n the vast number of technology advancements over the last 10 to 20 years, which one has done more for almost-immediate communications than email? Yet, tens of millions of messages are sent every day without much concern about the security and availability associated with very private information.
Accountants routinely send an incredible number of email messages with extremely sensitive and personal data related to tax, assurance and other matters, so what can they do to prevent the loss of sensitive information?
Very simply: Restrict access and/or make the email and information unreadable.
Encryption is Best
First, there is physical protection. In many office settings, anyone who wants to hack into someone else's computer and steal information can do very easily. Just think about the number of workers who keep passwords on yellow sticky notes next to their computers, or those employees who use commonly known names as passwords. Taking a few precautions to protect physical security and privacy cannot be overlooked.
Second, the best way to keep information private and protected is to encrypt email. When you encrypt text, data or other communications, a code prevents any person or machine from seeing or hearing the information. An encrypted file will appear as scrambled text unless you have the password or key necessary to decrypt the information.
There are two types of keys, public and private. A public key is given to anyone you choose, while a private key, also known as Public Key Infrastructure or PKI, is something you keep to yourself.
Public and private key pairs authenticate content. A pair of mathematically related cryptographic keys is used, one to encrypt your information and the other as the only key that can decrypt it. If you have one of these, you cannot use it to easily generate the other. The public key can be seen by everyone; the private key that authenticates its bearer.
If someone wants to send you a message that is meant only for your eyes, they would encrypt it using your public key. Your private key is required to decrypt this message, so even if someone intercepted the email, it would be useless gibberish. When you send an email to someone else, you can use your private key to digitally "sign" the message so that the recipient can be sure it is from you.
It is very important to get in the habit of encrypting all of messages, not just the ones that are confidential or sensitive. It may seem extreme, but it is much more difficult for a dedicated attacker to decrypt your information if you protect as much as possible.
Where do you find encryption technologies? The best tactic is to ask your Internet Service Provider (ISP) for recommendations. Your ISP probably has its own encryption software it uses or may brand someone else's software to their own needs. Otherwise, a simple web search will render many resources for all needs and sizes of companies.
Federal and State Regulations
In addition to protecting email, accountants who perform privacy advisory services and attestation engagements must follow federal and state laws, rules and standards. Because these are too numerous to list in this article, here are several online resources for more information:
National Conference of State Legislatures - includes state laws related to Internet privacy.
United States Government - this site includes a comprehensive listing of all kinds of laws and regulations.
AICPA Privacy Center - the American Institute of CPAs' Privacy Task Force has compiled a full set of federal and state regulations.
