Communicate securely with clients: Top tips

While online filing removes the pressure of being bogged down with paperwork, it does throw up another concern - client data security.

Unless you’ve already employed the services of an online portal facility, how can you be sure your clients personal tax returns and other confidential information are safe, especially if you still send them via email?

From evidence gathered in Any Answers this self assessment season, it’s clear many of you have concerns about this. Queries rolled in from digital signatures to questioning the legality of emailing tax returns to clients.

According to an ICAEW survey, 75% of firms don’t encrypt financial statements or tax returns when communicating with clients via email.

Digital document management specialists Lindenhouse have a handy e-guide Streamlining and Securing Client Communication, which provides the answers to many questions about the legal stance and options for document storage and security you may have.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

Online 'security'

Ian McTernan CTA | | Permalink

Anything you transmit can be intercepted, decoded and read.  Using a 'secure online portal'  just puts another layer of 'security' between you and the potential hacker.

As 250,000 FaceBook users can now attest, storing details online on a supposedly 'secure, highly encripted, firewalled blah blah' isn't as safe as people would make you believe.

If a hacker knows that you proudly announce to your clients that you use 'XYZ secure online portal' then they already know where all your information is heading, held, etc and it makes their job easier if they are targeting a specific data set.

Bear in mind also that staff need to be trained to use whatever system you impose and will usually seek to make it as easy as possible so that it takes as little of their time as possible to send/receive information- possibly even using the same password as others or even the same password as that person who was made redundant a few weeks ago.

Data security is an area where there can be many weak links and it only takes one for determined people to be able to access the information you are trying so hard to protect.

By all means use whatever system makes you feel you have done all you can to protect client details but remember to pay for decent training and regular update sessions (with tests!) on the system you decide to use to ensure that staff are using it properly- otherwise it can all be a huge waste of money.

Remember also that emailing any sort of password, decryption key or any other means to access the data at the other end means that all that wonderful encryption, secure online storage etc has all been for nothing, as all it takes is for the email to be intercepted and hey presto the hackers are in.

Paul Holborow's picture

Online security

Paul Holborow | | Permalink

Deciding whether to use a portal is a big step and as some firms might outsource this to a third party this brings its own security issues which I suspect most firms aren't aware of. See the ICO guidance on outsourcing for example - you need to be sure the provider has good security. If they foul up , who do you think is liable?!

Seeing as Rachel mentioned some products in her article, if you are a firm of accountants or run a payroll bureau for example, you could look at Egress for policy driven file and email encryption - recipients need to enter a PIN code or give answers to questions only they would know the answers to in order to decrypt messages. Contact me for more info. or www.egress.com

k.bonney2's picture

What do clients want?

k.bonney2 | | Permalink

Don't accountants excel at agonising over matters such as this?  Has anybody stopped to ask themselves what clients want?  And do they even care?

For the last two years I have asked every client of mine whether they want me to password protect the tax returns I email out to them.  In year 1 only two clients out of 200 responded in the affirmative.  In year 2 no clients responded in the affirmative and the two who had previously asked for password protection rang me to ask me to remind them what the agreed password was!

I conclude this isn't something which keeps clients awake at night.  So let's not get hung up about it.

dpa 2014

thelma65 | | Permalink

the point being is that dpa is changing

so YOU will have to adhere one way or the other - actually clients do want portals and we are attracting better IT savvy clients because we do offer a portal!!!

really you need to just tell clients this is how its going to be - and they generally accept the new way of working theones that dont - well probably they are the most hassle anyway - and they can pay for ther paper copies of TR's every year!

 

portals are a must for the future and for any practice that wants to be ahead of the game