Today’s headline in The Guardian is one that should catch the attention of every small accounting firm: “Deloitte hit by cyber-attack revealing clients’ secret emails.” After all, if even one of the “big four” doesn’t have the resources to prevent an email breach, what hope does a small accounting firm or sole practitioner have? The fact is, you can’t count on email remaining private. It’s a fundamentally insecure service that’s notoriously hard to maintain. As a result, you shouldn’t use it to exchange sensitive information with clients. Instead, use a client portal.
What is a client portal?
In case the idea is new to you, a client portal is simply a secure website that allows you and your clients to upload files to share with one another. Because the files are transferred in an encrypted form and stored on the server in an encrypted form, the chances of accidentally revealing information shared via a client portal are greatly reduced. In fact, client portals are such an improvement over email that the AICPA recommends the use of secure client portals as one of its “Best Practices for Keeping Client Data Secure.”
We’ll go into detail on what to look for in a client portal in a future article, but for now a short list of features to look for when choosing a client portal service includes:
- Strong authenticated encryption (look for phrases like “AES-256”, “ChaCha20”, “Salsa20”, or “XSalsa20”)
- Servers should reside in a facility that has successfully completed an AICPA SSAE 18 SOC 2 audit (this standard audits the facilities internal controls and gives assurance of the physical security of the servers that store your data)
- Simple interfaces (complex interfaces cause confusion for clients and prompt burdensome support calls)
If you are not currently using a secure client portal to exchange files with your clients, you should consider that one of your top priorities for the upcoming tax season. It’s the best solution we have right now to the problem of securely exchanging information, and it’s the responsible thing to do for your clients.
RelaNet client portals
If you need a client portal, RelaNet can help. RelaNet client portals secure and easy to use for both you and your clients. If you would like more information about RelaNet client portals and how they can help your business, please feel free to get in touch.