tax and accounting document deliverycpaacademy.s3.amazonaws.com/ppt/encrypting.pdf · • microsoft...
TRANSCRIPT
Tax and Accounting Document Delivery
Encrypting PDF Files in Email Attachments:
Reduce Risk, Automation and Compliance
Administrative Items
90 Minutes (Education, Demo, Q&A)
Participants are muted. Please ask questions through the GoToWebinar Control Panel
10% Discount to all attendees
Eligible to Receive 1.5 CPE Credits Register at www.cpaacademy.org Logged in for 75 minutes Answer 5 of 6 polling questions CPE Certificate will be issued in 2 – 3 business days Check spam & junk, then login to your account iPad and iPhone viewers beware
Paperless tools for the tax & accounting industry
Products
2,500+ Customers and 20,000+ Licensed Users
Steve DusablonPresident & CEO(800) 716-2558 x [email protected]
Prepare Send E-Sign
cPaperless, LLC
Webcast Agenda Compliance
• Breach of Privacy Laws & Security • Options for Secure File Exchange
How PDF Encryption Works
Reduce Risk • Password strippers & password crackers • Best practices
Issues with Encrypted PDF Files
Automation • SafeSend demonstration
Q&A
Webcast Agenda
Compliance
Breach of Privacy Laws Tax & accounting firms handle confidential information
• Your firm has exposure• As world becomes more paper conscious, electronic transfer requests will increase• This will magnify your exposure in the future
What should you do? • State Laws • Federal Laws • AICPA guidelines • Fiduciary obligation to your clients and your firm
What you choose to do • Education on laws, encryption and security • Evaluating the right encryption and file transfer solution for your firm
Client Portals • Tax vendors, DMS’s, website hosting companies, etc. • If you don’t use a Portal already, someone has tried to sell you one • Positioned as the utopia of delivery mechanisms and online storage
File Transfer Solutions
Archived Webcast • “Why Client Portals Fail: Understanding File Transfer Solutions”• Less than 35% of your clients will adopt these systems • Password authentication, download links removed by Firewalls • https://www.cpaperless.com/Videos/WhyClientPortalFail/WhyClientPortalsFail.html
Encrypted PDF Files in Email Attachments
Options for Secure File Exchange
Why People Use PDF Encryption
Low Portal Adoption Rates
Encryption • Manually applied with Acrobat Standard or Professional, or Acrobat alternative • Uses RC4 or AES password based encryption (40, 128 or 256-bit available) • Application can be automated
Files sent through regular email as attachments
Decryption • Recipient can decrypt with Adobe Acrobat Reader (FREE Version) • Widely distributed, FREE, pre-installed on most computers & devices
Firms leverage this to their benefit • Easy to use, clients are familiar with it, and most people already have the
software
Automating PDF encryption was the foundation of SafeSend
How PDF Encryption Works
How PDF Encryption Works
How PDF Encryption Works
How PDF Encryption Works1) Document Open Password• Use for Client Password • Applies the encryption
selected below
2) Permissions Password (Edit)• Locks file from editing,
printing, etc. • Use to open from your sent
items folder
3) Encryption Type• Recommend 128-bit or 256-
bit AES • Encrypt all document
contents
Reduce Risk
Password Strippers & Crackers
1) Document Open Password• Can NOT be removed • Can be guessed through
brute force attacks
2) Permissions Password (Edit)• Removed in < 1 second • Cause of misconception of
PDF files
3) Encryption Type• Be careful of DMS solutions
that apply 64-bit
Applied Encryption
Two Ways Into This File• Break encryption • Enter the correct Document
Open or Permissions password
Password Strippers & CrackersConfigured for
• 8 digits only • Uppercase, lowercase & numbers • 218,340,105,584,896 combinations • 35+ years
Password Strippers & CrackersConfigured for
• 8 – 12 digits• Uppercase, lowercase, numbers & special characters• 13,605,133,066,289,930,723 combinations • 2.5 MM+ years
Password Strippers & CrackersRisks of embedding password hints in email text body
What Lacerte Tax Does
Password Strippers & Crackers
Lacerte Tax• Last 4 digits of your EIN and 5 digit Billing Zip code• 9 digits all numbers • Provides password hint in email text body
Full SSN or EIN with no spaces or dashes• 9 digits all numbers
Risks of embedding password hints in email text body
DMS and File Cabinet Solutions• First 4 of last name followed by last 4 of SSN / EIN • 8 digits • First 4 are letters (upper or lower) • Last 4 are numbers • Some use 64-bit encryption
PDF Encryption Best Practices Document Open Password
• Can NOT be removed, but can be guessed • Use for clients password • Use 8 – 12 characters • Include combination of uppercase, lowercase, numbers & special characters
Permissions Password • IMPORTANT: Only use if Document Open password is also used • Easily removed • Use as your backdoor access to files in your Sent folder • Adhere to strong password requirements
Apply 128-bit or 256-bit AES encryption
Avoid using password hints in email text body • Allows hackers to configure password strippers
If using standardized passwords • Create standard convention (first 4 last name + last 4 of SSN) • Communicate with clients before sending files (phone or email) • You can store in CPA SafeMail password manager for future use • Resend from Outlook if they forget
Randomly or manually generated & send in secondary email • Risk of both being intercepted in transfer is remote • Risk is that someone has access to your clients email account • They have bigger issues • No solution is perfect, nor will it provide for 100% adoption • Our Opinion: This an acceptable level of risk to your firm
PDF Encryption Best Practices
Problems With PDF Encryption
Problems With PDF Encryption No solution is perfect, nor will it obtain 100% adoption
Time consuming & error prone
Subject to password strippers and crackers
Does not encrypt text body of email, just the attachments
Can’t send Excel or Word files in their native format
Clients can’t remove passwords
File size limitations
Problems With PDF Encryption Automating PDF encryption was the foundation of SafeSend
• Remains an important part of our program
Technology changes in the marketplace you can’t control
Operating Systems & Browsers • MAC Preview, Windows 8 • Google Chrome • Links in PDF files don do not function
Web based email (i.e. Yahoo mail) • Files will not open
Causes Frustration • It’s going to get worse in the future • Discouraging for people relying on encrypted PDF files for secure file exchange
Yahoo Mail
MAC Preview
Summary Daily File Sharing is more complicated than most people think
• Can’t rely on a single method of delivery • You need to use both options (PDF Encryption and Links) • Neither option is perfect, they both have problems
Client Problems • PDF Files: Issues with proprietary viewers, Internet, and mobile devices• Links: Clients forget passwords and links get stripped by many firewalls • If you only use one method, then you will always have problems
Staff Problems • Does the recipient use a Mac or Windows 8? • Does the recipient use web-based email? • Is the recipient accessing the files from a mobile device? • Does the recipient work for a bank, financial institution or government agency? • How often do I send to this recipient? Will they remember their password?
It all leads to frustration
Our Approach to Solving the Problem
Links • Highest success rate, easiest for the recipients to download files • Work best for mobile devices
Link Authentication Options • No Authentication (Easiest)
• Compliant, but not secure • Question & Answer (QA) authentication (Most popular and recommended)
• Examples: Last 4 of SSN, 10 digit cell phone, 5 digit ZIP code, etc. • Portal Login (Most secure)
• Only recommended for high frequency clients (Bookkeeping, payroll, etc.)
Encrypted PDF files• Use when sending to bankers, financial institutions and governmental agencies
Only SafeSend offers both delivery methods, and all three authentication options, in a single solution
Daily Transfer Cheat Sheet
Recipient Link (QA) Link (Portal Login) Encrypted PDF
Average Client
• Mac User? Recommended No No
• Windows 8 User? Recommended No No
• Mobile Device Access? Recommended No No
High Frequency of Transfer
• Bookkeeping, QuickBooks,Payroll, Corporate, Business Management
Yes Recommended Yes
Links Stripped by Firewalls
• Banks No No Only Option
• Financial Institutions No No Only Option
• Governmental Agencies No No Only Option
Automation
SafeSend is the foundation of the suite of products
Why Use SafeSend? • It’s EASY for staff and clients
• Achieve Higher Adoption rates • Clients can have a hard time remembering passwords so SafeSend uses an easy
yet secure “question and answer” authentication method.
• More unique features • Multiple delivery methods • E-Signature Integration • Automated PDF Encryption• Tax & Accounting Specific Features & Add-ons
A Tax and Accounting Document Delivery Solution
Unique Tax and Accounting Document Delivery Add-ons
Available for past 2 years
In development (2015 Release)
E-Sign any document, anywhere, anytime.
Batch process Engagement Letters for E-Signature
Batch process Organizer distribution
The only tax return delivery system that can meet all the process and E-Sign requirements for staff, clients and the IRS
Allow clients to electronically distribute K-1’s to their shareholders
PRODUCT DEMONSTRATION
Encrypted PDF files in email attachments• Many people do it • We’re encouraging people to move away from it where possible
Compliance • Breach of Privacy Laws – your firm has exposure • Client Portals & File Sharing solutions have limited adoption • PDF encryption has increasing issues • Use both
Reduce Risk • Adhere to best practices to mitigate the risk of password strippers / crackers
SafeSend • Complete file transfer solution • Send links with QA authentication as primary transfer method • Automated PDF encryption as needed
Webcast Summary
System Requirements
Staff • Microsoft Outlook 2007, 2010 or 2013 • Microsoft Office 2007, 2010 or 2013 • Internet Connection • Citrix or Terminal Server compatible
Clients • Internet Connection • Email Access • Adobe Acrobat Reader 7.0 or higher (Free version)
Next Steps
FREE 30 Day Trails
Available to all members of your company
Contact Us:
Web: www.cPaperless.com
Email: [email protected]
Phone: (800) 716-2558 x 100
Q&A