How many times has your client emailed you a password for their bank account? Or sent you a Form W-9 with their Social Security Number in an unencrypted email?
With data breaches and identity theft becoming more common and more widespread, it’s crucial to examine your own communication channels and whether you are exchanging information with your clients in a secure manner … or not.
Whether you’re subject to the IRS Publication 4557 guidelines, HIPAA restrictions or just GDPR requirements, you probably already know the importance of safeguarding your clients’ personal information on your network and in your office.
But what about information in transit?
While no system is perfect, there are measures you can take to minimize security risks and keep your client data as secure as possible—whether they are sending it to you or you are sharing with them.
Massive data breaches like the 2014 Sony hack may make headlines, but data theft happens to firms of all sizes and accounting firms are being targeted at increasing rates.
According to Virtru, email malware creation is up 26% year over year, with over 1.7 billion pieces of malware out there at present! In 2017, the incidence of data breaches in the professional services sector jumped 18%, including accounting firms.
Stolen data may mean fraudulent tax returns or damaged credit for your clients, but it can also damage your firm.
A data breach could be especially costly if your insurance doesn’t specifically provide cyber liability coverage. Moreover, the hit to your reputation could affect your firm for years to come. In fact, a whitepaper by Blackline found that the top cost of a data breach is the reputational cost affecting future client relationships.
Establishing a simple plan for sending and receiving client information will help protect your clients’ data as well as guard against the financial losses and damage to your firm’s reputation that come with a data breach.
Joint research by Google, the University of Michigan and the University of Illinois Urbana Champagne found that up to 20% of all Gmail messages were attacked!
Even clients who know better than to type out their Social Security Number in an email don’t think twice about emailing a subcontractor’s Form W-9, complete with their sub’s personal details.
All of this sensitive information is at risk if sent via unencrypted email. Sending an unencrypted email is like sending a postcard. Every person that touches that postcard, including the mailman, can read your message!
If you choose to send emails instead of using a client portal (see below), there are some tools you can use to encrypt those messages and safeguard your data.
There are dozens of alternatives on the market, but they generally fall into a few categories:
When evaluating the options, be sure to consider how convenient it is for your recipient in addition to the pricing and features of the product itself.
The accounting industry has embraced an alternative that allows senders to skip email altogether and exchange files with clients via a secure online portal.
The key to using a client portal is convenience. You need to choose a portal that is easy to understand and easy to use or your clients will just revert to sending documents via email.
Some of the portals will require your client to register a username and password, while others will allow them to interact with your portal via a secure email without registration. The easier you make the process for your client, the more likely they will use your portal!
If you are requesting a document from your client, you can send the request directly from your portal to encourage your clients to use it. You can also include a link to your portal in your email signature and in routine emails to your clients. By reinforcing your preferred process, clients will learn “this is how we share documents!”
I was once on vacation overseas checking emails while on an extended layover. A client sent an urgent request for a 1099-MISC form that had been issued months earlier, but had since been misplaced by both the Payee and my client, the Payer!
Within minutes, I had logged in to our secure client portal (we use SmartVault) and sent a link to my client for the document she had requested. She was able to use the secure link to login to the portal and download the file for her vendor. Not a single file had been transferred via email on the airport’s public wi-fi!
Whether you choose to encrypt your emails or use a client portal, your own consistency will be key in protecting your client’s data. If you don’t use your own tools, your clients won’t either!
Respecting the security of your client data can be a win-win for you both if it protects their information in an easy-to-use, frictionless system.
Tim is Founder and CEO of ZipBooks. He keeps his desk really nice and neat.