It is no secret that technology has radically changed the landscape of the accounting and tax profession. Navigating these changes is often difficult and prompts many questions. “Should I operate in the cloud? How do I keep my clients’ information secure? Do I really need this many usernames and passwords? Are my computers encrypted? What is the best way to send tax returns to my clients and third parties over the Internet?”
While no two tax practices are exactly alike and no single solution solves all of your concerns, there are some practical steps you can implement now that not only keep digital information secure but also provide real value that you can share with your clients.
The first step in keeping data secure is encrypting all office computers, server, and laptops. Windows 8 users can use a free encryption tool, BitLocker from Microsoft. Encryption helps keep everything safe by encoding the entire drive that Windows and your data reside on. Once BitLocker is turned on, any file you save on that drive is encrypted automatically. Encryption renders your computer virtually unreadable to those without the password. For an enterprise solution, look at Sophos Safeguard 7.
There have been many attempts to reduce reliance on usernames and passwords to access websites and SaaS applications. A few portal vendors have opted to replace secure logins by simply sending a link to the document. This may appear to solve the username/password problem but invites other problems, such as security and client self-service. In fact, implementing such “email portals” can actually be a disservice to your firm and your clients. This approach not only severely limits client selfservice but also does nothing to address security for the hundreds of other sites visited by employees and clients. A more appropriate approach is to invest in password management software such as LastPass or Dashlane for your office and inform clients to do the same. The basic function of these programs is to store usernames and passwords (encrypted) for all the sites you visit. Users only need to know one master password to access their password vault. Imagine your clients’ delight when you recommend a tool that makes their entire online life easier and more secure. The software is very easy to use and is a game-changer when it comes to accessing secure sites. With password management software, you will never have to click “Forgot password” again or worry about having the same username/password for different sites, and neither will your clients.
The largest security oversight might very well be your smartphone. Many new devices come installed with encryption features under the “Settings” icon. Be certain to encrypt both the device and the external SD card. Oh, and don’t forget to plug it in before you start the process. If you are worried about losing your phone, there are a few programs that will allow you to locate the phone via cell towers or the GPS. Norton, Kaspersky, and Lookout are a few to explore. Companies that are using remote servers (Desktop as a Service) and operate in a bring-your-own-device (BYOD) environment should be securing these devices and personal smartphones with software from providers such as BitGlass.
Public Wi-Fi connections are not nearly as secure as we’d like to think. Since you’re sharing the connection with many people, it only takes one lost email or banking password to turn your world upside down. Before you access public Wi-Fi, turn off sharing in your control panel. In addition, it is highly recommended that you connect to the Internet via a virtual private network. A VPN service lets you route all your activity through a separate secure, private network, thus giving you the security of a private network even though you are using a public connection.
Secure Document Exchange
All portals provide the function of sending encrypted tax returns to your clients and allowing clients to upload documents. Similar to logging into a bank account, clients should be able to access their documents at their convenience, not just when you send them a link. A truly useful portal should provide functions for clients to share their tax returns securely with third parties. Do you really want to be responsible for sending tax returns to mortgage brokers during tax season? Give your clients the power to do that securely. Today’s portals should either link or function as complete firmwide document management system. Look for portals that include an e-signature solution for increased efficiency for collecting 8879s. Speaking of efficiency, portals should include a follow-up automation tool for reminding clients about missing information that you need to complete their work. Your clients are flooded with emails, but people are glued to their cell phones – your portal solution should send both text and email notifications.
Payment-Protecting Tax Returns
One new feature that offers a tremendous opportunity for increased efficiency is the ability to payment-protect tax returns. In February 2015, 1040Bridge received a patent on an integrated payment solution. This feature gives the firm the ability to restrict client access to tax returns electronically within the portal until the invoice is paid. The process happens automatically; firm users just input a dollar amount when uploading the document, and clients enter their credit card information to view the documents. Once invoices are paid, tax returns or other documents are unlocked, your clients gain full access rights, and you get paid faster with less effort. It is convenient for both you and your clients. This feature comes standard with the 1040Bridge Document Management System and Client Portal. Paymentprotecting tax returns are the next logical step in the move to a paperless office.