American Dream CPA

Security Measures

Client Portal Security Measures


Our Client Portal Is the Most Secure Client Portal Available in the Market. Your data is protected in extremely secure environments. Most client portal vendors provide five or six layers of security. CPA Website Solutions, which hosts our client portal, protects you with 14 full layers of security.


1. SAS 70/SSAE 16 Certified Data Center

Not all data centers are alike. You don't want your clients' data hosted on a low-cost, "cheap" data center. The best data centers are both SSAE 16 and SAS 70 Type II certified. That means a specially trained CPA firm performed an in-depth audit attesting to the fact that the data center has sufficient processes, controls and safeguards to keep your data safe from theft, corruption or mishandling.

Unlike the Type I certification, which measures only a certain point in time, the Type II certification measures and evaluates security over time.

The Sarbanes-Oxley Act requires all publicly traded companies use SSAE 16/SAS 70 Type II certified data centers. You are protected the same way publicly traded companies protect themselves, because all of CPA Website Solutions' servers are located in high-quality SSAE 16/SAS 70 Type II certified data centers.

The servers are housed in a secure facility guarded 24/7with closed-circuit, motion-sensitive video surveillance. Physical access to the servers is strictly limited to authorized data center personnel, and all personnel are further restricted by dual-factor biometric authentication barriers.

2. Encrypted File Storage

Almost all client portal providers encrypt the data as it's transferred to the server, but what they fail to do is encrypt the data when it's on the server. Since the data spends almost all its time on the server, we feel it's necessary to store the data in an encrypted format.

If this were easy to do, everyone would be doing it. Storing data in an encrypted format requires a lot of programming by extremely high-level security experts. All the encryption and decryption place a heavy load on the server's processors, so significantly fewer accounts can be placed on each server.

It's expensive, but it's worth it when you consider that encryption is considered the most effective method of securing personal and corporate information, according to corporate and government security regulators. In fact, many data protection laws specifically list encryption as a "safe harbor" exception to notification rules, and some laws explicitly require the use of encryption.

3. High-Level File Name Obfuscation

As an additional level of security, all the file names stored on the server are completely unrecognizable. Instead of being meaningful file names, they are listed as a totally random set of characters and numbers.

In the very unlikely event hackers find their way into our servers, they would find it impossible to make any sense of the files. And remember, they can't read the content of the files, because all files are encrypted.

4. Forced SSL Transfer

Hackers have many ways to intercept data that is transferred insecurely over the web. And now it's even easier with the wider use of laptops and wireless routers.

The best way to protect your data is to transfer the data over a secure socket layer (SSL). SSL encrypts the data so the data is absolutely useless to anyone who might succeed in the effort to capture it.

You are always protected because the client portal automatically recognizes when a user is trying to transfer information insecurely. The portal then forces the transfer to occur under an encrypted SSL.

5. SQL Injection Protection

SQL injection is a method hackers use to break into databases. Once in a database, a hacker can easily wreak havoc. Millions of websites are hacked with SQL injection every year. Even the United Nations website was recently hacked using SQL injection, and it cost hundreds of thousands of dollars to repair.

CPA Website Solutions' client portal renders SQL injection attacks completely useless because it utilizes the best practice of parameterized data calls.

6. Brute Force Login Protection

Brute force attacks occur when a hacker writes a program that runs through millions of common username and password combinations to gain access to a secure system.

7. Strong Password Policies

Weak, "easily cracked" passwords are unsafe. The client portal never allows weak passwords and allows firm administrators to require users to create passwords that meet certain levels of strength.

7. Strong Password Policies

Weak, "easily cracked" passwords are unsafe. The client portal never allows weak passwords and allows firm administrators to require users to create passwords that meet certain levels of strength.

8. State-of-the-Art Firewall

CPA Website Solutions uses a state-of-the-art CheckPoint UTM-1 Edge Firewall that is configured with the smallest number of ports open and advanced IP restrictions.

9. Real-Time Virus Scanner

The server is continually scanned for viruses, and the virus database is updated every hour.

10. Encrypted "Cross Server" Backups

Another common hack is to attack and gain access to backups. Backup media often is held and transferred in less secure environments. Hackers know this and often find ways to gain access to backup data.

11. FireSlayer – Denial-of-Service Attack Protection

The servers are additionally protected from denial-of-service attacks. A denial-of-service attack is made when a virus infects thousands of computers on the internet and all those infected computers make repeated requests of a single server. The targeted server often can't handle the load and crashes. The FireSlayer system detects this kind of activity and automatically blocks the abusive traffic on the fly.

12. TippingPoint - Intrusion Prevention System

Hackers attempt to gain access to servers in many different ways. That's why we use the award-winning TippingPoint Intrusion Prevention System. This system fully inspects every packet of data coming to the servers, then instantly determines whether it's legitimate or malicious. This instantaneous form of protection is the most effective means of preventing attacks from ever reaching their targets.

13. Detailed Audit Trails and Reporting

All accounting firms must comply with the Gramm-Leach-Bliley Act and are specifically accountable for the safe and verifiable delivery of sensitive information. Firms must additionally make sure the intended recipient is the only recipient.

The client portal provides records of every transaction and allows you to:

__Reduce the time and cost of complying with privacy regulations.

__Prove that information has not been leaked.

__Eliminate the customer service costs associated with disclosure of a data breach.

__Eliminate the legal liability associated with data breach disclosure.

14. Operating System Hardening and Patch Management

There is a lot more to managing secure servers than you may realize. Server operating systems are not secure when they come out of the box. It takes highly skilled software technicians to hone and harden the system software to minimize exposure to current and future threats.

Our servers are continually updated with the newest OS patches, hot fixes and updates to reduce the threat of security attacks and system downtime.

These advanced security measures are fully compliant with Sarbanes-Oxley and Gramm-Leach-Bliley.