CPA Website Design Can Help Secure Your Clients' Private Information
Computers & Technology → Site Security
- Author Ken Marshall
- Published April 25, 2011
- Word count 865
Information protection is essential to any business' relationships with it's customers. With office productivity becoming progressively more dependent on internet communications, and with the web becoming progressively more complex and vulnerable to internet criminals, this can speedily become tricky if you seem uncertain about how internet security works. Your accounting website design is a key piece of your internet security strategy. Generally your customers are not too web savvy, and the information they regularly send you is tremendously sensitive. In order to protect them you're going to want a casual familiarity with your website and it's security features.
Assuming the office is properly secured (network restricted to local IP, doors locked, alarm system, etc.) the weakest spot in an accounting firm's security is during the transfer of data to and from your clients. Email is a huge security issue. Email communications are perhaps the biggest security problem your firm has.
Let me put this plainly. Email is a wonderful medium for routine communications, but it's ease of use has lured many accounting firms up the garden path. Don't allow your clients and staff to email confidential information.
The problem with email is that much of the process occurs outside your control. There is a common misconception that when you send an email it goes straight to the recipient, but nothing could be further from the truth. Messages are routed through an vast network of mail servers. By the time it reaches it's destination it's likely passed through a dozen or so third party servers. If any of these mail servers are hacked along the way, and mail servers are a favorite target of malicious hackers, your email could wind up being intercepted. Identity thieves harvest huge amounts of information in this way.
Layers of protection can be added to email by adding passwords or encryption, but a skilled hacker can defeat these precautions.
Your accounting website design can almost completely eliminate the risk of this type of attack.
When you design your website include a Secure File Transfer feature. When you transfer a file using this type of FTP protocol you can connect directly to the web server, bypassing the outside servers that email depends on. Each client should have his or her own password protected directory on the server, rather like an online safe-deposit box, so that only you and they can access it. Encrypting the transfer adds another layer of protection that will protect your data from an "inside job". The best systems actually keep data encrypted while it's being stored. This makes the directory suitable for long term information storage.
A lot of your clients will be nervous about using the internet to send and store files. If you have a basic knowledge of these systems it will go a long way to easing their concerns, so here are a few of the basics...
Passwords
Passwords need to be protected from "brute-force" attacks by forcing a time out if a login attempt fails more than a few times in a row. If a hacker writes a simple script that runs every possible permutation of a password until it hits the right one a thirty minute delay every three checks will slow him down more than enough to make this tactic useless. Passwords should be long, at least eight characters, and they should include letters and numbers. The number one cause of internet security breaches is human error. You'd be shocked how many hackers get people's passwords by simply asking for them. Never tell anyone your password, and avoid leaving them written down anywhere that your staff and clients can find them.
Security Certificates
Security certificates are central to online encryption. They store the keys used to decrypt online data. Be careful to use them right. Out of date security certificates or certificates obtained from "untrusted" sources will make you look bad and scare your clients away.
SSL and TSL
These are encryption protocols. SSL, or "Secure Socket Layer" is an older protocol that is still seeing widespread use. The second commonly found encryption protocol is much newer. The adoption of "Transport Layer Security" has been slow because many offices use older equipment or unsupported applications that are incompatible with it. Both work pretty much the same way. TLS has made some improvements, but those differences are very technical. There is a third type called PCT, or "Private Communications Transport" that is relatively unused.
SAS 70
This is an accounting industry standard managed by the AICPA. It's a simple auditing statement. It's not just industry self-policing, though. Publicly traded accounting firms must be SAS 70 certified by law. A SAS 70 certification indicates that the security has been accepted by the auditor.
Gramm-Leach-Bliley Act
Also known as the "Financial Services Modernization Act" of 1999, this legislation includes rules that govern the privacy standards of all financial institutions which by definition includes any accounting business that prepares tax returns. The GLB demands of all accounting businesses to fashion a formal information security strategy, name an individual to direct security, analyze security procedures of all departments with access to customer files, develop a continuing plan to monitor information security, and keep these procedures up to date with changing technology.
Kenny Marshall is a consultant and former Vice President of CPA Site Solutions, one of the country's most successful web businesses oriented entirely to accounting website design.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- A Brief Guide: The A-Z of Tailgating Attacks
- Essential Tips for Proofreading and Editing University Assignments
- Stop the Bleeding
- Top 10 Digital Forensics Tools: An In-Depth Exploration
- All You Need To Know To Secure Your Data From Phishing
- Crypto Security Guide: Everything You Need to Know to Protect Your Crypto
- Advancing Email Validation in Laravel
- Fortifying the Digital Fortress: Understanding the Foundations of Cybersecurity Architecture
- How is GenAI Changing Cybersecurity?
- AI-Enhanced Cybersecurity Trends for 2024
- The Game of Trust: A Guide to the Future of KYC in Gaming
- AI in Cybersecurity: The New Frontier in Digital Protection
- Metadata: The Attorney’s Secret Weapon in Civil Litigation
- The importance of cyber security
- 5 Reasons to Comply with CMMC
- Payless CCTV Security Camera
- How Bitdefender Protect From Pegasus Spyware
- Printer Security? Here Are 6 Tips To Keep Your Business Safe
- Why it is important to install Access control system at your business
- Powerful Keyloggers for Windows
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!