Email security and email encryption have become hot topics. And no wonder, since so much confidential information resides in email messages and attachments. Accountants have traditionally protected sensitive email by encrypting attachments with passwords. Now, with all the recent news about security breaches in large enterprises like Target, they must ask themselves “am I doing the right thing by password-protecting my email?” The good news is, “YES”, and here’s why.
Even if an unauthorized person opens your email, they will not gain access to confidential data as
long as the email’s contents are protected with a strong password. Recent announcements from large email providers like Microsoft Outlook and Google Gmail talk about steps they are taking to make sure your email is encrypted during transit. That’s well and good if all you’re concerned about is professional hackers hacking into your email while it is traveling from you to your recipient. But they can’t help you once the email is sent and received. For a small business, the risks we are trying to protect against are ordinary. A snooping employee, a stolen laptop, a lost smart phone, sending an email to the wrong “Bob”…..these are the kind of everyday risks that we want to take precautions against. And these risks occur when the confidential data is “at rest” rather than in transit. In other words, once an email has been sent and received, that email which is now resting in your Sent folder, or in your client’s Inbox, is more vulnerable to a breach than the few seconds it took during transmission. So it makes sense to take some simple and sensible extra precautions to protect your emails.
Email security tips
- Always protect all sensitive attachments with a password. The AICPA strongly recommends password protection of emails in its Generally Accepted Privacy Principles (GAPP) pronouncement. MS Excel, Word, PowerPoint and Adobe PDF software all give you the ability to save your documents with a password.
- Use a strong password. A minimum of 12 characters, alpha-numeric, lower and upper case, with one special character is recommended.
- Make it easy to remember the password by using a phrase with letters that you can substitute with symbols. For example, “@” instead of “a”, “0” instead of “o”, “1” instead of “l”….you get the picture. So the word PolarBear could become “P01@rBe@r”.
- The AICPA’s GAPP suggests including the last 4 digits of the client’s TIN as part of the password.
- Don’t tell your email recipient what the password is in the same email! Call or send a text. Or if it’s easier, send a second email with a password “hint”.
- If your email message itself has sensitive information, don’t type it directly in your email. Instead, type it in Word, encrypt it with a password and then email it as an attachment.
DocNCRYPT is the effortless way to protect your email
Sounds like too much work? Fortunately, there’s a software that will plug in to your MS Outlook and automate the process of encrypting your message and attachments with a password. It’s called docNCRYPT and it’s affordable and easy to use. And though it is designed for email, you can also use docNCRYPT to encrypt your important files residing on your computer. Instead of using it to send encrypted documents to others, just email them to yourself!
Saj Patel is the Vice President of Azstec LLC, the creators of docNCRYPT, the incredibly simple email and document security solution for everyone. If you have any comments or questions, email Saj at spatel [at] azstec.com and follow the Azstec Blog or on Twitter or LinkedIn