Jump to content
ATX Community

email security


Janitor Bob

Recommended Posts

I like/need to send my clients copies of returns/documents as pdf files, but need to send them securely (i.e. encrypted).  Does anybody know of a low cost program to do so?  I tried and like Virtru ($45/year), but many clients have problems on the receiving end with viewing/printing the file.  I have a small practice (only 150 clients), so a more expensive method is not realistic.  I was goig to try one of the client portal options (portalsafe or Signatureflow), but so many of my clients want nothing to do with going to a special web site...they want copies e-mailed to them.

Link to comment
Share on other sites

I use Adobe Pro and encrypt at 256-bit level with a password with some parts known only between the recipient and me.  This has worked for about 4-5 years now.  I send an email ahead stating "(d)to advanced encryption required by IRS, you must now have Adobe Reader 10 or above.  If you need to download a free version of Adobe Reader 10, 11 or DC go here <https://get.adobe.com/reader/>  There are other pdf readers but you must have one compatible with 256-bit encryption.  The files are password protected and the password is  XXXXXX"  My reading of IRS requirements tells me this meets the standard. 

  • Like 1
Link to comment
Share on other sites

Check to see if your email or your tax software has a simple portal available.  My FileShare that comes with my SiteBuilder web site emails a link to a client to download their documents from me; they set their own password.  Or, as has been explained above, get an affordable .pdf program that will encrypt for you.  Do check your state laws re what type of encryption is required in your state.

  • Like 2
Link to comment
Share on other sites

Adobe Acrobat can be purchased very inexpensively if you go to ebay and buy a new, registerable, version that is a couple of revisions out of date.  I did that some years ago and still use that program on two machines.  I have Nuance Power PDF for the third machine.  They all do password protection and encryption.

  • Like 3
Link to comment
Share on other sites

1 hour ago, Jack from Ohio said:

I use no encryption or passwords.  If you want to know more, send me a message.  My son is a lead software engineer for a company that writes security software.

The world is awash in paranoia about this subject.  The paranoia is baseless.

Nice to read (now un) common sense once in a while.  There is no such thing as privacy or security.  Anything can be found or accessed, given the needed tools and time.  Normal actions, such as locking a door, and trying not to lose your data will keep the casual out.  Criminals will always find a way, so insurance and recovery ability is where I put my "worry" time.

With that said, as Lion said, we still have to comply with the laws those we elect burden us with, in their attempts to get reelected protect us from ourselves.  I have not looked in some time, but there was one tax jurisdiction which had a law essentially preventing anyone from storing employee data online, as it has to be always under the employer's control.

I do use encryption and passwords, but only for overall access, and when doing certain things online.  Long passwords can make password hacking reasonably hard, and encryption makes internet sniffing a bit tougher.

  • Like 2
  • Thanks 1
Link to comment
Share on other sites

43 minutes ago, Medlin Software said:

There is no such thing as privacy or security. 

Very true.  However, if Massachusetts' DOR came in and found me storing client data on unencrypted folders, or sending unprotected-by-passwords emails of client documents, they would have my head on a platter.  So my drives are encrypted and I use password protection and NO wireless networking (everything is physical connections) and I cross my i's and dot my t's and just to be sure I cross my i's and dot my t's.  NOT because it's "safer" but because the state, in its infinite lack of wisdom, has required procedures that make no sense and I do not want to become the poster child for non-compliance.  They can go find some obliviot who keeps everything on a laptop with the password "password" for that!

  • Like 5
Link to comment
Share on other sites

15 hours ago, Medlin Software said:

I do use encryption and passwords, but only for overall access, and when doing certain things online.  Long passwords can make password hacking reasonably hard, and encryption makes internet sniffing a bit tougher.

And not doing it makes you the low-hanging fruit.

  • Like 4
Link to comment
Share on other sites

8 minutes ago, Eric said:

And not doing it makes you the low-hanging fruit.

I can see where you might think so, but you are mistaken.  I take what any expert would consider realistic steps.  The basic step is to use my grey matter at all times, before firing off signals to my fingers.  I also keep nothing online which is embarrassing to lose.

For the average person (a non keeper of valuable mass data), data recovery is the bigger threat.

  • Like 1
  • Confused 2
Link to comment
Share on other sites

On 1/10/2018 at 10:44 AM, Medlin Software said:

I can see where you might think so, but you are mistaken.  I take what any expert would consider realistic steps.  The basic step is to use my grey matter at all times, before firing off signals to my fingers.  I also keep nothing online which is embarrassing to lose.

For the average person (a non keeper of valuable mass data), data recovery is the bigger threat.

You said yourself that long passwords can make password hacking reasonably hard, and encryption makes internet sniffing a bit tougher.  Google/Microsoft/Amazon/Apple don't expend that additional processing power encrypting all of their site traffic for the heck of it.

Taking long passwords as an example, every time some website or service is hacked and a huge collection of email addresses, usernames, and passwords is liberated from their servers, almost half of them are very quickly cracked because they're weak. It's often not worth the time required to brute force the remaining passwords.  That's what I mean by low hanging fruit.

I mean, I have a database (stored locally) of my hundreds of passwords.  I can't imagine why I would store that information in plain text when it's trivial to add a significant layer of protection by encrypting the whole database.  Sure it's relatively safe on my network, but sometimes :poop: happens, you know? 

EDIT: Speaking of poop happening, sorry about the site going wonky for a while this morning.  There were some issues that may have been brought about by my host patching the server against meltdown and spectre late last night or early this morning.

  • Like 4
Link to comment
Share on other sites

Poop happens often.  My point was to encourage practical security steps, tor realize nothing is secure once our of your head, and to prepare for and actually regularly practice recovery.  For email, I assume the world may read it, and write/send with that in mind.

Practical data security is easy.  Setting up for recovery is easy.  Actually testing recovery is easy, but rarely done.  The odds are every person with some sort of paper or electronic trail has been compromised already, with no lasting harm (some small percentage have a short term hassle, if not adequately prepared), if even aware of the situation at all.  A few have long term hassle, such as having to get a new SSN (something we have experienced in our family).

I gave up on a list of passwords many years ago.  I do not reuse or recycle them, and I have a memorized way to create unique passwords as needed, including symbols not directly on a keyboard.

I have an odd perspective for certain :) since I hear from folks on a daily basis, who are needing to recover, and were not prepared at all, or worse yet, thought they were prepared and actually were not.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...