Thomas E. Healy
Certified Public Accountant, PC
Click on these links for more information (except those "Under Construction"):
 Home
Home page
 About Me
About Tom
Clients
Clients
Tax Services
 Tax services
 		Business Advisor
Business services
Senior Services
Under construction
Seniors
 		Services to Families
Under construction
Families
 		Send or Pick Up Files
Send files
Security and Privacy
The information you provide me so that I can assist you with tax return preparation, and financial and business planning is very important to me. In addiiton, the Internal Revenue Service, the Colorado State Board of Accountancy, and professional ethics impose certain requirements on me regarding protecting it, using it, and disclosing it to others.

The following items are designed to inform you and help you keep your information safe.

Download a copy of my Privacy Policy
Securing Your Computer
It's a jungle out there…. I notice that my internet security software is frequently warning of this or that virus or Trojan horse that it stopped in its tracks. So, there are several things you can do to minimize having your computer hijacked or destroyed by something coming from outside.
  1. Remove the standard "Admin" user account. Many hackers will try to access a computer by using "Admin" as the user name and various common passwords. Of course, you can't just remove the Admin account. First, create a new user account that has Administrator privileges. For example, I created an account named "TomHealyAdmin." Give that account a complex pass phrase that is easy for you to remember but difficult to guess. You're almost never going to use this account in day-to-day use (see below). Often, you can use its pass phrase if you need to install new software without having to log into the account. Once you have your new Admin account set up, delete the standard one.
  2. Here's how to do this in a Windows environment (using XP terminology):
    • Go to Start-Settings-Control Panel-User Accounts
    • Choose "Create a new account"
    • Enter the desired name. Click "Next."
    • Choose "computer administator."
    • Click "Create Account"
    • Next click on the account name and "create a password." Enter the pass phrase and if desired, a hint.
    • After you have  your new Administrator account established, delete the original "Admin" account (choose to "keep files" so you can move them to your new account later).
    • Now, go through the same process to set up your day-to-day account. Note: some programs (e.g., QuickBooks) may require an Administrator account to function, so you may not be able to completely secure the computer.
  3. Make sure you have enabled the Windows automatic update service. If you keep the computer on most of the time, choosing a time you are not using it for the update to occur is least disruptive; otherwise, choose to have Windows check when you turn on the computer. Occasionally, you will get a message that "an update required an automatic restart to your system" when you return to the computer in the morning.
  4. Make sure the Windows Firewall is turned on, or install a commercial anti-virus package.

The Acrobat Security Envelope
If you have a copy of Acrobat Standard or higher, you can put files (of any kind) into an Acrobat Security Envelope, and send me the envelope after you have encrypted it with my Acrobat Public Key. Note: some scanners come with an OEM copy of Acrobat, which may be the most cost-effective way to obtain it. If you are a student or educator, Adobe offers a significant discount.
Here is the procedure to create your own digital Acrobat Key:
  1. Advanced-Security Settings
  2. Click on Digital IDs
  3. Click on Add ID
  4. Choose “A New Digital ID”
  5. Add identifying information; choose algorithm and use
  6. Enter an appropriate password and a location for the ID.
Next, you need to create a policy to use the digital ID:
  1. Advanced-Security-Manage Security Policies: Create a new policy,
  2. “Use public key certificates.”
  3. Name it something like “Security Envelope Certificate”
  4. Add a description like “Encrypt documents inside a Security Envelope using the recipient's Public Key”
  5. Choose “encrypt only file attachments”
  6. Check the “Ask for recipients when applying this policy” box.
Next, obtain Public Keys for all people to whom you want to send Security Envelopes. You can get a zipped copy of my Public Key here. After you get the keys, double-click them to install them in Acrobat.

Send your public key to people so they can send Security Envelopes to you.

Finally, here is how to create the Security Envelope (using my Public Key as an example):
  1. Advanced-Security-Create Security Envelope
  2. Add all documents you want to include in the envelope.
  3. Choose “eEnvelope with Signature” if you want to include your digital signature; otherwise Date Stamp.
  4. Choose the above “Security Envelope Certificate” policy
  5. Choose my Public Key in the list of intended recipients.
  6. Attach the envelope to an email to me and send it. (I’ll let you know whether I can open it, which should happen). If the file is too large, it may be better to upload it to my server.
The neat thing about the Acrobat Security Envelope is that the contents aren't individually protected (unless you want them to be), so when downloaded by the recipient they are easily available for use.


The TrueCrypt secure file or drive
TrueCrypt is an Open Source program that allows you to create a secure file or drive to hold your sensitive documents. Open Source means that it doesn't cost anything to obtain (though you can make a donation to support its development). I use it on my Windows-based computer to hold client data (tax returns, accounting files, etc.) It's also available for Mac and Linux. When you create a TrueCrypt file and mount it, it acts just as a real disk would act.

The way I use it is as a double-drive: an "outer" drive that contains some innocuous but important-looking files,  protected with one password, and a second, "hidden" drive that contains the actual critical files, protected with a different password. The file is named whatever I want it to be, including any common extension (like .zip or .pdf) so it looks like a regular document (but of course you can't open it with the usual application). This provides "plausible deniability" in case I'm forced to reveal the password. I mount this drive as the :E\ drive, though you can use any drive letter you wish.

Once the drive is mounted, it operates as fast as if the drive were not encrypted.

If you have super-sensitive data, it is also possible to hide the operating system in a similar way, along with a "decoy" operating system. As long as you use the decoy frequently (say for non-sensitive operations), it will be impossible to prove that the hidden system exists, and no page swaps or other memory tasks in the hidden system will show up in the decoy system drive.

Whenever you log out or shut down, you should have TrueCrypt dismount the drive. That way, your sensitive data are secured until you log back in.

The encrypted SparseBundle drive (Mac only)
If you have a Mac computer, you already have the tools to protect your sensitive information. Using Disk Utility, you create a SparseBundle or Sparse image file using an appropriate password. I use the SparseBundle format, because it is only large enough to hold the files, as long as the maximum size determined when you created the image isn't exceeded.

Like the TrueCrypt file, you can name the file however you want, to hide the kind of file it is.

You can also encrypt your entire Home folder from the Security system preference.


Spacer
This page was last updated on June 24, 2010.

Valid HTML 4.01 Transitional