The keystone of a practice’s client relationships is confidence. This makes information protection one of the most essential responsibilities you accept when you decide to become an accountant. Design your your accounting website design to assist you in reinforcing that relationship. Most of your customers are not well-educated about net security, which means to keep their private information protected you’re going to need at least a passing familiarity with the security features on your website.
Email is BAD. Don’t allow your clients and staff to email confidential information.
When you send an email you send it “out there”. Much of the process occurs on servers over which you have no control, and for which there is little or no accountability. When you send an email it doesn’t go straight to the recipient. The message is routed through a dozen or more mail servers before finally being delivered to your recipient. If any of these mail servers are hacked along the way, and mail servers are a favorite target of malicious hackers, your email could wind up being intercepted. Identity thieves harvest huge amounts of information in this way.
There are ways to make it harder to open the file. Passwords and encryption can slow a hacker down, but it won’t necessarily stop one.
Your accounting website design can almost completely eliminate the risk of this type of attack.
Include a Secure File Transfer feature. This feature allows your ISP server to connect directly to your web server and transfer the data directly. FTP folders can be password protected for each client. Only you and the client you specify will be able to access it. Encrypting the transfer adds another layer of protection that will protect your data from an “inside job”. The best systems actually keep data encrypted while it’s being stored. This makes the directory suitable for long term information storage.
There are a few security standards you should know about.
Passwords need to be protected from “brute-force” attacks by forcing a time out if a login attempt fails more than a few times in a row. This will prevent automated programs from hacking the password by simply trying all the available permutations. Passwords should be long, at least eight characters, and they should include letters and numbers. The number one cause of internet security breaches is human error. You’d be shocked how many hackers get people’s passwords by simply asking for them. Never tell anyone your password, and avoid leaving them written down anywhere that your staff and clients can find them.
Security certificates are central to online encryption. They store the keys used to decrypt online data. Make sure you get your security certificate from a trusted source and you keep it up to date or your users will receive warnings from their browsers when they try to use it.
SSL and TSL
These are encryption protocols. SSL, or “Secure Socket Layer” is an older protocol that is still seeing widespread use. TSL, or “Transport Layer Security” is a newer protocol, but it’s adoption is being stymied by an incomparability with older office hardware and applications. There is very little real difference between them. TLS has made some technical improvements, but the details are too technical to explain here. There is a third type called PCT, or “Private Communications Transport” that is relatively unused.
SAS 70 certification is an auditing statement specific to the accounting industry and issued by the AICPA. It’s not just industry self-policing, though. Publicly traded accounting firms must be SAS 70 certified by law. A SAS 70 certification indicates that the security has been accepted by the auditor.
By definition any company that prepares tax returns is a “financial institution” according to this legislation. It’s also called GLB or “the Financial Services Modernization Act”. The GLB demands of all accounting businesses to produce a formal information security scheme, assign an individual to manage security, scrutinize the security of every division working with customer info, develop a continuing program to keep watch over information protection, and keep these procedures up to date with changing technology.
Kenny Marshall is a maketing guru and former Vice President of CPA Site Solutions, one of the country’s biggest web businesses dedicated entirely to accounting website design.