You might also be interested in
Replies (4)
Please login or register to join the discussion.
Online 'security'
Anything you transmit can be intercepted, decoded and read. Using a 'secure online portal' just puts another layer of 'security' between you and the potential hacker.
As 250,000 FaceBook users can now attest, storing details online on a supposedly 'secure, highly encripted, firewalled blah blah' isn't as safe as people would make you believe.
If a hacker knows that you proudly announce to your clients that you use 'XYZ secure online portal' then they already know where all your information is heading, held, etc and it makes their job easier if they are targeting a specific data set.
Bear in mind also that staff need to be trained to use whatever system you impose and will usually seek to make it as easy as possible so that it takes as little of their time as possible to send/receive information- possibly even using the same password as others or even the same password as that person who was made redundant a few weeks ago.
Data security is an area where there can be many weak links and it only takes one for determined people to be able to access the information you are trying so hard to protect.
By all means use whatever system makes you feel you have done all you can to protect client details but remember to pay for decent training and regular update sessions (with tests!) on the system you decide to use to ensure that staff are using it properly- otherwise it can all be a huge waste of money.
Remember also that emailing any sort of password, decryption key or any other means to access the data at the other end means that all that wonderful encryption, secure online storage etc has all been for nothing, as all it takes is for the email to be intercepted and hey presto the hackers are in.
Online security
Deciding whether to use a portal is a big step and as some firms might outsource this to a third party this brings its own security issues which I suspect most firms aren't aware of. See the ICO guidance on outsourcing for example - you need to be sure the provider has good security. If they foul up , who do you think is liable?!
Seeing as Rachel mentioned some products in her article, if you are a firm of accountants or run a payroll bureau for example, you could look at Egress for policy driven file and email encryption - recipients need to enter a PIN code or give answers to questions only they would know the answers to in order to decrypt messages. Contact me for more info. or www.egress.com
What do clients want?
Don't accountants excel at agonising over matters such as this? Has anybody stopped to ask themselves what clients want? And do they even care?
For the last two years I have asked every client of mine whether they want me to password protect the tax returns I email out to them. In year 1 only two clients out of 200 responded in the affirmative. In year 2 no clients responded in the affirmative and the two who had previously asked for password protection rang me to ask me to remind them what the agreed password was!
I conclude this isn't something which keeps clients awake at night. So let's not get hung up about it.
dpa 2014
the point being is that dpa is changing
so YOU will have to adhere one way or the other - actually clients do want portals and we are attracting better IT savvy clients because we do offer a portal!!!
really you need to just tell clients this is how its going to be - and they generally accept the new way of working theones that dont - well probably they are the most hassle anyway - and they can pay for ther paper copies of TR's every year!
portals are a must for the future and for any practice that wants to be ahead of the game