Security Issues

BY JEFF DREW
November 23, 2011

With 2012 just around the corner, the JofA gathered the three technology keynote speakers from the AICPA’s 2011 Practitioners Symposium/TECH+ Conference to talk about tech trends heading into the new year. The nearly 90-minute conversation covered a wide range of technical issues critical to all CPAs.

Participating in the call were:

  • David Cieslak, CPA/CITP, aka Inspector Gadget, a principal with Arxis Technology.
  • Randy Johnston, executive vice president of both Network Management Group Inc. and K2 Enterprises.
  • Rick Richardson, CPA/CITP, founder and CEO of Richardson Media & Technologies.


Moderating the call were:

  • J. Carlton Collins, technology and accounting systems consultant and author of the JofA’s monthly Technology Q&A column.
  • Jeff Drew, senior editor covering technology for the JofA.


The JofA is presenting the online version of the conversation in 10 installments released over a nearly two-month span. Each part focuses on one major topic and features audio clips from the conversation. Part eight outlines how products, procedures and portals can boost the protection of sensitive client data.

The complete schedule is available at the bottom of this article and at journalofaccountancy.com/tech.

Audio

Audio: Click here to listen as Randy Johnston, Dave Cieslak and Rick Richardson offer tips for keeping sensitive client data secure.

Collins: Let’s focus on security for just a moment. Security continues to rank high in the minds of many CPAs, and most CPAs are running anti-virus software. They have their firewall devices up and running. They enforce password logins everywhere. But yet, they’re still sending their email across the Internet naked and wide open to the public. Randy, what’s the best way for CPAs to lock down their email from prying eyes, and can you recommend a few specific products?

Randy Johnston

Johnston: You know, Carlton, I’ll respond to that with three products today that I think are reasonable choices. Probably the most popular one is ZixCorp out of Dallas. They’re certified for use by the FDIC in the banking industry. Another one that I’ve liked is a product called the Secured-Accountant. And a third one that is good is CPA SafeMail. So there (are) three examples, but let’s give you one more. We can do something a little more complex, like use the secure email on PGP, but that’s more clumsy. We’ve got to have a product that is simple to use not only for the CPAs themselves, but the recipients of these, whether they’re clients from the CPA firm or customers from an industry business. So using encrypted email is really critical, particularly if you can’t get clients to use secure portals.

Collins: OK, thank you, Randy. Rick, in your opinion, what’s the biggest security threat out there for CPAs? What should they be concerned with, and what can they do about it?

Rick Richardson

Richardson: I think probably—I want to go back to that secure portals comment of Randy’s, because I think a lot of CPAs still think that they can use email as a method of, even if it is secured, client communication, when they should be thinking far more about the ability to have a secure portal and that their clients begin using that secure portal for both upload and download of sensitive information.

In terms of exposure, I really think the issue’s going to come down to somebody either losing or having a competitive advantage lost as a result of a competitor obtaining data that a CPA just didn’t properly husband. And when that happens … a lot of people within the profession are going to say, “Gee, we really need to be far more articulate about how important (the) trustworthiness of this data becomes.”

And again, coming back to the portal, it provides not only a solution for the storage side of life, if you tie it into a cloud service, but provides that secure service in terms of its encryption up and down the communications channel.

Collins: OK, thank you, Rick. Dave, talk to us about laptops for a moment. Which encryption solution do you recommend for encrypting a hard drive on a laptop?

David Cieslak

Cieslak: Great question, Carlton. Honestly, I look at—I say that every business machine today quite honestly should be running Windows 7. We look at Windows 7 as an operating system, so if you—I should maybe couch that and say, if you’re running Windows, then Windows 7 should definitely be the product that you—the version that you should be running. And it’s got its own built-in drive encryption technology. And so it’s important to Microsoft that the data be secure on the system, so they’ve got their BitLocker product, and so that’s going to support not only the hard drive, the built-in hard drive, but it even also now supports removable data with their BitLocker to Go. So we like and we use the Windows 7 BitLocker. But if you’re looking for maybe a free open-source solution, we’ve got a number of clients using and very happy with the TrueCrypt product. So that’s free, it’s open-source, and it’s going to support Windows. It’s going to work actually in a variety of environments, so we really like that as a good encryption tool as well.

And then, finally, what I would tell you is that some of the new drives themselves that we’re seeing are actually self-encrypting or hardware encrypting. And so if you’ve got that opportunity, you’ve got that option, that may very well be something you’d want to consider directly as well. That way, you’re not experiencing some of the overhead, some of the drag on the hardware, because the hard drive itself is taking over that task for you.

Also read:


More from the JofA:

 Find us on Facebook  |   Follow us on Twitter  |   View JofA videos

PROFESSIONAL DEVELOPMENT: EARLY CAREER

Making manager: The key to accelerating your career

Being promoted to manager is a key development in a young public accountant’s career. Here’s what CPAs need to learn to land that promotion.

PROFESSIONAL DEVELOPMENT: MIDDLE CAREER

Motivation and preparation can pave the path to CFO

CPAs in business and industry face intense competition to land a coveted CFO job. Learn how to best prepare yourself for the role.

PROFESSIONAL DEVELOPMENT: LATE CAREER

Second act: Consulting

CPAs are using experience to carve out late-career niches. Learn how to successfully make a late-career transition to consulting, from CPAs who have done it.