E-mail Security for Small Businesses
Protecting Digital Information

By Ray Zambroski

E-mail Story
Print Story
JULY 2006 - Keeping something private used to mean locking a file cabinet, using the shredder, or speaking in hushed tones. But the prevalence of e-mail has taken privacy to a new realm. From personal information to intellectual property, protecting privacy is not only good business, it can prevent a wide range of problems.

Increasingly, professional advice is transmitted via e-mail. This convenient medium, however, carries a high potential for intentional or inadvertent misuse. When professionals dispense sensitive information or advice via e-mail, all control over the content is lost once it is sent. Content can easily spread beyond its intended recipient. It can be forwarded, or cut and copied, and sent to competitors.

An unprotected e-mail is like sending a postcard through cyberspace. While transiting, it is routed through multiple servers, and an e-mail containing financial details can be read by people other than the intended recipient. Furthermore, with an accidental keystroke, e-mail can be unintentionally misdirected to an unknown party.

Many companies utilize a disclaimer within each e-mail message. The information may be confidential and subject to protection under the law, but no real technological protection is provided through the inclusion of such language.

Once an e-mail is opened, it can be accidentally forwarded; laptops and PCs can be lost or sold with financial and personal data remaining on the hard drive; financial information can be leaked via a virus, spyware, or a Trojan worm. Professionals must be able to ensure that documents and e-mails remain encrypted and can be deleted from a computer after a given time.

Options for Small Business

For years, large accounting firms have used encryption and digital rights management (DRM) technology to protect sensitive business and client information. Fortunately, this same level of enterprise e-mail and document security technology is available to smaller organizations, providing the ability to easily access and securely reply to protected e-mails containing crucial information, such as financial advice and tax returns, from a home or work computer.

E-mail and document security technology works by not only encrypting files, but also by applying access and usage privileges. Users can set expiration dates on their e-mail and documents, effectively deleting documents from a recipient’s inbox at a specified date and time. In addition, users can set access privileges by specifying that an e-mail containing financial advice is accessible only to a particular recipient. These protections persist with the files wherever they travel. While no security software is 100% unbreakable, e-mail and document security technology can mitigate the risk of information leakage by safeguarding data no matter where it travels or is stored. The Sidebar provides additional guidance for small companies interested in implementing an overall information technology security plan.

Ray Zambroski is the CEO of Essential Security Software, a provider of e-mail and document security solutions for small businesses, including accounting professionals. For more information, visit www.essentialsecurity.com.




















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices