Gabrielle Fontaine, PB, ABSC
Are you a virtual bookkeeper, or are you thinking of taking your traditional bookkeeping practice to the cloud? Then there’s something you need to pay attention to so you don’t put yourself at risk. It’s online security — secure handling of sensitive electronic information.
What do I mean? Well if you’re working with your clients’ financial information online, you’ll need things like tax documents, bank and credit card information, and even passwords. How will you get them from (or share them with) your clients securely so that they don’t fall into the wrong hands?
Most of us tend to focus on the immediate task of getting the information needed without paying attention to how we obtain and share that information. Clients also need guidance and training because they usually aren’t paying attention either.
That’s why I’ve put together 6 tips you can put into practice to help protect both you and your clients from a world of hurt due to mishandling of sensitive financial information.
1. Get Your Own Logins – If your clients are using business bank accounts, most banks will allow them to set up a separate login for their bookkeeper for their online banking access. This is the safest way to protect you from being blamed if something “strange” happens. It also doesn’t violate the Banks’ terms of service. (Sharing the clients’ logins often does)
2. Use Cloud-based Accounting Software – Instead of trying to remote access your clients’ books, it is much easier to use web-based software where you and your clients each have your own logins with appropriate security and permissions. This may be QuickBooks Online or Xero, or it could also mean using desktop software that is accessible through the web via an approved hosting service. Because your access can be tracked through the audit trail, there’s no question about who is doing what in the bookkeeping records.
3. Use a Secure Password Manager – In some cases you will have no choice but to share logins with staff or clients. LastPass is a secure tool that allows you or your clients to share the use of logins without exposing the actual information. It can also be turned off when needed by the owner of the login credentials. Again, this helps protect both you and the other party.
4. Document Everything when Paying Bills – If you are processing payments for your clients electronically, you need to have a system in place to be sure that you get approval in writing to authorize payments. Whether you use an online app such as Bill.com or not, you must be sure clients are involved in how their money is being handled.
5. Use Secure Cloud-Based Document Management – You will need to work with documents that have sensitive financial information for your clients. Far safer than using an online program that syncs and copies sensitive documents onto your hard drive (Dropbox does this), is to use SmartVault. In fact, in my own practice my clients know that all of the documents we share live in one place online. It’s a tool that’s easy for both me and my clients, but gives peace of mind knowing that nothing can ever accidentally shared with someone who should not have access to my clients’ information.
6. Carry Errors & Omissions Insurance (professional liability) – If you are ever accused of mishandling sensitive client information, it may not matter if you really did or not. You will still need to prove your innocence and pay legal expenses. Policies specifically for bookkeepers help protect you, just in case.
Technology is changing the way we provide services to our clients and can vastly streamline our processes and efficiency. We just need to take proper precautions and stay informed on the risks involved. Of course, our advice and guidance in this area also makes us even more valuable to our clients!
When it comes to handling sensitive financial information, the old saying holds true: an ounce of prevention is worth a pound of cure.
Click on the link below to earn your Cybersecurity Champion Badge!
Take The Quiz