Audio: Click here to listen as Randy Johnston, Dave Cieslak and Rick Richardson offer tips for keeping sensitive client data secure.
Collins: Let’s focus on security for just a moment. Security continues to rank high in the minds of many CPAs, and most CPAs are running anti-virus software. They have their firewall devices up and running. They enforce password logins everywhere. But yet, they’re still sending their email across the Internet naked and wide open to the public. Randy, what’s the best way for CPAs to lock down their email from prying eyes, and can you recommend a few specific products?
Johnston: You know, Carlton, I’ll respond to that with three products today that I think are reasonable choices. Probably the most popular one is ZixCorp out of Dallas. They’re certified for use by the FDIC in the banking industry. Another one that I’ve liked is a product called the Secured-Accountant. And a third one that is good is CPA SafeMail. So there (are) three examples, but let’s give you one more. We can do something a little more complex, like use the secure email on PGP, but that’s more clumsy. We’ve got to have a product that is simple to use not only for the CPAs themselves, but the recipients of these, whether they’re clients from the CPA firm or customers from an industry business. So using encrypted email is really critical, particularly if you can’t get clients to use secure portals.
Collins: OK, thank you, Randy. Rick, in your opinion, what’s the biggest security threat out there for CPAs? What should they be concerned with, and what can they do about it?
Richardson: I think probably—I want to go back to that secure portals comment of Randy’s, because I think a lot of CPAs still think that they can use email as a method of, even if it is secured, client communication, when they should be thinking far more about the ability to have a secure portal and that their clients begin using that secure portal for both upload and download of sensitive information.
In terms of exposure, I really think the issue’s going to come down to somebody either losing or having a competitive advantage lost as a result of a competitor obtaining data that a CPA just didn’t properly husband. And when that happens … a lot of people within the profession are going to say, “Gee, we really need to be far more articulate about how important (the) trustworthiness of this data becomes.”
And again, coming back to the portal, it provides not only a solution for the storage side of life, if you tie it into a cloud service, but provides that secure service in terms of its encryption up and down the communications channel.
Collins: OK, thank you, Rick. Dave, talk to us about laptops for a moment. Which encryption solution do you recommend for encrypting a hard drive on a laptop?
Cieslak: Great question, Carlton. Honestly, I look at—I say that every business machine today quite honestly should be running Windows 7. We look at Windows 7 as an operating system, so if you—I should maybe couch that and say, if you’re running Windows, then Windows 7 should definitely be the product that you—the version that you should be running. And it’s got its own built-in drive encryption technology. And so it’s important to Microsoft that the data be secure on the system, so they’ve got their BitLocker product, and so that’s going to support not only the hard drive, the built-in hard drive, but it even also now supports removable data with their BitLocker to Go. So we like and we use the Windows 7 BitLocker. But if you’re looking for maybe a free open-source solution, we’ve got a number of clients using and very happy with the TrueCrypt product. So that’s free, it’s open-source, and it’s going to support Windows. It’s going to work actually in a variety of environments, so we really like that as a good encryption tool as well.
And then, finally, what I would tell you is that some of the new drives themselves that we’re seeing are actually self-encrypting or hardware encrypting. And so if you’ve got that opportunity, you’ve got that option, that may very well be something you’d want to consider directly as well. That way, you’re not experiencing some of the overhead, some of the drag on the hardware, because the hard drive itself is taking over that task for you.
- Part 1: Key Technology Issues for 2012, Oct. 5, 2011
- Part 2: Favorite New Technology, Oct. 12, 2011
- Part 3: Cloud Computing, Oct. 19, 2011
- Part 4: Mobile Technologies: Tablets and Smartphones, Oct. 26, 2011
- Part 5: New Revenue Sources for CPA Firms, Nov. 2, 2011
- Part 6: Social Media, Nov. 9, 2011
- Part 7: Software Trends for 2012, Nov. 16, 2011
- Part 9: Hardware Trends for 2012, Nov. 30, 2011
- Part 10: Video, Dec. 7, 2011