IN FIRM: Secure Communications Tools
by Roman H. Kepczyk, CPA.CITP  (May 20, 2008-reprinted with permission) 

CPAs have long been the “Information Communicators” of the business world as they take the data they receive from their clients and transition it to useful business information in the form of budgets, tax returns, financial reports and analysis.  As this information transitions to a digital format in today’s “less paper” world, communications technology takes on an added importance for both the inbound and outbound movement of data.  Using communication tools such as email, smart phones, portals and remote access technologies, accountants can access and transfer information more efficiently and safely than previous technologies as long as they are aware of the pitfalls.

Email: Most accountants rely heavily on email as one of their primary means of communicating with clients and business partners because it is fast, convenient, low cost, and easily accessible.  The majority of firms are often sending attachments within these emails that may also include confidential information such as social security numbers within a tax return or private information within financial documents.  While some firms use passwords to lock down these documents, the majority are sending these files completely unprotected, which can be accessible by people having access to the owner’s computer and email accounts.  A basic security precaution is to make sure that users log out of their email whenever they walk away from their desk, or at a minimum have a screensaver password that locks out the screen after 30 minutes of non-use.

For those accountants using passwords on documents attached to emails, there are real concerns that today’s increasingly sophisticated programming tools can crack or remove these passwords and there are services that will do this for a nominal fee.  For firms with a smaller number of clients having a higher volume of confidential communications, one solution is encrypted email that is available through companies such as VeriSign, CertifiedMail, and PGP.  These applications set up a trusted relationship between the accounting firm and the client’s email address to encrypt email both ways, which is a service also available through some of the hosted remailer services such as Postini.  As email is one of the primary ways that viruses are introduced into a firm and can compromise security, remailers such as Postini, AppRiver and Mi-8 provide enterprise-class virus and spam filtering to further protect the firm.

Portals: While email encryption can be somewhat expensive for those firms having a higher number of clients with a small number of interactions, an emerging solution is the use of client portals that create a secured space on the Internet for firms to transfer files to and from clients.  The added benefit of these portals is that they have very high capacities for moving large files, which is often a limitation of the email systems that are often capped at one or two megabytes.  Portals are ideal for transferring increasingly larger financial statements (PDF Images), as well as client accounting data files such as QuickBooks or Peachtree files.  While there are public storage solutions such as WhaleMail, XDrive, and Mozy, that can be used to move large files, if the firm has a document management system with a portal, it is easier to train end users to manage and use the portal as they are part of the same system.  Today’s providers such as CCH Document, Doc-It, GoFileRoom and Creative Solutions NetClient have portal add-ins that are integrated with the document management system, which is the recommended solution for client file transfers today.

Remote Users: More and more firms are allowing personnel to connect to firm resources from remote sites ranging from clients and hotels via firm provided laptops to employee’s homes on their personnel workstations. For a small number of users, Windows XP Remote and Vista allow home users to connect to their own workstation within the firm, but it is imperative that they use hardened passwords and that the remote user has an active firewall and anti-virus program on their remote computer.  The firm can put extensive access controls in place that can be easily compromised by a remote user that has an unprotected WiFi connection in their home.  For larger numbers of users (ten or more), Citrix and Windows Terminal Services (WTS) can be cost effectively set up to allow secure remote access.  One feature that makes Citrix/WTS solutions attractive from a security standpoint, is that all data access through this connection resides on the firm’s servers, so when the remote computer is turned off, there is no client information stored locally, minimizing the impact of a theft.

Mobile Device Security: One of the risks of using laptops is that today the majority of firms store client data locally on these machines, which can be compromised if the laptop is lost or stolen.  Again, firms should make sure they have a hardened logon password and are using automatic screensaver lockouts, so that a laptop that is logged into the firm from a remote site is protected.  To further secure laptops, it is advisable that firms utilize cable locks and consider securing the data on the hard disk either with encryption tools such as PGP, WinMagic or GuardianEdge or a BIOS level password.  It is also important not to forget to secure today’s Blackberry, Treo and Microsoft Mobile smart phones.  One of the benefits of these devices is that they can synchronize contact information as well as receive email, including attachments.  These devices should all require password access and the ability for the firm to eliminate the data remotely.

The Internet and all of its attached devices have become an ideal medium for CPAs to transact business and improve communications with clients and business partners.  By taking the extra steps to secure these communications, we can be sure to be able to take advantage of these capabilities.

Roman H. Kepczyk, CPA.CITP is President of InfoTech Partners North America, Inc. and works exclusively with CPA firms to implement today’s digital best practices to optimize firm productivity.  This article was reprinted with permission from the CPA Technology Advisor.

InfoTech Partners North America, Inc. , 13656 S. 37th Place, Phoenix, AZ 85044 Email: ITPartner@itpna.com Phone: (480) 706-1728 Fax: (480) 718-8880