The Dos and Don’ts of sending client documents

Posted 3 years ago in Accountant Insights
by Tim Chaves

How many times has your client emailed you a password for their bank account? Or sent you a Form W-9 with their Social Security Number in an unencrypted email?

With data breaches and identity theft becoming more common and more widespread, it’s crucial to examine your own communication channels and whether you are exchanging information with your clients in a secure manner … or not.

Why client data security matters

Whether you’re subject to the IRS Publication 4557 guidelines, HIPAA restrictions or just GDPR requirements, you probably already know the importance of safeguarding your clients’ personal information on your network and in your office.

But what about information in transit?

While no system is perfect, there are measures you can take to minimize security risks and keep your client data as secure as possible—whether they are sending it to you or you are sharing with them.

Don’t assume it won’t happen to you

Massive data breaches like the 2014 Sony hack may make headlines, but data theft happens to firms of all sizes and accounting firms are being targeted at increasing rates.

According to Virtru, email malware creation is up 26% year over year, with over 1.7 billion pieces of malware out there at present! In 2017, the incidence of data breaches in the professional services sector jumped 18%, including accounting firms.

Do take client data security seriously

Stolen data may mean fraudulent tax returns or damaged credit for your clients, but it can also damage your firm.

A data breach could be especially costly if your insurance doesn’t specifically provide cyber liability coverage. Moreover, the hit to your reputation could affect your firm for years to come. In fact, a whitepaper by Blackline found that the top cost of a data breach is the reputational cost affecting future client relationships.

Establishing a simple plan for sending and receiving client information will help protect your clients’ data as well as guard against the financial losses and damage to your firm’s reputation that come with a data breach.

Don’t assume email is private

Joint research by Google, the University of Michigan and the University of Illinois Urbana Champagne found that up to 20% of all Gmail messages were attacked!

Even clients who know better than to type out their Social Security Number in an email don’t think twice about emailing a subcontractor’s Form W-9, complete with their sub’s personal details.

All of this sensitive information is at risk if sent via unencrypted email. Sending an unencrypted email is like sending a postcard. Every person that touches that postcard, including the mailman, can read your message!

Do set a good example by sending documents securely

If you choose to send emails instead of using a client portal (see below), there are some tools you can use to encrypt those messages and safeguard your data.

There are dozens of alternatives on the market, but they generally fall into a few categories:

  • Enterprise email encryption tools such as Microsoft Exchange and Virtru allow you to send encrypted emails when both the email sender and receiver have encryption setup correctly through their enterprise email servers. If your recipient is using Gmail or another outside webmail service, they will be required to create an account and jump through some hoops in order to open the email. On the plus side, these tools work well as add-ons to Microsoft Outlook. Other options in this category are Symantec and Zixmail.
  • Secure webmail services such as Protonmail, Hushmail and SendInc can be more convenient, but may require your recipient to create an account with that provider in order to open your message. Some of these options also offer add-ins for Microsoft Outlook and Gmail. Other options in this category are Tutanota and Lockbin.

When evaluating the options, be sure to consider how convenient it is for your recipient in addition to the pricing and features of the product itself.

Don’t overcomplicate the portal option

The accounting industry has embraced an alternative that allows senders to skip email altogether and exchange files with clients via a secure online portal.

Again, there are dozens of options, including several standalone secure client portals such as Citrix ShareFile, Encyro and SmartVault.

The key to using a client portal is convenience. You need to choose a portal that is easy to understand and easy to use or your clients will just revert to sending documents via email.

Some of the portals will require your client to register a username and password, while others will allow them to interact with your portal via a secure email without registration. The easier you make the process for your client, the more likely they will use your portal!

Do use a client portal for requesting sensitive information

If you are requesting a document from your client, you can send the request directly from your portal to encourage your clients to use it.  You can also include a link to your portal in your email signature and in routine emails to your clients. By reinforcing your preferred process, clients will learn “this is how we share documents!”

I was once on vacation overseas checking emails while on an extended layover. A client sent an urgent request for a 1099-MISC form that had been issued months earlier, but had since been misplaced by both the Payee and my client, the Payer!

Within minutes, I had logged in to our secure client portal (we use SmartVault) and sent a link to my client for the document she had requested. She was able to use the secure link to login to the portal and download the file for her vendor. Not a single file had been transferred via email on the airport’s public wi-fi!

Consistency is key to security

Whether you choose to encrypt your emails or use a client portal, your own consistency will be key in protecting your client’s data. If you don’t use your own tools, your clients won’t either!

Respecting the security of your client data can be a win-win for you both if it protects their information in an easy-to-use, frictionless system.

About Tim

Tim is Founder and CEO of ZipBooks. He keeps his desk really nice and neat.

Privacy Preference Center