“Encrypted Email”, “Secure Messaging” and “Secure File Transfer” are three terms that most people doing business online should know about today. This seems like a good time to review the options as we begin the tax filing season. While these security measures are probably not needed for most people most of the time, I include examples of when to use them using tax preparation as the background. Even when you need to send sensitive information, it is usually not necessary to use all three types. Having access to one or two of these methods is usually adequate.
- Encrypted Email is an option that can be added on a single email message or all of your email messages. Check to be certain whether email attachments are also encrypted. See the instructions for Outlook (included in business version of Office), Gmail (as a browser extension), or whatever email service you use. Not all email systems offer this option. Use this when sending sensitive personal information, including personal information, by email. Example: You want to send your bank account number and routing number so that it can be set up to accept your tax refund.
- Secure Messaging – a type of text message service. There are plenty of secure messaging options available. I use the easy one built into Facebook Messenger. Switch to secure messaging when you need to send sensitive information. Example: You’ve been chatting with your accountant via regular text messaging and and now want to send a photo of the W2 form just received in the mail.
- Secure File Transfer – uses a secure file transfer portal. This is a service that an accountant purchases to allow for easy secure transfer of files back and forth with clients. For example: Your accountant uses the secure file transfer portal to send a pre-filled worksheet with last year’s tax accounting information so that you can verify its accuracy for use on this year’s return to save time and improve accuracy.
This post is not meant to imply that the normal security measures in normal online communications are inadequate. Simple routine security rules like using separate random passwords, duel authentication and locked devices are adequate most of the time.