tax and accounting document deliverycpaacademy.s3.amazonaws.com/ppt/encrypting.pdf · • microsoft...

Tax and Accounting Document Delivery

Encrypting PDF Files in Email Attachments:

Reduce Risk, Automation and Compliance

Administrative Items

90 Minutes (Education, Demo, Q&A)

Participants are muted. Please ask questions through the GoToWebinar Control Panel

10% Discount to all attendees

Eligible to Receive 1.5 CPE Credits Register at www.cpaacademy.org Logged in for 75 minutes Answer 5 of 6 polling questions CPE Certificate will be issued in 2 – 3 business days Check spam & junk, then login to your account iPad and iPhone viewers beware

Paperless tools for the tax & accounting industry

Products

2,500+ Customers and 20,000+ Licensed Users

Steve DusablonPresident & CEO(800) 716-2558 x 110Steve.Dusablon@cPaperless.com

Prepare Send E-Sign

cPaperless, LLC

Webcast Agenda Compliance

• Breach of Privacy Laws & Security • Options for Secure File Exchange

How PDF Encryption Works

Reduce Risk • Password strippers & password crackers • Best practices

Issues with Encrypted PDF Files

Automation • SafeSend demonstration

Q&A

Webcast Agenda

Compliance

Breach of Privacy Laws Tax & accounting firms handle confidential information

• Your firm has exposure• As world becomes more paper conscious, electronic transfer requests will increase• This will magnify your exposure in the future

What should you do? • State Laws • Federal Laws • AICPA guidelines • Fiduciary obligation to your clients and your firm

What you choose to do • Education on laws, encryption and security • Evaluating the right encryption and file transfer solution for your firm

Client Portals • Tax vendors, DMS’s, website hosting companies, etc. • If you don’t use a Portal already, someone has tried to sell you one • Positioned as the utopia of delivery mechanisms and online storage

File Transfer Solutions

Archived Webcast • “Why Client Portals Fail: Understanding File Transfer Solutions”• Less than 35% of your clients will adopt these systems • Password authentication, download links removed by Firewalls • https://www.cpaperless.com/Videos/WhyClientPortalFail/WhyClientPortalsFail.html

Encrypted PDF Files in Email Attachments

Options for Secure File Exchange

Why People Use PDF Encryption

Low Portal Adoption Rates

Encryption • Manually applied with Acrobat Standard or Professional, or Acrobat alternative • Uses RC4 or AES password based encryption (40, 128 or 256-bit available) • Application can be automated

Files sent through regular email as attachments

Decryption • Recipient can decrypt with Adobe Acrobat Reader (FREE Version) • Widely distributed, FREE, pre-installed on most computers & devices

Firms leverage this to their benefit • Easy to use, clients are familiar with it, and most people already have the

software

Automating PDF encryption was the foundation of SafeSend

How PDF Encryption Works

How PDF Encryption Works

How PDF Encryption Works

How PDF Encryption Works1) Document Open Password• Use for Client Password • Applies the encryption

selected below

2) Permissions Password (Edit)• Locks file from editing,

printing, etc. • Use to open from your sent

items folder

3) Encryption Type• Recommend 128-bit or 256-

bit AES • Encrypt all document

contents

Reduce Risk

Password Strippers & Crackers

1) Document Open Password• Can NOT be removed • Can be guessed through

brute force attacks

2) Permissions Password (Edit)• Removed in < 1 second • Cause of misconception of

PDF files

3) Encryption Type• Be careful of DMS solutions

that apply 64-bit

Applied Encryption

Two Ways Into This File• Break encryption • Enter the correct Document

Open or Permissions password

Password Strippers & CrackersConfigured for

• 8 digits only • Uppercase, lowercase & numbers • 218,340,105,584,896 combinations • 35+ years

Password Strippers & CrackersConfigured for

• 8 – 12 digits• Uppercase, lowercase, numbers & special characters• 13,605,133,066,289,930,723 combinations • 2.5 MM+ years

Password Strippers & CrackersRisks of embedding password hints in email text body

What Lacerte Tax Does

Password Strippers & Crackers

Lacerte Tax• Last 4 digits of your EIN and 5 digit Billing Zip code• 9 digits all numbers • Provides password hint in email text body

Full SSN or EIN with no spaces or dashes• 9 digits all numbers

Risks of embedding password hints in email text body

DMS and File Cabinet Solutions• First 4 of last name followed by last 4 of SSN / EIN • 8 digits • First 4 are letters (upper or lower) • Last 4 are numbers • Some use 64-bit encryption

PDF Encryption Best Practices Document Open Password

• Can NOT be removed, but can be guessed • Use for clients password • Use 8 – 12 characters • Include combination of uppercase, lowercase, numbers & special characters

Permissions Password • IMPORTANT: Only use if Document Open password is also used • Easily removed • Use as your backdoor access to files in your Sent folder • Adhere to strong password requirements

Apply 128-bit or 256-bit AES encryption

Avoid using password hints in email text body • Allows hackers to configure password strippers

If using standardized passwords • Create standard convention (first 4 last name + last 4 of SSN) • Communicate with clients before sending files (phone or email) • You can store in CPA SafeMail password manager for future use • Resend from Outlook if they forget

Randomly or manually generated & send in secondary email • Risk of both being intercepted in transfer is remote • Risk is that someone has access to your clients email account • They have bigger issues • No solution is perfect, nor will it provide for 100% adoption • Our Opinion: This an acceptable level of risk to your firm

PDF Encryption Best Practices

Problems With PDF Encryption

Problems With PDF Encryption No solution is perfect, nor will it obtain 100% adoption

Time consuming & error prone

Subject to password strippers and crackers

Does not encrypt text body of email, just the attachments

Can’t send Excel or Word files in their native format

Clients can’t remove passwords

File size limitations

Problems With PDF Encryption Automating PDF encryption was the foundation of SafeSend

• Remains an important part of our program

Technology changes in the marketplace you can’t control

Operating Systems & Browsers • MAC Preview, Windows 8 • Google Chrome • Links in PDF files don do not function

Web based email (i.e. Yahoo mail) • Files will not open

Causes Frustration • It’s going to get worse in the future • Discouraging for people relying on encrypted PDF files for secure file exchange

Yahoo Mail

MAC Preview

Summary Daily File Sharing is more complicated than most people think

• Can’t rely on a single method of delivery • You need to use both options (PDF Encryption and Links) • Neither option is perfect, they both have problems

Client Problems • PDF Files: Issues with proprietary viewers, Internet, and mobile devices• Links: Clients forget passwords and links get stripped by many firewalls • If you only use one method, then you will always have problems

Staff Problems • Does the recipient use a Mac or Windows 8? • Does the recipient use web-based email? • Is the recipient accessing the files from a mobile device? • Does the recipient work for a bank, financial institution or government agency? • How often do I send to this recipient? Will they remember their password?

It all leads to frustration

Our Approach to Solving the Problem

Links • Highest success rate, easiest for the recipients to download files • Work best for mobile devices

Link Authentication Options • No Authentication (Easiest)

• Compliant, but not secure • Question & Answer (QA) authentication (Most popular and recommended)

• Examples: Last 4 of SSN, 10 digit cell phone, 5 digit ZIP code, etc. • Portal Login (Most secure)

• Only recommended for high frequency clients (Bookkeeping, payroll, etc.)

Encrypted PDF files• Use when sending to bankers, financial institutions and governmental agencies

Only SafeSend offers both delivery methods, and all three authentication options, in a single solution

Daily Transfer Cheat Sheet

Recipient Link (QA) Link (Portal Login) Encrypted PDF

Average Client

• Mac User? Recommended No No

• Windows 8 User? Recommended No No

• Mobile Device Access? Recommended No No

High Frequency of Transfer

• Bookkeeping, QuickBooks,Payroll, Corporate, Business Management

Yes Recommended Yes

Links Stripped by Firewalls

• Banks No No Only Option

• Financial Institutions No No Only Option

• Governmental Agencies No No Only Option

Automation

SafeSend is the foundation of the suite of products

Why Use SafeSend? • It’s EASY for staff and clients

• Achieve Higher Adoption rates • Clients can have a hard time remembering passwords so SafeSend uses an easy

yet secure “question and answer” authentication method.

• More unique features • Multiple delivery methods • E-Signature Integration • Automated PDF Encryption• Tax & Accounting Specific Features & Add-ons

A Tax and Accounting Document Delivery Solution

Unique Tax and Accounting Document Delivery Add-ons

Available for past 2 years

In development (2015 Release)

E-Sign any document, anywhere, anytime.

Batch process Engagement Letters for E-Signature

Batch process Organizer distribution

The only tax return delivery system that can meet all the process and E-Sign requirements for staff, clients and the IRS

Allow clients to electronically distribute K-1’s to their shareholders

PRODUCT DEMONSTRATION

Encrypted PDF files in email attachments• Many people do it • We’re encouraging people to move away from it where possible

Compliance • Breach of Privacy Laws – your firm has exposure • Client Portals & File Sharing solutions have limited adoption • PDF encryption has increasing issues • Use both

Reduce Risk • Adhere to best practices to mitigate the risk of password strippers / crackers

SafeSend • Complete file transfer solution • Send links with QA authentication as primary transfer method • Automated PDF encryption as needed

Webcast Summary

System Requirements

Staff • Microsoft Outlook 2007, 2010 or 2013 • Microsoft Office 2007, 2010 or 2013 • Internet Connection • Citrix or Terminal Server compatible

Clients • Internet Connection • Email Access • Adobe Acrobat Reader 7.0 or higher (Free version)

Next Steps

FREE 30 Day Trails

Available to all members of your company

Contact Us:

Web: www.cPaperless.com

Email: sales@cPaperless.com

Phone: (800) 716-2558 x 100

Q&A