The greatest threat facing the CPA community isn’t legislation or competition. It’s security as it pertains to our technology. CPAs must be cognizant of the latest security measures to protect sensitive, confidential client data. Technology has made it easy to send information to clients with the touch of a button, but where does that information end up – and how long does it remain accessible?
Such considerations are no longer academic questions. Instead, they are essential to running a secure and confident CPA practice.
Email Encryption: Protecting Sensitive Communications
Emails are by far the biggest offender when it comes to potential data breaches. Most email systems aren’t sent using encryption. Because emails are automatically shared across multiple devices these days, your email lives on long after you attempt to retract or erase it. It’s almost impossible to completely erase all traces of an email from hard drives, backup servers, and the recipient’s servers and devices.
The best way to protect emailed information is through encryption. Encryption “locks” messages so that only the recipient can read them. The recipient’s software automatically unlocks the message so that it can be read. If some third-party swoops in and somehow accesses the email, it cannot read it.
To encrypt your email transmissions, you can use a service that includes encryption. Gmail and Outlook are both good, solid email programs that incorporate encryption into their programming. Both services also include cloud storage, spam filtering, and IMPAP/POP support.
The drawback to using these services is that they use their own extensions rather than your company’s extension address. To rectify this situation, you can important Gmail or Outlook messages into Outlook Desktop.
The steps include:
1. Turn on two-step verification: Go to google.com/landing/2step, click the Get Started button, and follow the steps to set up two-step verification. A code is texted to your smartphone, which you enter to verify the account.
2. From your Outlook 2010, 2013, or 2016 ribbon, select File, Add Account to launch the Auto Account Setup screen.
3. Enter your name, email address (Gmail or Hotmail/Outlook.com), and password, and then click Next.
4. Set up a Gmail alias with your company name:
a. Open your Gmail account.
b. Sign in.
c. Click the Settings gear in the top right corner.
d. Choose Settings.
e. Select from the horizontal menu the Accounts and Import tab, Import mail and contacts,
f. Enter the email address you want to use as a Gmail alias.
g. Enter the password, and if necessary, enter the Pop username and Pop server.
h. Click Continue.
i. Sign in to the account you added
j. Open the confirmation message you received from Gmail
k. Click the link in the email to confirm and establish the connection.
l. To complete the setup, change the From line to reflect your newly added alias email address. For more details on how to set up a Google email address alias, visit Google support.
The process to set up Outlook aliases is similar.
1. Open Outlook.com.
2. Click the Settings gear.
3. Select Options.
4. In the Options menu in the left menu pane, select Connected Accounts, Other email accounts.
5. Enter the alias email address and your email password then click OK.
Keep in mind that encryption through Gmail or Outlook only works if both sender and receiver are using the same service. In other words, your message is encrypted only if you are using Outlook and your client is also using Outlook. If only you are using Outlook or Gmail, messages are encrypted on your end, but not the client’s end.
If you’d prefer, a computer consultant can help you set up a secure, encrypted email system for your business. Or make it a rule that confidential information must be delivered in person or via snail mail, rather than through email. If you’d prefer that no one else see your message, a phone call or letter through traditional mail may be appropriate.
We live in an age where technology can make our businesses more productive and efficient. It can also compromise sensitive client data. Fortunately, a few steps are all that’s needed to secure your email information.
Welter Consulting bridges people and technology together for effective solutions for nonprofit organizations. We offer software and services that can help you with your accounting needs. Please contact Welter Consulting at 206-605-3113 for more information.