Did you know that you could be putting yourself, and your clients, at risk just by emailing a contract, invoice or receipt?
Crazy right? However, it's very true as cybercriminals are projected to steal an estimated 33 billion records in 2023. That's up from 12 billion records swiped last year. (1) In the United States, an estimated 1,579 data breaches including 179 million record were exposed (see below). (2)
At Clinked, this motivates us to ensure you protect yourself and clients using secure methods to remit important corporate records between parties. In this article, we will highlight 6 key records commonly used by accountants that shouldn’t be distributed via email. Also, the reasons why they shouldn’t be and the solutions out there that you can use in order to share these sensitive files securely. Hopefully, after reading, you will have a stronger understanding of how careful you need to be when dealing with documents containing personally identifiable information and what to do in order to avoid risk of data breaches. On with the show!
6 key records not to share via email
- Payslips: These are indications of how much employees have been paid; detailing the number of hours worked, amount paid, as well as the amount left after tax and national insurance. They are sent to employees usually once a month, depending on how often they are paid. Payslips include personal information about employees that shouldn’t be disclosed within an email.
- Contract: Written agreements enforceable by law, agreeing a deal between two or more people/organisations, provide specific details that can compromise companies and individuals. Contracts are used all the time between accountants and their clients. Despite the importance of contracts, they should never be sent via email due to the information that they might contain.
- Accounting Reports: These key documents summarize activities of companies and individuals together that accountant’s regularly share with their clients. Used to keep a record of income and cash flow etc, they typically include a balance sheet, an income statement and a cash flow statement and therefore sending them by email is a high risk.
- Receipts: This may seem harmless, however receipts often provide registration numbers of companies that can be a breadcrumb for cybercriminals. Best practice is to have a blanket policy even if they don’t always contain any personally identifiable information. For accountants it can still be a risk when querying about receipts with clients and directing them by name.
- Invoice: Similarly invoices give the details of a payment request from the seller to the purchaser of goods or services. It contains both the buyer and sellers name and address, details regarding what is being purchased, the total amount due for payment, taxes, invoice number etc. This is personally identifiable data and therefore cannot be sent or received by email.
- Accounts: These key record of various things are kept by bookkeepers and accountants for their clients of financial transactions and key activities. This can include income, profit, costs, cashflow etc, this needs to be kept up to date in order to meet legal duties and calculate how much tax you owe. Accountants will send them to their clients regularly but may not realise that this information isn’t secure when sent by email.
Why can’t you send these files via email?
Globally, data security and cyber attacks have been hot topics. The impact may not have reached your organization or client base, but you likely know another organizations or individuals impacted.
Often the culprit to these breaches are emails intercepted on either the sender or receiver side. By offering a solution to sending files via email to your clients, who may be using personal email without security protocols, the service offered ensures your data is also not compromised. Also, human error can come into sending emails as checking email addresses to ensure the correct contact is an added risk with files containing personal data.
As a note, if you are based in Europe or work with European clients, the GDPR regulations that came into law as of 25 May 2018 were implemented for businesses to comply with a strict set of guidelines in order to protect individual’s personal data, otherwise non-compliance can result in a hefty fine.
How can you send sensitive files?
We know that this can be difficult for accountants seeing as you need to send files containing personal data to your clients within your day-to-day work life. However, we are happy to share a few solutions, including one if email is absolutely necessary for these file types.
The the three main options for secure file sharing are:
Using end-to-end encryption (E2EE) will keep your client’s data secure and ensure you’re not at risk of any GDPR data breaches. E2EE works by encoding data sent back and forth within emails between you and your clients, so that only the sender and receiver can view the contents of the message by decrypting it.
Nobody else, whether an email service provider, other third-party application service providers, or hackers, will be able to access the data. However, end-to-end encryption isn’t just a straightforward method of securely sharing important information with your clients, it also has its difficulties and can be a painful process to set up.
One of the biggest pain points of end-to-end encryption is that software needs to be implemented on both ends, the sender and the receiver of information. Meaning that each one of your clients need to ensure that they have end-to-end encryption set up before you can share any private documents with them via email, which as you can imagine can be very time consuming.
Please keep in mind this is protection for your organization sending file. It would also be required in your client's email system for full cycle protection.
Cloud storage is a form of online document storage where instead of keeping files on your computer hard drive, your files will be stored online within the cloud. There are many popular services for cloud file storage such as Dropbox and Google Drive.
The way that cloud document storage works is by storing your data within servers rather than on your computer, so that you can access it anywhere from any device simply by logging in to whichever cloud service you may be using.
Cloud storage has many advantages; it’s very simple to use, it’s GDPR compliant, it defeats all the risks of losing your files if something happens to your computer and it’s also ideal for collaborating on files with clients, seeing as multiple people can access a live version of a document from different locations.
A disadvantage is that cloud storage relies on being connected to the internet, so you won’t be able to access your data offline.
The final option is a Client Portal, this is a centralised area that is bank grade secure and completely white-label, where you can share important documents with your clients in your own professional, branded environment.
Using a client portal tool allows your clients to login to an area where they can communicate with your team, view any documents such as reports, invoices etc and even review and sign contracts.
Overall, a client portal is a great solution for Accountants. It results in a much more effective and reliable method of communicating, sharing and collaborating on documents with your clients - as an alternative to email. It provides with a professional, branded environment for your clients, helping you build trustworthy relationships with them.
Not all client portal allow for two way interaction. As such, check the offering to ensure your clients will be able to submit any sensitive files via the system rather than just viewing.
If you think that using a client portal may suit, why not check out our Clinked white-label client portal? The benefits to your accounting firm begin with providing a secure platform to share documentations with your clients, but doesn't end there.
Learn more by booking a demo with one of our product specialists.