CPAs Need to Protect Client Data
by Jason Sherrill
Certified Public Accountants handle enormous amounts of sensitive data when working with their business and individual clients, but many CPAs are not aware of the risk that they're subjecting their clients to when they send or receive documents through many common sharing methods today. Let’s look at three of the most common methods by which CPAs unwittingly put customer data at risk.
E-mail
Email is still the most common way that CPAs and their clients exchange documents with one another. Pay stubs, copies of 1099s, W-2 forms, shareholder agreements, and numerous other documents that contain highly sensitive data are sitting in unprotected inboxes, mobile phones, and mail servers around the globe. Data sent through email is easy prey for even unsophisticated data thieves.
While many modern email servers use TLS encryption to protect email in transit from the one server to another and from the email client to the server, once the email arrives at its destination, most email today is stored in unprotected formats. When networks are infiltrated or malware infects a computer, email is often scanned and harvested for contact information and sensitive data.
Whenever an email is sent there is a high likelihood that one email will spawn multiple copies as its retrieved on a phone, a tablet, a desktop computer, and a mail archiving server. In addition, a copy of the email will also be stored in backups of the mail server, the mail archiving server, the mobile phone, the tablet, and the computer. That single email and its attachments can produce a dozen or more copies, many of which will be stored in locations that are fairly easy for data thieves to compromise.
Insecure File Sharing Sites
Services like DropBox, Simple File Exchange, and others have become popular among internet users, not because of their security, but rather because they make sharing files fast & easy. The drawback to these file sharing services is that security isn't their core foundation.
Many of the most common file sharing services use inexpensive cloud storage that replicates copies of your files to storage devices across the globe with virtually no easy way to track who has physical and logical access to your data. File sharing services that synchronize your data across all of your devices (phones, computers, tablets, etc.) create the same amplification effect that email does whereby it produces many new points of vulnerability for your files.
Fax
Many CPAs and their clients falsely assume that sending a fax is secure. Many fax numbers today are actually virtual fax numbers that convert received faxes into email attachments that are stored in the cloud and then emailed as unprotected attachments to the fax recipient. The faxed documents are therefore vulnerable to theft in all of the same places that email is. In addition, they're also vulnerable at the cloud storage locations.
Modern fax machines also can store copies of faxes that are sent and received, which can be accessed both at the fax machine in over wired and wireless networks. Data stored in the fax machine memory is often not encrypted and many fax machines have very limited security, if any has been enabled at all.
A Safer Solution
Delivered Secure is a web-based secure file transfer and messaging solution that overcomes nearly all of the security issues in e-mail, fax, and insecure file sharing sites. Files are never sent over the internet in a decrypted state and they’re always stored in Delivered Secure in an encrypted, dual-authenticated storage medium. Since Delivered Secure does not synchronize files across multiple devices, the amplification effect present in e-mail and other file synchronization services is also mitigated. Neither senders nor recipients need to install any software to use it, and both senders and recipients can permanently delete messages and attachments at any time from the system. For CPAs, Delivered Secure is a safe and easy to use method to protect themselves and their clients’ data.
Jason Sherrill
Jason works behind the scenes on security processes and architecture. Jason also works directly with customers to help guide product development road map and functionality of Delivered Secure.