Our firm just set up a 128-bit SSL encrypted extranet to store and transmit data. We have a personal and legal commitment to ensure that our clients' data is secure and protected.
I'm sharing this with you because it was just this past summer that I learned that sensitive information in emails, and even attachments to emails, can be stolen as the email passes through the internet. As I understand it, programmers in foreign countries write programs that search email for this data and can extract it when found.
Accordingly, you should never, never include your social security number, bank account info, credit card numbers, passwords, etc. in the body of an email or in an attachment, unless that data is encrypted. When we exchange this type of data with our clients, like a PDF of their tax return, we send them a encrypted link so they can upload and/or download securely.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Thursday, January 15, 2009
Wednesday, July 23, 2008
IRS issues warning on scammers and other security issues
The IRS issued a warning to taxpayers on July 10th regarding the activity of identity theives who use e-mail, faxes and other means to gather personal information from taxpayers while pretending to be from the IRS. I think it should be obvious but take note that the IRS will never send an unsolicited e-mail requesting information.
Which brings me to another security issue. I attended a class for CPAs yesterday and learned that many states now have laws making it illegal to send driver's license, social security and bank account numbers through the internet either in the body of an e-mail or in an attachment. Seems there are people in other countries writing progrms that monitor e-mail traffic just looking for bits of personal information. E-mails and their attachments are not secure.
The solutions (I'm not a techie but this is what was recommended) were either encryption, FTP transfers or portals. Portals are direct links, similiar to online banking, between a secure server and the two parties. For instance, instead of sending the tax return as a PDF attachment, we now place a document through a portal on to a secure server which can only be accessed by the client. They can go to the portal and pick it up whenever they want.
I also learned that the top two ways identity theives get information:
Which brings me to another security issue. I attended a class for CPAs yesterday and learned that many states now have laws making it illegal to send driver's license, social security and bank account numbers through the internet either in the body of an e-mail or in an attachment. Seems there are people in other countries writing progrms that monitor e-mail traffic just looking for bits of personal information. E-mails and their attachments are not secure.
The solutions (I'm not a techie but this is what was recommended) were either encryption, FTP transfers or portals. Portals are direct links, similiar to online banking, between a secure server and the two parties. For instance, instead of sending the tax return as a PDF attachment, we now place a document through a portal on to a secure server which can only be accessed by the client. They can go to the portal and pick it up whenever they want.
I also learned that the top two ways identity theives get information:
- Voluntary disclosure
- Theft of hardware that contains personal data
Make sure you encrypt and/or secure all data that resides on portable devices.
********************************
Within 10 minutes of posting this blog entry I rec'd an official looking IRS e-mail claiming I was due $863.80, and that I'd receive it in 6-9 days if I just "clicked here" and gave them some personal information. I quickly forwarded that e-mail to phishing@irs.gov .
Subscribe to:
Comments (Atom)
Subscribe To
Posts
All Comments