3 Steps to Keeping Client Accounting Data Secure
It worries me when I receive an e-mail containing unencrypted client information, especially when that e-mail comes from another accountant. Social security numbers, account numbers and other private information that some nefarious person could use to infiltrate a client’s life and steal that person’s identity are right there, ripe for the taking.
If the sender mistypes my e-mail address by just one letter, who knows where the information might end up? Can I be assured that every server routing every e-mail is uncompromised? Sure, sometimes there’s a blurb at the end of the e-mail that states that everything contained is confidential, but identity thieves are unlikely to be stopped by a stern warning, even if it is typed in ALL CAPS.
At my firm, we secure client data 3 ways:
- Sensitive information is only sent via e-mail as a last resort.
- We store our client data on an encrypted, cloud-based system to allow for secure sharing information among our teleworkers and other stakeholders without the maintenance, overhead and risk of an in-house server.
- When data does need to be sent via e-mail, it’s sent in a password protected document and the password is communicated separately.
The first two security methods are really part of the same solution. Using SmartVault as a repository for all client data gives us the ability to share information, easily and securely, with anybody in the world. With the click of a mouse, anyone may be granted access to selected files in the vault. A link is e-mailed automatically, and the stakeholder is invited to create a SmartVault login where requested information is available to view or download. This can also work in reverse, giving stakeholders a secure portal to send documents to our firm. All files are sent through an encrypted connection and stored on a sophisticated server that’s far safer than anything we could possibly hope to run in-house. Granular security permissions mean we can specify read and write access at the file and folder levels.
Occasionally, sending a SmartVault link and having the end-user log into a file management system is impractical. Sending a one-off document to a banker we may never speak to again is a good example of that. In this situation, we use password-protected documents – either a PDF encrypted with Acrobat 10 or above, or a password encrypted Word or Excel document from Office 2010 or above.
Of course, encrypting a file is worthless if the password is sent with the file. That’s like locking the front door and leaving the key in the lock. With no other choice, we can send passwords in a separate email, but the preferred method is to send passwords via phone text or on a voice phone call. Also, an encrypted file is only as secure as the password used to encode it. A 4 character password of only numbers can be broken in seconds, while an 8 character password comprising letters, numbers, and symbols could take years. Add more characters and the timeframe to break in goes up exponentially.
Using a cloud storage solution like SmartVault provides unparalleled protection and easy sharing of client data. Even without a third-party file management system, though, it’s possible add a layer of relatively inexpensive protection to any practice by simply adding passwords to documents sent via e-mail, and sending those passwords separately. One minute of extra effort, if that, is all it takes to eliminate one vulnerable spot for information theft.