We cover security fairly often here at Accounting Today, but most of the time, it’s about securing data. But data isn’t the only element of your and your client’s information that needs to be locked down as much as reasonably possible.

Communications between you and your clients can also contain sensitive information that neither of you would want distributed to others. There are a few things to keep in mind when it comes to communications security. One is the old saying attributed to Ben Franklin that “Three can keep a secret if two of them are dead.” While I’m sure that you probably don’t wish this on anyone, keep in mind that there is no such thing as perfect security, and if there was such a thing, you wouldn’t be able to afford it. And while the one person keeping a secret may be hyperbole, the greatest risk to sensitive information being breached is people. I’m pretty sure there have been instances when someone shared a secret with “don’t tell anyone I told you, but…”.

Another thing to keep in mind is that all parties to a sensitive communication need to be using the same level of security. It doesn’t offer any protection using an encrypted secure phone app or other device if only one party is using it.

Finally, you also have to realize that security has a monetary price. If price were no object, you would be using a SCIF for sensitive conversations. A SCIF, or Secure Compartmentalized Information Facility, is used mostly (but not exclusively) by the government and military. It consists of an air-gapped room that is also surrounded by a Faraday Cage that prevents radio waves from escaping the room. SCIFs are pretty good at keeping conversations from being bugged or overheard, but even this is only as good as the people involved in the conversations. If someone leaves the SCIF and decides to share the information, the entire purpose of the SCIF is undermined. But the primary reason SCIFs aren’t more popular in business situations is that they are very expensive to construct.

While there are way too many applications, services and products to detail here, here are a few suggestions to get you started. If you video chat using Zoom or Teams, both offer encryption. Teams uses multi-factor authentication plus rest and in-transit encrypted data, while Zoom uses 256-bit TLS and AES-256 encryption. End-to- end encryption is offered in Teams Premium (for business) and only for one-to-one calls, while Zoom has end-to-end encryption that needs to be enabled, but when activated, encrypts end-to-end on all participants in the call. The point is that if more advanced security is available, it doesn’t make sense not to use it.

It may be obvious, but ensuring that your video connection is encrypted is only one part of securing the communication. The other is making sure you have physical privacy when calling. What comes immediately to mind is the video several years ago of a father on a video call when the kids sneak in unnoticed while he’s talking. Maybe no harm will be done if it’s the kids who walk (or crawl) in while you’re on a sensitive video chat. But if you’re in an office, discussing things that you wish to keep confidential, it doesn’t hurt to remember that physical security is important as well.

Can you hear me now?

While video chats are extremely popular these days, most of us still communicate with cell phones, whether for voice or text. There are more than a few applications that can provide security for this kind of communication. There are two popular approaches to providing cellular security. One is software. There are a fair number of apps that offer secure text and voice. A few of the most popular are WhatsApp, Signal and Telegram, but there are plenty of others if you feel none of these will meet your needs. These three are free, but may have gaps in their offering that might not sit well. For example, the very popular WhatsApp provides end-to-end encryption of text and voice and doesn’t store messages on its servers. On the downside, it’s owned by Meta, and WhatsApp may share information with other Meta companies such as Facebook. 

Signal is also popular, and its encryption protocols are secure enough that other apps including WhatsApp and Facebook use them as well. You can enable disappearing messaging, and it’s open source, not privately owned, funded by donations and grants. The end-to-end encryption is engaged by default, and Signal allows transmission of voice, video chats, and file and photo sharing. The major downside is that Signal requires a phone number to sign up. This can be bypassed using a second number. You can, however, and should secure the app with a password.

A third app is Telegram, which offers capabilities similar to the other two mentioned here. It’s multiplatform and free, but there are some downsides that might put you off. End-to-end encryption is not enabled by default, but can be enabled by using the “secret chats” mode. It’s also cloud based, and stores your messages and images on a secure server. Of course, cloud-based server security has been breached many times, so you might not have the same comfort level as having these stored locally on the devices being used. Though if you use “secret chat” mode, Telegram will not store your data on its servers. Telegram has had some notoriety lately with its CEO arrested.

There are also physical encrypted cell phones. Some of the most popular are the Purism Librem 5, K-iPhone, Blackphone PRIVY 2.0, Bittium Tough Mobile 2 and others. These have two major downsides. Number one is that all parties to the conversation need to have the same phones, and these must be using the same encryption modes. Downside number two is that most of these phones are really expensive, ranging from about $700 to $1,500 or more. 

I’m really just offering a primer here. If you’re serious about communication security, your best bet is to use a consultant knowledgeable in this area. 

Finally, you might want to take a look at the course that the Cybersecurity & Infrastructure Security Agency offers on how to communicate securely on your mobile device.