web analytics
  Featured Eseminar Auditor Download GuardianEdge GuardianEdge Federal

    “Companies should act now and protect all data before they themselves are faced with the costs of a data breach. There is a very real risk that long-lasting damage could be done to a company’s reputation and brand image.”

    —Alex Kwiatkowski, lead analyst at Datamonitor.
    Encryption, Now More than Ever



    In Firm: Secure Communications Tools


    Tax and accounting professionals have long been the “Information Communicators” of the business world as they take the data they receive from their clients and transition it to useful business information in the form of budgets, tax returns, financial reports and analysis. As this information transitions to a digital format in today’s “less paper” world, communications technology takes on an added importance for both the inbound and outbound movement of data. Using communication tools such as e-mail, smart phones, portals and remote access technologies, accountants can access and transfer information more efficiently and safely than previous technologies as long as they are aware of the pitfalls.


    December 3, 2007

    Courtesy of The CPA Technology Advisor

    E-mail
    Most accountants rely heavily on e-mail as one of their primary means of communicating with clients and business partners because it is fast, convenient, low cost and easily accessible. The majority of firms are often sending attachments within these e-mails that may also include confidential information such as social security numbers within a tax return or private information within financial documents. While some firms use passwords to lock down these documents, the majority send these files completely unprotected, which can be accessible by people having access to the owner’s computer and e-mail accounts. A basic security precaution is to make sure that users log out of their e-mail whenever they walk away from their desk, or at a minimum have a screensaver password that locks out the screen after 30 minutes of non-use.

    For those accountants using passwords on documents attached to e-mails, there are real concerns that today’s increasingly sophisticated programming tools can crack or remove these passwords and there are services that will do this for a nominal fee. For firms with a smaller number of clients having a higher volume of confidential communications, one solution is encrypted e-mail that is available through companies such as VeriSign, CertifiedMail and PGP. These applications set up a trusted relationship between the accounting firm and the client’s e-mail address to encrypt e-mail both ways, which is a service also available through some of the hosted remailer services such as Postini. As e-mail is one of the primary ways that viruses are introduced into a firm and can compromise security, remailers such as Postini, AppRiver and Mi-8 provide enterprise-class virus and spam filtering to further protect the firm.

    Portals
    While e-mail encryption can be somewhat expensive for those firms that have a higher number of clients with a small number of interactions, an emerging solution is the use of client portals that create a secured space on the Internet for firms to transfer files to and from clients. The added benefit of these portals is that they have very high capacities for moving large files, which is often a limitation of the e-mail systems that are often capped at one or two megabytes. Portals are ideal for transferring increasingly larger financial statements (PDF Images), as well as client accounting data files such as QuickBooks or Peachtree files. While there are public storage solutions such as WhaleMail, XDrive and Mozy that can be used to move large files, if the firm has a document management system with a portal, it is easier to train end users to manage and use the portal as they are part of the same system. Today’s providers such as CCH ProSystem fx Document, Acct1st, Doc-It, Thomson Tax & Accounting’s GoFileRoom and NetClient CS all have portal add-ins that are integrated with the document management system, which is the recommended solution for client file transfers today.

    Remote Users
    More and more firms are allowing personnel to connect to firm resources from remote sites ranging from client offices and hotels via firm-provided laptops to employee’s homes on their personal workstations. For a small number of users, Windows XP Remote and Vista allow home users to connect to their own workstation within the firm, but it is imperative that they use hardened passwords and that the remote user has an active firewall and anti-virus program on their remote computer. The firm can put extensive access controls in place that can be easily compromised by a remote user that has an unprotected Wi-Fi connection in their home. For larger numbers of users (10 or more), Citrix and Windows Terminal Services (WTS) can be cost effectively set up to allow secure remote access. One feature that makes Citrix/WTS solutions attractive from a security standpoint is that all data access through this connection resides on the firm’s servers, so when the remote computer is turned off, there is no client information stored locally, which minimizes the impact of a theft.

    Mobile Device Security
    One of the risks of using laptops is that today the majority of firms store client data locally on these machines, which can be compromised if the laptop is lost or stolen. Again, firms should make sure they have a hardened logon password and are using automatic screensaver lockouts, so that a laptop that is logged into the firm from a remote site is protected. To further secure laptops, it is advisable that firms utilize cable locks and consider securing the data on the hard disk either with encryption tools such as PGP, WinMagic or GuardianEdge, or a BIOS level password. It is also important not to forget to secure today’s BlackBerry, Treo and Microsoft Mobile smart phones. One of the benefits of these devices is that they can synchronize contact information as well as receive e-mail, including attachments. These devices should all require password access and the ability for the firm to eliminate the data remotely.

    The Internet and all of its attached devices has become an ideal medium for tax and accounting professionals to transact business and improve communications with clients and business partners. By taking the extra step to secure these communications, we can ensure that we are able to take advantage of these capabilities.