.png)
.png)
Security is key for tax pros who go online in public places
You’re sitting in a branch of McDonald’s and you’re feeling guilty; not because you’ve let down your foodie friends, your personal fitness instructor and your nutritionist, but because you’re only there for one thing: the gratis wi-fi.
So you buy a small portion of fries to play the part of a paying customer, rather than that of a freeloader: an example of what one burger-flipper referred to as ‘embarrassment food’.
However, a red face – be it from shame or high blood pressure as a result of the salt on those chips – is the least of your worries when surfing the web in a fast food restaurant or where have you. Security is the highest concern when going online in public places, especially for tax professionals whose portable computers may contain clients’ personal information.
Hijacking others’ login details used to be the sole preserve of hardcore computer wonks. Now it’s becoming increasingly easy for any so-and-so to nick usernames and passwords from fellow eaters of guilt-burgers.
The latest assistance for wrongdoers in this area is Firesheep, an open-source (that is, free and freely available) add-on for the Firefox browser that exploits wi-fi to pinch cookies – those little text files that contain data about your web usage – to allow unscrupulous third parties to view your sessions on Facebook, Twitter, Flickr and other popular websites.
To be the victim of such impropriety would be upsetting, but not as alarming as, say, having serious, confidential work spied upon. I don’t think I’m being paranoid by forecasting this likelihood should hijacking-software continue to evolve to become more user-friendly and capable of intruding upon a wider range of web services.
Tax expert Anne Fairpo, a barrister at Atlas Chambers and a self-avowed tech-head, knows the score. She has no qualms about Firesheep, it being a worry largely for social networkers; nevertheless, she takes steps to protect herself whenever there’s the need to work on the move.
When making use of public wi-fi, Anne opts for a virtual private network (VPN). This allows her to create an impenetrable ‘tunnel’ that mimics the https environment, the one you find yourself in when making a secure online payment (as opposed to plain http). The personal VPN is a service that’s provided for a very modest annual fee by Secure-VPN.com. (Other VPN suppliers are available!)
Anne uses encrypted email when out and about, and files stay on the drive of her MacBook Pro; she avoids cloud computing, which is the use of the internet to easily store, access and share documentation. And she uses common sense: it’s very easy for someone to look over your shoulder at your screen, especially on a busy train, she warns.
From chats with tech-loving tax pros, it’s interesting to learn that people own broadly the same sort of kit – iPhones and iPads abound – but they use them in very different ways.
James McBrearty is the self-styled Twittering tax man. When working in public spaces he makes full use of mobile telecoms services to avoid open wi-fi, favouring his own private network (via MiFi from the provider 3). In essence, it’s a broadband hub like the one most of us have at home, except it’s the size of a mobile phone.
The signal’s excellent, according to James, an independent tax adviser, who limits his emails to his iPhone, which has its wi-fi connection turned off. The gadget also comes in handy as an improvised photocopier; such is the quality of its photographs.
Clients’ documents can be snapped and then the images hard-copied – not emailed or clouded – to James’s office computer. In the event that the password-protected phone is lost or stolen, James can locate it and, if needs be, wipe its hard drive via Apple’s MobileMe service.
Yet another iPhone enthusiast (does no one these days own a BlackBerry or, heaven forbid, a regular mobile handset?) is Mark Lee, who runs the Tax Advice Network.
He avoids worries about security when working on the move by, er, not working on the move. In spite of being a prolific tweeter and an enthusiastic blogger, Mark does all his work from conventional desktop computers, either at home, in the office or the ICAEW library.
There is, of course, an even more secure method by which to avoid intrusion over the web – and that’s to stick to paper. With HMRC being ever more insistent that returns are filed online (iXBRL, anyone?), dead trees are being steadily phased out of tax admin.
Nevertheless, I believe there are some advisers who still eschew the digital world whenever possible. If you are one of those people (which would be unlikely given that this article is online only) or you know someone who is, please drop me a line; I would love to have a chat.
