotel business centers. People don’t realize that the free internet that you use at a hotel isn’t protected.”
Allowing remote accountants to log in from unapproved locations doesn’t just create security issues–it can impact productivity as well.
“There’s a pretty significant difference if you are using hardware internet versus Wi-Fi as it relates to the kind of tech software that we use. We’re so much better hardwired,” Betz said.
4) Require training sessions
Accountants emerge from college with a lot of knowledge that will help them do their jobs, but few walk out with an IT certificate. To ensure your remote accountants follow the security protocols you’ve put in place, it might be smart to require them to attend a few training sessions before they start remote work.
“Our firm has found that video trainings tend to be the most effective with remote workers,” Diaz said. “We utilize SaaS products to customize the video training we provide to our employees.”
Effective training tools for remote employees may differ greatly from the typical courses and seminars you might send an in-office employee to attend.
“While live training can be performed via webinar or screen share, the remote worker’s ability to follow up with the trainer or ask questions at a later time may be significantly reduced. Firms that really want to create an effective remote environment need to provide comprehensive training that is available on-demand and a resource for employees to contact with questions,” Diaz said.
5) Ensure expectations are communicated upfront and regularly evaluated
Remote accountants need to know what’s expected of them in order to do their jobs effectively. Outlining your expectations and taking steps to ensure they are consistently being met is critical to maintaining a successful remote worker program.
“Make sure your remote accountants know when they are expected to be available for work,” Ryan Watson, founder and principal, Upsourced Accounting, said. “You should strive to create a flexible work environment, but you need to have established times when team members are online and available for discussion.”
To prevent remote accountants from falling behind, you’ll need to set up ways to document their progress on projects and conduct regular check-ins. Some firms even require remote accountants to sign service level agreements (SLAs) to certify work requirements.
“Communication SLAs help keep everyone on the same page and clients satisfied. Consider establishing SLAs around how quickly remote accountants must return communication to clients via email, Slack, and/or phone,” Watson said.
Documenting remote accountant performance can also protect your liability and aid your legal counsel if disagreements occur.
“Employment practices vary state to state, so trying to terminate a remote employee with cause in absence of regular performance evaluations can be near impossible,” Diaz said. “Remote workers may not have consistent, in-person interactions with peers or supervisors. So employment disagreements often come down to a ‘he said/she said’ situation with few witnesses to back up the interest of the company.”
6) Leave room for flexibility and updates
New productivity, communication, and business applications seem to pop up every day, and the “platforms of choice” may change from year to year. As these new platforms become more popular, increasingly sophisticated cyber threats arise alongside them.
Not long ago, most accounting firms relied almost exclusively on email to connect with each other, talk to clients, and distribute files. Now project management solutions like Wrike and communication tools like Slack rule the day. Five years from now, who knows what applications we’ll be using–or what new security risks they’ll carry?
While it’d be nice if you could put together a remote accountant policy that’s set in stone forever, that just isn’t realistic in our constantly changing technological landscape. “Policy” and “flexibility” may sound like polar opposites, but if you want to truly and consistently protect your company’s interests, your remote worker protocols should be designed with agility and evolution in mind.
“We’ve got a half-page checklist and we can modify it each generation to make it better,” Betz said. “If we had a rigid, lengthy policy, the time it would take to keep such a thing updated would prevent us from leveraging the coolest new tech.”
Worry less about policy by recruiting the best remote accountants
While we encourage you to include everything we’ve listed in your remote accountant policy, such safeguards don’t matter nearly as much when you hire productive, honest accountants you can trust. That’s where a partner like Accountingfly comes in. Browse our database of the best remote accountants in the world, and start building your ultimate cloud accounting team today.
About the Author
Jeff Phillips is the CEO of Accountingfly and the publisher of GoingConcern.com. He has 19 years of experience in building and implementing recruitment strategies and has spent the last 6 years leading Accountingfly, a recruitment platform for employers of financial talent. Prior to starting Accountingfly, Jeff was with Monster.com where he helped craft recruitment strategy for clients such as H&R Block, Shell, Dell, Walmart, AT&T and Verizon. As publisher of the popular website Going Concern, Jeff’s team has built (and learns from) the largest audience of Millennial CPAs of any publication or website. He was named among the Top 100 Most Influential People by Accounting Today for 3 consecutive years.