Online Security for Bookkeepers – Safe Email Handling
If you’re working via the Internet to provide bookkeeping services for your clients (as opposed to going on-site to their offices), you’ve found a highly efficient, convenient, and more profitable way to run your bookkeeping practice. But with online services comes online security concerns.
Has this ever happened to you?
- You request needed information from your client to complete a tax filing, and he dutifully attaches documents that include sensitive personal information with the reply email.
- Your client requests you to pay a bill online and she gives you her complete credit card information in an email message.
- Your client just hired a new employee and the employee fills in the forms needed, scans the document, and sends it via an email attachment (Yes, this too contains sensitive personal information).
In each of these real-life common occurrences, without even thinking about it, sensitive information that cyber-criminals would love to get their hands on has been shared via unsecure email correspondence.
Why Sharing Sensitive Information via Email is a Problem
According to an April 2018 article on The Register, “Identity fraud in Blighty hit a record high of 174,523 incidents last year  – and the vast majority of it happened online.”
The cost of cybercrime for small businesses runs a whopping £120,000+ these days.
As bookkeepers, we are also subject to GDPR requirements because we handle personally identifiable information. So it behooves us to do everything we can to protect our clients and ourselves, and that includes email.
How You and Your Clients Can Use Email Safely
Make it easy for your clients to give you the information you need without putting them at a security risk, and you on the hook with liability risk with email.
Here’s the first line of defense: Educate, educate, educate!
Teach your clients to know what they can and cannot give you via email. Here’s a good rule-of-thumb principle to make it easy to remember from IT Services, University of Manchester:
“Sharing information by email should be treated as the electronic equivalent of a postcard. If you assume that it could be read by anyone, this will help to ensure that you take appropriate care both in the content of the email and any attachments.”
3 Simple Tools for Info Safety
Here are 3 simple choices you can use right away to safely exchange sensitive information with your clients and save your online security sanity.
- Provide your clients with a secure, online client portal for sharing sensitive documents and information. This takes email out of the loop! With either in-person or online meeting with each of your clients, you can show them how to securely give you what you need.
SmartVault is my client portal of choice where all my clients’ information is stored safely, accessible to both me and them whenever needed. I’ve found very little instruction is needed for my clients to use it effectively. It’s simple for clients to use.
- Use encrypted email. This can be done easily using add-on programs with Gmail and Outlook. If you don’t want to use those provided by Microsoft or Google (on their paid platforms), other tools that make this easy and safe for both you and your clients are Virtru, which is an email extension, or the free standalone service by ProtonMail.
- Use an old-fashioned fax. This is an option if all else is beyond the reach of your clients’ tech skills. Faxes encode documents into pictures and transmits them over telephone lines. So if this is something your clients are already using, it might be an easy choice, at least until you can help them get up-to-speed on more modern technology. It’s still better than unprotected email.
The best defense against cybercrime and providing professional level, secure services to our clients is to start with email. Proactively step up and implement safety procedures and policies now for the handling of sensitive information. Then teach your clients how to follow these policies and procedures, including email safety, and everybody wins (except the cybercriminals).