Which brings me to another security issue. I attended a class for CPAs yesterday and learned that many states now have laws making it illegal to send driver's license, social security and bank account numbers through the internet either in the body of an e-mail or in an attachment. Seems there are people in other countries writing progrms that monitor e-mail traffic just looking for bits of personal information. E-mails and their attachments are not secure.
The solutions (I'm not a techie but this is what was recommended) were either encryption, FTP transfers or portals. Portals are direct links, similiar to online banking, between a secure server and the two parties. For instance, instead of sending the tax return as a PDF attachment, we now place a document through a portal on to a secure server which can only be accessed by the client. They can go to the portal and pick it up whenever they want.
I also learned that the top two ways identity theives get information:
- Voluntary disclosure
- Theft of hardware that contains personal data
Make sure you encrypt and/or secure all data that resides on portable devices.
Within 10 minutes of posting this blog entry I rec'd an official looking IRS e-mail claiming I was due $863.80, and that I'd receive it in 6-9 days if I just "clicked here" and gave them some personal information. I quickly forwarded that e-mail to firstname.lastname@example.org .