Is It Safe for Accountants and Their Clients to Share Files via Email?
The truth is: email was never meant to be a secure way to send sensitive information.
Why Should Accountants Avoid Using Emails to Share Sensitive Data?
Dr. Catherine J. Ullman, Senior Information Security Analyst for University of Buffalo, says: “Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”
That includes the thousands of hackers who are eager to get their hands on your clients’ data. Because emails travel from server to server, there are multiple weaknesses that hackers can intercept. Some hackers even gain access to the servers themselves, meaning they can read every email that has been stored in it – even from years prior.
While encryption is an option, it requires both the reader and sender to have it configured in advance. You’ll need to educate your clients on how to do this on their end, keeping in mind that many of them may not have the tech skills needed to do it successfully.
It’s imperative accounting professionals follow cybersecurity guidelines, and unfortunately, email goes against best practice when it comes to sending sensitive information.
What Documents Should Accountants Avoid Sending via Email?
You should avoid sending or requesting the following information in emails – whether it’s in an attachment or in the body of the email message.
- Bank and financial account numbers
- Credit and debit card numbers
- Social Security numbers
- Income information
- Passport numbers
- Driver’s License numbers
- Personal Health Information
- Passwords or log-in information
Many of the documents that accountants require for tax returns include at least one of the data points above. Form W-2, for example, has the person’s name, Social Security number, address, income, and more. This gives criminals exactly what they need to file fraudulent tax returns, take out loans, or sell the victim’s data to other criminals.
How Can Accountants Securely Share Sensitive Data and Documents Online?
A client portal is a secure, private, and authenticated online platform that empowers accounting professionals to collaborate with their clients.
Instead of including critical information in emails, you can have everything secured in the cloud. Authorized clients can access their documents from the secure client portal, reducing the risks of hacking in the process. Clients can even upload documents into their folders to quickly and securely share them with you.
Approved users must verify their identity via two-factor authentication to access it. Automatic records also track every activity, so you can see exactly what’s happening, like who created, accessed, downloaded, and deleted documents.