Why You MUST Use a "Secure Email" Tool for Your Accounting Firm| |
While the spotlight shines brightly over large retailers (e.g., Home Depot, Target, etc.) that get hacked for credit card information, not so much attention has been paid to accounting firms using email during tax season. One of these days, we will see a highly reputable CPA Firm go through the ringer and lose their reputation and get fined beyond belief for not complying with Sarbanes-Oxley, Gramm-Leach-Bliley, and other federal/state laws concerning identity theft and handling of personal information.
I remain shocked at the number of accounting firms which are using standard email to send and receive information. All the personal information you handle -- including client income data, social security numbers, EINs, retirement accounts, payroll accounts -- is wide-open to interception by third parties when sent via regular email.
Types of information that hackers love to find:
- 1099 forms and W-2s
- Bank statements, credit card statements and voided checks
- Entire tax returns loaded with social security numbers and birthdates
- Payroll information for entire companies
- QuickBook files
- Online banking accounts
- Retirement accounts and investments
Any tax preparer or accountant who accepts or transmits these documents over normal, unencrypted email could be penalized heavily and/or sued.
Going forward, please ensure that all inbound and outbound email is encrypted and secure so you are in compliance.
There are plenty of commercial tools on the market that encrypt email so you can inexpensively comply. For example, all Build Your Firm websites provide Secure File Sharing with 256 bit encryption (bank grade encryption). It's as easy to use as email, but is secure.