Technology
In Firm: Secure Communications Tools
Column: Technology IN Practice
Dec. 01, 2008
Tax and accounting professionals have long been the “Information Communicators”
of the business world as they take the data they receive from their clients
and transition it to useful business information in the form of budgets, tax
returns, financial reports and analysis. As this information transitions to
a digital format in today’s “less paper” world, communications
technology takes on an added importance for both the inbound and outbound movement
of data. Using communication tools such as e-mail, smart phones, portals and
remote access technologies, accountants can access and transfer information
more efficiently and safely than previous technologies as long as they are aware
of the pitfalls.
E-mail
Most accountants rely heavily on e-mail as one of their primary means of communicating
with clients and business partners because it is fast, convenient, low cost
and easily accessible. The majority of firms are often sending attachments within
these e-mails that may also include confidential information such as social
security numbers within a tax return or private information within financial
documents. While some firms use passwords to lock down these documents, the
majority send these files completely unprotected, which can be accessible by
people having access to the owner’s computer and e-mail accounts. A basic
security precaution is to make sure that users log out of their e-mail whenever
they walk away from their desk, or at a minimum have a screensaver password
that locks out the screen after 30 minutes of non-use.
For those accountants using passwords on documents attached to e-mails, there
are real concerns that today’s increasingly sophisticated programming
tools can crack or remove these passwords and there are services that will do
this for a nominal fee. For firms with a smaller number of clients having a
higher volume of confidential communications, one solution is encrypted e-mail
that is available through companies such as VeriSign, CertifiedMail and PGP.
These applications set up a trusted relationship between the accounting firm
and the client’s e-mail address to encrypt e-mail both ways, which is
a service also available through some of the hosted remailer services such as
Postini. As e-mail is one of the primary ways that viruses are introduced into
a firm and can compromise security, remailers such as Postini, AppRiver and
Mi-8 provide enterprise-class virus and spam filtering to further protect the
firm.
Portals
While e-mail encryption can be somewhat expensive for those firms that have
a higher number of clients with a small number of interactions, an emerging
solution is the use of client portals that create a secured space on the Internet
for firms to transfer files to and from clients. The added benefit of these
portals is that they have very high capacities for moving large files, which
is often a limitation of the e-mail systems that are often capped at one or
two megabytes. Portals are ideal for transferring increasingly larger financial
statements (PDF Images), as well as client accounting data files such as QuickBooks
or Peachtree files. While there are public storage solutions such as WhaleMail,
XDrive and Mozy that can be used to move large files, if the firm has a document
management system with a portal, it is easier to train end users to manage and
use the portal as they are part of the same system. Today’s providers
such as CCH ProSystem fx Document, Acct1st, Doc-It, Thomson Tax & Accounting’s
GoFileRoom and NetClient CS all have portal add-ins that are integrated with
the document management system, which is the recommended solution for client
file transfers today.
Remote Users
More and more firms are allowing personnel to connect to firm resources from
remote sites ranging from client offices and hotels via firm-provided laptops
to employee’s homes on their personal workstations. For a small number
of users, Windows XP Remote and Vista allow home users to connect to their own
workstation within the firm, but it is imperative that they use hardened passwords
and that the remote user has an active firewall and anti-virus program on their
remote computer. The firm can put extensive access controls in place that can
be easily compromised by a remote user that has an unprotected Wi-Fi connection
in their home. For larger numbers of users (10 or more), Citrix and Windows
Terminal Services (WTS) can be cost effectively set up to allow secure remote
access. One feature that makes Citrix/WTS solutions attractive from a security
standpoint is that all data access through this connection resides on the firm’s
servers, so when the remote computer is turned off, there is no client information
stored locally, which minimizes the impact of a theft.
Mobile Device Security
One of the risks of using laptops is that today the majority of firms store
client data locally on these machines, which can be compromised if the laptop
is lost or stolen. Again, firms should make sure they have a hardened logon
password and are using automatic screensaver lockouts, so that a laptop that
is logged into the firm from a remote site is protected. To further secure laptops,
it is advisable that firms utilize cable locks and consider securing the data
on the hard disk either with encryption tools such as PGP, WinMagic or GuardianEdge,
or a BIOS level password. It is also important not to forget to secure today’s
BlackBerry, Treo and Microsoft Mobile smart phones. One of the benefits of these
devices is that they can synchronize contact information as well as receive
e-mail, including attachments. These devices should all require password access
and the ability for the firm to eliminate the data remotely.
The Internet and all of its attached devices has become an ideal medium for
tax and accounting professionals to transact business and improve communications
with clients and business partners. By taking the extra step to secure these
communications, we can ensure that we are able to take advantage of these capabilities.