Handling sensitive data is evolving. From GDPR to SSL, from cookies to privacy policies, the way in which we invite our clients to share data with us remains ever-changing.
Let’s back-track several years and look at the history of how data was handled: There were floppy disks, a great piece of kit, but ones that couldn’t hold much data. There were CDs, easily breakable and easy to corrupt. Then there were USB drives, which could hold anything from a few documents to gigabytes of confidential information but were still at risk of being corrupted. And let’s not forget the days where we were just hand delivered all the documents we ever needed.
So, what’s the common problem here? Security and privacy. With all the new laws coming in this year and in the past, how you handle sensitive data has never been more important.
It begs the question: “Are you still using email?” It’s now more crucial than ever to look at whether or not you are actually 100% secure when you handle this information. Chances are that isn’t the case if you are simply using email to send confidential and sensitive documents.
But there are alternatives to email, and we’re here to show you the tools you can consider and why they could go a long way in improving the security of your client’s data and information.
Question to you: Are you aware of the multiple stops an email makes before it reaches its final destination? Truth be told, if you were, you’d probably think twice about sending private information via email.
It doesn’t just go from your inbox to the recipients. In actual fact, there are multiple servers along the superhighway before the email eventually arrives at its destination. The problem here is when the email is on that journey, it’s at the mercy of server administrators, who have the power to delete or even alter a message.
What’s wrong with this picture? Simply put, the security of the email is beyond your control. You’re hoping it’s safe, but what if it’s not? All it takes is one breach in data or one lost email, and your firm’s reputation, and more importantly, the relationship with that client, is at stake.
You’re risking their privacy and your own privacy. Even having a level of encryption only guarantees a level of privacy between you and your email provider. Once the email leaves there, that level of security is no longer there.
More firms now are beginning to proactively address the need for security, and that often leads to trying systems like Dropbox and Google Drive. These systems are great for sharing individual files or entire folders with a specific person, and good news: they’re encrypted and secure!
But even so, these systems still have their flaws, particularly how you manage the information that is shared. It’s easy enough to share individual documents or folders, but currently both systems don’t give a way to track what has or hasn’t been shared. There’s no bird’s eye overview to display that information, and without this, it can easily become impossible to track what information is readily available and what access might need revoking.
Also, for some of you, you might have a client base that is not as technically-savvy as you, and they might not be familiar with a system like this. Sharing is a two-way street, but what if they’re the person on the street blocking the road and holding everyone up? They might not understand how to share information back to you, or how to even download and open anything you’ve shared.
Client portals are becoming more and more popular, largely down to ease of use for clients. More importantly, they combine the best of both worlds, incorporating the use of emails. For example, some portals allow you to send an email to your client, but that email will send them a secure link to a document in the client portal which requires a password, rather than attaching the document in the email.
There’s also a whole host of built-in security features: Unique user ID’s, passwords, two-factor authentication, user tracking, data back-ups. There’s a lesson to be learnt in using a client portal, and that’s communicating in a safer way by not sending sensitive information via email.
There are a lot of trends and legislation that accountants need to keep up with, and data security and privacy are often at the forefront. The technology is there to help combat any security issues you might be facing, but the responsibility is on you to evaluate and begin implementing them.
If you’re still using email, and email only, ask yourself: “Is it worth the risk?” The security of that client’s information isn’t always in your hands, and that’s a risk that can cause you a lot of problems.
Why take the risk of breaching their privacy when there are solutions out there with all the layers of security and privacy built in? The choice is yours.