Are You Protecting Client Data When Sending Files Over the Internet?

From the June 2012 issue.

As the world moves online, a whole new paradigm is developing around the concept of data storage and data transfer. For the past 30 years, computer users have gradually learned about the tradeoffs of storing data on our local PCs compared with centralizing file storage on LAN servers.

But before the PC revolution (i.e. the mainframe era), users had no involvement in decisions about where the data would be stored. At most, we controlled file names, but usually we had little or no control over the location of the data. Along our path to the cloud computing model where data is centralized and access to data is “granted,” as opposed to “transferred,” there is both a paradigm shift, and a transition path that warrants some thought.

When you incorporate the cloud into your systems, there are two important concepts to think about when storing, managing and transferring data files. The first is how to transfer files securely between computers, and the second is how and where to store, manage and archive data in ways that is secure and flexible for business processes.

Cloud Storage and File Sharing Solutions for Casual Users
If you’ve searched the internet for “cloud storage,” you’ll find several “free” products/services available, such as Box.net, DropBox, Google Drive, Microsoft Skydrive, and Apple iCloud. All of these have “freemium” services, meaning, you can use limited features for free, after which you can upgrade and pay if you need larger file transfer or storage needs. For the most part, each of these services are fine for casual use such as photo sharing, personal file storage, and similar non-business critical use, but when you design solutions for business environments, you should look for more secure, full-featured solutions.

Secure File Transfer Options
As we move some or all of our business data into cloud environments, we’ll still need to transfer files between computers from time to time. Of course, it’s easy to attach documents to emails, but without special tools, there is no easy way to securely send and receive documents.

As an accounting professional, you’re required to transfer sensitive information every day in tax returns, payroll reports, financial statements, QuickBooks or Peachtree files, and other financial documents. You could just attach these files to an email, but is that really the safest, smartest way to share information?

Considering the ever-increasing security risks associated with internet communication, and especially email, it’s more important than ever for accountants to find secure means of file transfer that help them protect their own business information as well as their clients’ information.

Think of an email as a postcard – if you attach a file containing confidential information to that email, it’s just about as risky as writing that confidential information on the postcard. As the postcard travels through the postal service all of the information is visible to anyone who happens to see it, including the mail carrier and anyone who sees the mail before it reaches the recipient. Also, a file attached to an email can be hacked.

Even if you password protect that file, it’s still quite risky. While password protection is much better than no security at all, it’s shockingly easy to crack passwords on attached documents using password hacking software. Even password-protected PDF documents are vulnerable (Google it), so the bottom line is DO NOT ATTACH SENSITIVE DOCUMENTS TO EMAILS.

The better way to transmit documents is to use a cloud-based service that provides encryption upon upload by the sender, and decryption upon download by the receiver. There are a few cloud services that provide that encryption (which is analogous to shredding that postcard before you send it out and then reassembling it for the recipient), but with widespread concerns about the safety of your data in the cloud, which product do you choose?