I’ve owned and operated a CPA firm for over 25 years and a few years ago I realized I had a serious problem: With increasingly pervasive electronic communications combined with the escalating threat from hackers, clients were regularly voicing concerns about the security of their confidential information. I saw the need for serious security controls to protect my clients’ data from falling into the wrong hands. We had already secured our computer systems with firewalls, malware protection, and monitoring, but email messages and documents that traveled outside of my network were vulnerable.
Email Security
We were doing what most financial firms do; we were emailing tax returns as well as other confidential data in PDF, Excel, and Word formats. These documents weren’t only going to clients, we were also sending confidential data to client service providers such as financial advisors, retirement planners, payroll processors, attorneys, and banks.
To protect this data we’d implemented a policy of encrypting all confidential email attachments sent outside of the firm. To do this we’d manually encrypt files before attaching them to emails, then we’d send the client a second email or text message with the password. This worked to protect my clients’ data but it was a cumbersome manual process and became a nightmare keeping track of all of the documents and passwords. Worst of all, I could never be sure that my staff was complying with my security plan 100% of the time. I knew I had to find a better solution.
Unusable Portals
I investigated online, web-based client portals but they were all difficult to set up and manage. Worse still, I found that clients became frustrated with using portals to retrieve documents because they had to leave their everyday workflow to fire up their browser, login with a password (which they often forgot), then finally download. I also found that portals don’t work well when transmitting data to non-clients since a client’s attorney or banker wouldn’t want to register on my client portal, which meant that I had to go back to my old security plan of manual encryption to make documents available to my clients’ service providers.
In addition to the problems I discovered with portals, a number of my clients wanted their documents encrypted and sent with passwords for their own records. As far as my clients and I were concerned, portal services were not a workable solution.
Other Security Options That Didn’t Work
I also looked into other solutions such as bundling file attachments in a self-extracting archive file, as well as bundling file attachments in a PDF envelope. I found that these methods were also unacceptable because files became unencrypted after extraction from a PDF envelope, archive files were rejected by spam filters, and the task of keeping track of passwords in a secure manner was still a huge problem. All in all, these methods were, if anything, an even bigger mess than using portals.
The Answer: docNCRYPT™
It b
ecame clear the ideal way to deliver documents to both clients and non-clients was secure email. The problem was that there were no simple and cost-effective solutions on the market that small businesses could use. Sure, there were solutions geared for large enterprises but these required custom email applications or they used encryption methods that were impossible to understand, They were also very expensive, not only to acquire but also to install, configure, and manage; and they interrupted users’ normal workflow. These were the reason why I conceived of and developed our document security solution, docNCRYPT™.
docNCRYPT allows me to securely transmit documents to my clients as well as their service providers and I know that my clients’ data remains secure, both in-transit (that is, in email) as well as when it’s at-rest, stored in my customers or their contractors computer systems. docNCRYPT keeps a record of the files I’ve sent as well as a log of all of the passwords used and allows me to securely communicate with clients.
100% Staff Adoption
What’s crucial to the effectiveness of docNCRYPT is it allows my staff to stay within their regular workflow; they draft their email messages in Microsoft Outlook and when they hit “Send” docNCRYPT remembers the recipient’s password and automatically encrypts the attachments. There is also a pop up reminder to encrypt whenever a message is about to be sent so I have 100% compliance within my office. And the fact that docNCRYPT is integrated with Microsoft Outlook means my staff does not need to remember how to use another confusing application. docNCRYPT also retains Excel and Word formats after encryption so my clients can edit and update files and return them to me safely because the document contents are always protected.
Happy Customers
I’ve polled my clients to see how well our solution works for them and there’s no doubt; they like receiving their secure documents along their regular email messages and we can send their password hint in a separate email if they need it. They appreciate the fact that their documents remained encrypted even after they’ve opened, edited and saved them on their own computers without needing to install any special software. Another benefit is that sending secured documents by email creates an historical audit trail for our clients, which is great for compliance documentation. Crucially, we’ve achieved our goal of 100% adoption because docNCRYPT fits almost transparently into the normal workflow of our staff .
docNCRYPT
I encourage you to check out docNCRYPT and give it a try. It solved all of my in-house email security concerns and my clients are happy, and I believe so will yours. docNCRYPT is available as a free, 2 month trial, no commitment, trial from Azstec. Got any questions? I’d be happy to answer them at imunshi@azstec.com.
Be the first to comment on "How a CPA solved the biggest security problem facing financial firms"