Your customers believe in you. If they didn't they would not be your customers, so it's crucial that you do everything possible to nourish that trust. Key to this relationship is data security and confidentiality. With business efficiency becoming increasingly dependent on internet communications, and with the web becoming more and more complex and vulnerable to internet crime, this can become troublesome if you aren't sure how internet security works. Your accounting website design is a chief part of your internet security program. Many of your clients are not really net savvy, and the material they routinely send you is exceptionally sensitive. In order to protect them you're going to want a basic understanding of your website and it's security features.
Assuming the office is properly secured (network restricted to local IP, doors locked, alarm system, etc.) the weakest spot in an accounting firm's security is during the transfer of data to and from your clients. Email is a huge security issue. Email communications are perhaps the biggest security problem your firm has.
Email is BAD. It's criminally irresponsible to send confidential client information by email. Make sure your staff and clients know this.
When you send an email you send it "out there". Much of the process occurs on servers over which you have no control, and for which there is little or no accountability. When you send an email it doesn't go straight to the recipient. Messages are routed through an vast network of mail servers. By the time it reaches it's destination it's likely passed through a dozen or so third party servers. If any of these mail servers are hacked along the way, and mail servers are a favorite target of malicious hackers, your email could wind up being intercepted. The biggest risk by far is identity theft, but all manner of dubious persons can benefit from this type of information.
Layers of protection can be added to email by adding passwords or encryption, but a skilled hacker can defeat these precautions.
Your accounting website design can almost completely eliminate the risk of this type of attack.
When you design your website include a Secure File Transfer feature. This feature allows your ISP server to connect directly to your web server and transfer the data directly. Each client should have his or her own password protected directory on the server, rather like an online safe-deposit box, so that only you and they can access it. Throw a layer of encryption on top of this and not even your ISP will be able to identify the contents of the transfer! The best systems actually keep data encrypted while it's being stored. This makes the directory suitable for long term information storage.
A lot of your clients will be nervous about using the internet to send and store files. If you have a basic knowledge of these systems it will go a long way to easing their concerns, so here are a few of the basics...
A favorite method of hacking passwords is called "brute force". This can be easily foiled by adding a time-out function to the login that shuts down the account for a half hour or so if a login attempt fails. This will prevent automated programs from hacking the password by simply trying all the available permutations. The longer your password is the more secure it is. The absolute minimum safe password length is eight characters, and passwords should be alphanumeric (containing a mix of letters and numbers). Human beings are the most common cause of compromised passwords. Hackers call this "social engineering". Don't share your passwords, and if you must write them down keep them locked up where your staff and clients can't access them when you're not in the office.
A security certificate stores the key used by your browser to decrypt encrypted data. Be careful to use them right. Out of date security certificates or certificates obtained from "untrusted" sources will make you look bad and scare your clients away.
SSL and TSL
These are encryption protocols. SSL, or "Secure Socket Layer" is an older protocol that is still seeing widespread use. TSL, or "Transport Layer Security" is a newer protocol, but it's adoption is being stymied by an incomparability with older office hardware and applications. Both work pretty much the same way. TLS has made some improvements, but those differences are very technical. Don't even worry about PCT. Nobody uses it.
SAS 70 certification is an auditing statement specific to the accounting industry and issued by the AICPA. It's not just industry self-policing, though. Publicly traded accounting firms must be SAS 70 certified by law. A SAS 70 certification indicates that the security has been accepted by the auditor.
By definition any firm that prepares taxes is a "financial institution" under this legislation. It's also known as GLB or the Financial Services Modernization Act. This mandate has very specific requirements that has to be met by all accounting firms, principally in regards to data protection.
Article Source: http://www.abcarticledirectory.com
Kenny Marshall is a internet marketer and former Officer of CPA Site Solutions, one of North America's leading website firms dedicated exclusively to accounting website design.
Related Videos on Accounting
Did You Like/Dislike This Article? Give It YOUR Rating!
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
No Ratings Yet. Be The First To Rate This Article
Still Searching? Last Chance to find what you're looking for with a Google Custom Search!
Or.... You can search this site using our Bing Custom Search!
Powered by ABC Article Directory