Serious Security Issue for Accountants - Part 1 Thumb Drives

As accountants we are trained to keep the information of our clients and our companies confidential. We expect this of ourselves and others also expect we will act with due diligence. The "First Digital Decade" (see Bill Gates 15th and final CES Keynote, 1/6/2008, for more info the First Digital Decade) has brought about significant changes in the ways we store and transport confidential information. Many accountants have embraced the new technology without properly addressing the related security risks (this comment is based on casual empiricism gained from providing CPE to over 30,000 accountants each year). These weaknesses in our business practices are widespread and extremely serious. This is the first (i.e. Part 1) in a series security risks faced by accountants as we enter the “Second Digital Decade.” Each post will focus on a specific security risk and on the alternatives for addressing that risk.
Thumb Drives - Also known as flash drives. They are everywhere. They have replaced floppy drives and even CDs for the “sneaker net” method of moving data. A 4 GB flash drive could easily contain the accounting records (ex. client QuickBooks files) and tax records of dozens of companies and the related payroll tax information on hundreds of employees. Statutory laws and regulations impose criminal penalties for mishandling this information. Security Breach Notification Laws (now in effect in 34 states), Sarbanes Oxley, HIPAA, and state board regulations are just some examples of such laws.
These drives are easy to lose and easy to leave behind at a client or customer location. The consequences of losing a thumb drive with confidential information are severe and often require direct notification of everyone whose information is on the drive (including all the employees of all the companies whose QuickBooks files are on the drive). Criminal penalties can result from failure to comply.
Are accountants addressing this issue? Are staff accountants given proper training? Do companies and firms have policies for protecting data that is stored on portable devices? Are thumb drives containing confidential data routinely encrypted to protect the data? Form many accountants, the answer to all these questions is no.
The solution is simple: Clear policies, employee training, and secure flash drives. IronKey.com is “best of class” with respect to secure flash drives. Watch their online demo; it’s well done and informative, even if you decide to buy a different brand of secure flash drive. As an added benefit, it is such a cool device that you will feel like James Bond when you use it. There are dozens of other secure flash drives and software you can buy to secure existing flash drives (ex. Pointsec mobile, Code Red, TrueCrypt, Lexar JumpDrive, Sony Micro Vault, and hundreds more).
It’s time to get serious about flash drive security. You need a policy, you need the right hardware and software, and you and your staff need training. This is not brain science and it’s not rocket surgery. Failure to comply results in serious business risk.
Thanks, Will
William C. Fleenor, CPA.CITP, Ph.D.
Shareholder, K2 Enterprises, LLC

This blog

by The K2 Team - Look here for anything that involves technology and accounting. K2 Enterprises is the largest supplier of technology CPE (Continuing Professional Education) for CPAs, CGAs and CAs in North America. The K2 team routinely reviews software and hardware products from all major publishers and teaches accountants how to use these tools effectively. The entire K2 team has 10+ years of experience, many with 30+ years of technology and accounting experience.

More from this blog

Bloggers crew

Steve Knowles has spent 25 years in business and practice in the UK, but he also worked in the states and the years haven't dulled his way of seeing an alternative view to everyone else, and every day is a new adventure.

44629

Joel M. Ungar, CPA is a lifelong resident of the Detroit area and a graduate of The University of Michigan. He is a principal with Silberstein Ungar, PLLC, a Top 15 auditor of SEC public reporting companies.

77229

Allan Boress, CPA, with over 25 years as a practitioner and consultant to the accounting profession. Mr. Boress is the author of 12 published books in 6 different languages, including a best-seller, The "I-Hate-Selling" Book.

49622

Larry Perry, CPA, CPA Firm Support Services, LLC, is the author of accounting and auditing manuals, author and presenter of live staff training seminars, and author of webcast and self-study CPE programs. He blogs about small audits, reviews, and compilations.

90781
Sandra Wiley, COO and Shareholder, is ranked by Accounting Today as one of the 100 Most Influential People in Accounting as a result of her prominent role as an industry expert on HR and training as well as influence as a management and planning consultant. She is also a founding member of The CPA Consultant's Alliance. Sandra is a certified Kolbe™ trainer who advises firms on building balanced teams, managing employee conflict and hiring staff.
21537

Maria Calabrese, CIR, Human Resources manager for Fazio, Mannuzza, Roche, Tankel, LaPilusa, LLC in Cranford, New Jersey, Maria's topics revolve around the world of: Mentoring, Performance management, and The "Y Generation," a.k.a. "The whY generation".

56871

William Brighenti is a CPA, Certified QuickBooks ProAdvisor, and Certified [Business] Valuation Analyst, operating an accounting, tax, and QuickBooks consulting firm in Hartford, Connecticut, Accountants CPA Hartford.

82035

Ken Garen, CPA, is the co-founder and President of Universal Business Computing Company (www.ubcc.com), a software development firm of high-volume, high-productivity accounting and payroll technology.

25723

Eva Rosenberg, MBA, EA, is the publisher of TaxMama.com, and author of the weekly syndicated Ask TaxMama column. She provides answers to tax questions from taxpayers and tax professionals worldwide.

65436

Amy Vetter, CPA, CITP is the CPA Programs Leader for Intacct Corporation responsible for leading the CPA/BPO Partners nationally.

35210
Brian Strahle is the owner of LEVERAGE SALT, LLC where he provides state and local tax technical services to accounting firms, law firms and tax research organizations across the United States. He also writes a weekly column in Tax Analysts State tax Notes entitled, "The SALT Effect." For more info, visit his website: www.leveragestateandlocaltax.com
104237
Scott H. Cytron, ABC, is president of Cytron and Company, known for helping companies and organizations improve their bottom line through a hybrid of strategic public relations, communications, marketing programs and top-notch client service. An accredited consultant, Scott works with companies, organizations and individuals in professional services (accounting, finance, medical, legal, engineering), high-tech and B2B/B2C product/service sales.
26882

Rita Keller is a nationally known CPA firm management consultant, speaker, author, mentor and blogger. She has over 30 years hands-on experience in CPA firm management, marketing, technology and administrative operations.

53796
Stacy Kildal is the mom of two fantastic kids, an Advanced Certified QuickBooks ProAdvisor, Certified Enterprise Solutions ProAdvisor, Sleeter Group Certified Consultant, a nationally recognized member of the Intuit Trainer and Writer Network, and co-host of RadioFree QuickBooks.
28798
Michael Alter's blog specializes in providing practical advice to those who seek greater profitability and practice management tactics that enhance deeper client relationships.
33157

Sally Glick, CMO, Principal, Marketer of the Year in 2003 and AAM Hall of Famer in 2007, leads a lively discussion of the constantly expanding roles of marketing and the professional marketers that drive this initiative in accounting firms of all sizes.

102189

The IMA Young Professionals Blog features the insights of IMA’s Young Professionals Committee. Committee members share advice and experiences on careers, continuing education, work/life balance, and other issues affecting young accounting and finance professionals.

34461

FEI Financial Reporting Blog provides highlights from SEC, PCAOB, FASB, IASB, and other regulatory news, including reporting under Sarbanes-Oxley Sect 404. It is written by Edith Orenstein, Director of Technical Policy Analysis at FEI.

113273

Sue Anderson has 30 years of experience in continuing education for accountants. Currently she is the program director for online CPE provider CPE Link.

62363

Jim Fahey is COO of Apple Growth Partners, a regional CPA firm in Ohio. His focus is on the effective and efficient use of technology within the firm by all team members.

40514
Caleb Newquist is the Editor-in-Chief of Sift Media US, overseeing content for both AccountingWEB and Going Concern.
67544

Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of "The Yellow Book Interpreted" and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors.

93643

AccountingWEB is more than just a U.S. team of journalists and financial and technology experts - we have an international side, too! Members of our British team who publish AccountingWEB.co.uk share their ideas, insights, and perspectives from across the pond.

54720