Just about all CPA firms have accepted email as a reliable and secure type of communication. This is unfortunate because email is not very safe. A quantity of firms routinely broadcast QuickBooks files and similar privileged client data by email, and this is just not right. It puts clients in danger of becoming victims of lots of crimes, in particular identity theft. When dispatching an email you should in no way consider that it’s out of harm’s way. When you send an email to someone it doesn’t go straight to it’s destination. It passes through a dozen or more mail servers, and these mail servers are popular targets with hackers and malware. This arrangement makes email vulnerable to interception by what’s called a “man in the middle” attack, and there’s nothing you can do to prevent it. These third party servers are completely outside of your control and have no accountability even if they are poorly or even incompetently maintained. If even one of these servers has been compromised your message can be intercepted so you never know whose hands it can wind up in or who’s hacking into your files.
Encryption can make it harder to open an email or attachment, but it does nothing to prevent it from being intercepted.
The Internet has become the keystone of most modern business communications, and this includes accounting firms. Accountants send hundreds of emails every week and most of these these messages don’t include private files. The problem only rears up when these firms email information that’s considered confidential. If the wrong people get hold of them documents like tax returns can seriously harm a client. Sending this type of information by email isn’t just irresponsible, it’s actually illegal. The Gramm-Leach-Bliley Act requires accounting firms to take reasonable steps to protect the consumer information they collect.
It is important to understand the difference between security and privacy if firms are to comply with mandates about client data protection. Privacy is the shield that protects a person’s identity while actively sharing information via the web. Where privacy is about keeping the door locked, security is about the lock itself. Security is the actual online authentication and authorization protocols that networks use to protect information and the audit system used to verify the overall system’s effectiveness.
One great solution for exchanging documents is available through most of the best CPA websites. Almost all the major CPA website providers offer secure document portals.
Portals come in a variety of shapes and sizes, but they all have one thing in common. These great tools let you exchange files with clients quickly, easily, and safely. Unlike email a portal transfer encrypts the data and transfers directly from your server to the website’s. This eliminates the chance of your file passing through any third party servers and keeps the chain of information accountable and under your immediate oversight.
In the interest in full disclosure, I sell CPA websites. That’s how I make my living but don’t mistake this as a crass sales pitch. All the better CPA websites furnish portal tools, not just mine. If your client recognizes these risks before you adjust your procedures there’s a very high probability you’ll lose him, get a portal and USE it. Stop posting your clients privileged personal data by email without delay.
Brian O’Connell is the CEO and founder of CPA Site Solutions, one of the country’s leading edge web design companies oriented entirely to superior accounting websites. His company currently provides websites for more than 5000 CPA, accounting, and tax preparation firms.