Saturday, March 12, 2016

Accounting Web Design

Accounting Web Design Will Help Secure Your Clients' Information

 Your clients trust you. If they didn't they wouldn't remain your customers, so it's critical that you do everything feasible to nourish that trust.

Essential to this relationship is information protection. Design your your accounting website design to help you reinforce that relationship. For the most part your clients are not astute about web security, which means to make sure their private information really out of harm's way you're going to want a perfunctory understanding of the security features on your website.....

Let me put this plainly. Email is a wonderful medium for routine communications, but it's ease of use has lured many accounting firms up the garden path. It's criminally irresponsible to send confidential client information by email. Make sure your staff and clients know this. 

The problem with email is that much of the process occurs outside your control. There is a common misconception that when you send an email it goes straight to the recipient, but nothing could be further from the truth. The message is routed through a dozen or more mail servers before finally being delivered to your recipient. If any of these mail servers are hacked along the way, and mail servers are a favorite target of malicious hackers, your email could wind up being intercepted. The biggest risk by far is identity theft, but all manner of dubious persons can benefit from this type of information. 

Layers of protection can be added to email by adding passwords or encryption, but a skilled hacker can defeat these precautions. 

Design your accounting website to compensate for these risks. 

Include a Secure File Transfer feature. This feature allows your ISP server to connect directly to your web server and transfer the data directly. FTP folders can be password protected for each client. Only you and the client you specify will be able to access it. Encrypting the transfer adds another layer of protection that will protect your data from an "inside job". In a perfect world you can even store the data on the web server in an encrypted format making the system suitable for long-term document storage. 

There are a few security standards you should know about. 

Passwords 

Passwords need to be protected from "brute-force" attacks by forcing a time out if a login attempt fails more than a few times in a row. If a hacker writes a simple script that runs every possible permutation of a password until it hits the right one a thirty minute delay every three checks will slow him down more than enough to make this tactic useless. Passwords should be long. At least eight characters, and they should include letters and numbers. The number one cause of internet security breaches is human error. You'd be shocked how many hackers get people's passwords by simply asking for them. Never tell anyone your password, and avoid leaving them written down anywhere that your staff and clients can find them. 

Security Certificates 

Security certificates are central to online encryption. They store the keys used to decrypt online data. Be careful to use them right. Out of date security certificates or certificates obtained from "untrusted" sources will make you look bad and scare your clients away. 

SAS 70 

SAS 70 certification is an auditing statement specific to the accounting industry and issued by the AICPA. If your firm is publicly traded your file transfer must be SAS 70 certified by law. Certification indicates that the firm has been audited and approved. 

Gramm-Leach-Bliley Act 

By definition any practice that prepares tax returns is a financial institution under this law. It's also called GLB or "the Financial Services Modernization Act". The GLB requires all accounting practices and other financial institutions to develop a formal data security plan, name an individual to manage security, scrutinize the security procedures of every department with access to client files, establish a continuing plan to monitor information protection, and keep these programs up to date with changing technology.

No comments:

Post a Comment