Thomas E. Healy
Public Accountant, PC
Security and Privacy
The information you provide me so that I
can assist you with tax return preparation, and financial and business
planning is very important to me. In addiiton, the Internal Revenue
Service, the Colorado State Board of Accountancy, and professional
ethics impose certain requirements on me regarding protecting it, using
it, and disclosing it to others.
The following items are designed to inform you and help you keep your information safe.
Securing Your Computer
It's a jungle out there…. I notice that
my internet security software is frequently warning of this or that
virus or Trojan horse that it stopped in its tracks. So, there are
several things you can do to minimize having your computer hijacked or
destroyed by something coming from outside.
- Remove the standard "Admin" user account. Many hackers will try
to access a computer by using "Admin" as the user name and various
common passwords. Of course, you can't just remove the Admin account.
First, create a new user account that has Administrator privileges. For
example, I created an account named "TomHealyAdmin." Give that account
a complex pass phrase that is easy for you to remember but difficult to
guess. You're almost never going to use this account in day-to-day use
(see below). Often, you can use its pass phrase if you need to install
new software without having to log into the account. Once you have your
new Admin account set up, delete the standard one.
Here's how to do this in a Windows environment (using XP terminology):
- Go to Start-Settings-Control Panel-User Accounts
- Choose "Create a new account"
- Enter the desired name. Click "Next."
- Choose "computer administator."
- Click "Create Account"
- Next click on the account name and "create a password." Enter the pass phrase and if desired, a hint.
- After you have your new Administrator account established,
delete the original "Admin" account (choose to "keep files" so you can
move them to your new account later).
- Now, go through the same process to set up your day-to-day
account. Note: some programs (e.g., QuickBooks) may require an
Administrator account to function, so you may not be able to completely
secure the computer.
- Make sure you have enabled the Windows automatic update service.
If you keep the computer on most of the time, choosing a time you are
not using it for the update to occur is least disruptive; otherwise,
choose to have Windows check when you turn on the computer.
Occasionally, you will get a message that "an update required an
automatic restart to your system" when you return to the computer in
- Make sure the Windows Firewall is turned on, or install a commercial anti-virus package.
The TrueCrypt secure file or drive
The Acrobat Security Envelope
If you have a copy of Acrobat Standard
or higher, you can put files (of any kind) into an Acrobat Security
Envelope, and send me the envelope after you have encrypted it with my
Acrobat Public Key. Note: some scanners come with an OEM copy of
Acrobat, which may be the most cost-effective way to obtain it. If you
are a student or educator, Adobe offers a significant discount.
Here is the procedure to create your own digital Acrobat Key:
- Advanced-Security Settings
- Click on Digital IDs
- Click on Add ID
- Choose “A New Digital ID”
- Add identifying information; choose algorithm and use
- Enter an appropriate password and a location for the ID.
Next, you need to create a policy to use the digital ID:
- Advanced-Security-Manage Security Policies: Create a new policy,
- “Use public key certificates.”
- Name it something like “Security Envelope Certificate”
- Add a description like “Encrypt documents inside a Security Envelope using the recipient's Public Key”
- Choose “encrypt only file attachments”
- Check the “Ask for recipients when applying this policy” box.
Next, obtain Public Keys for all people to whom you want to send Security Envelopes. You can get a zipped copy of my Public Key here
. After you get the keys, double-click them to install them in Acrobat.
Send your public key to people so they can send Security Envelopes to you.
Finally, here is how to create the Security Envelope (using my Public Key as an example):
- Advanced-Security-Create Security Envelope
- Add all documents you want to include in the envelope.
- Choose “eEnvelope with Signature” if you want to include your digital signature; otherwise Date Stamp.
- Choose the above “Security Envelope Certificate” policy
- Choose my Public Key in the list of intended recipients.
- Attach the envelope to an email to me and send it. (I’ll let you
know whether I can open it, which should happen). If the file is too
large, it may be better to upload it to my server.
The neat thing about the Acrobat Security Envelope is that the contents
aren't individually protected (unless you want them to be), so when
downloaded by the recipient they are easily available for use.
is an Open Source program that allows you to create a secure file or
drive to hold your sensitive documents. Open Source means that it
doesn't cost anything to obtain (though you can make a donation to
support its development). I use it on my Windows-based computer to hold
client data (tax returns, accounting files, etc.) It's also available
for Mac and Linux. When you create a TrueCrypt file and mount it, it
acts just as a real disk would act.
The way I use it is as a double-drive: an "outer" drive that contains
some innocuous but important-looking files, protected with one
password, and a second, "hidden" drive that contains the actual
critical files, protected with a different password. The file is named
whatever I want it to be, including any common extension (like .zip or
.pdf) so it looks like a regular document (but of course you can't open
it with the usual application). This provides "plausible deniability"
in case I'm forced to reveal the password. I mount this drive as the
:E\ drive, though you can use any drive letter you wish.
Once the drive is mounted, it operates as fast as if the drive were not encrypted.
If you have super-sensitive data, it is also possible to hide the
operating system in a similar way, along with a "decoy" operating
system. As long as you use the decoy frequently (say for non-sensitive
operations), it will be impossible to prove that the hidden system
exists, and no page swaps or other memory tasks in the hidden system
will show up in the decoy system drive.
Whenever you log out or shut down, you should have TrueCrypt dismount
the drive. That way, your sensitive data are secured until you log back
The encrypted SparseBundle drive (Mac only)
you have a Mac computer, you already have the tools to protect your
sensitive information. Using Disk Utility, you create a SparseBundle or
Sparse image file using an appropriate password. I use the SparseBundle
format, because it is only large enough to hold the files, as long as
the maximum size determined when you created the image isn't exceeded.
Like the TrueCrypt file, you can name the file however you want, to hide the kind of file it is.
You can also encrypt your entire Home folder from the Security system preference.