6 Documents that Accountants Shouldn’t be Sharing via Email
Secure file sharing for accountants can seem unimportant, but did you know that you could be putting yourself at risk of serious data breaches just by emailing a contract, invoice or receipt to a client? According to the latest report from Statista, there were over 1,000 data breaches in the US in 2020, and over 155 million people were affected by data exposures due to less-than-adequate information security.
In this article we will be looking at 6 documents commonly used by accountants that shouldn’t be distributed via email, the reasons why they shouldn’t be and the solutions out there that you can use in order to share these sensitive files securely. Hopefully after reading this article you will understand how careful you need to be when dealing with documents containing personally identifiable information and what you can do to avoid any risks of data breaches.
Find out about:
- The 6 accounting documents that shouldn’t be shared via email
- Why can’t you send these accounting files via email?
- How can you send sensitive files?
The 6 accounting documents that shouldn’t be shared via email
- Payslips are an indication of how much employees have been paid, detailing the number of hours worked, amount paid, as well as the amount left after tax and national insurance. They are sent to employees usually once a month, depending on how often they are paid. Payslips include personal information about employees that shouldn’t be disclosed within an email.
- A contract is a written agreement that is enforceable by law, agreeing a deal between two or more people/organisations. Contracts are used all the time between accountants and their clients. Despite the importance of contracts, they should never be sent via email due to the information that they might contain.
- Accounting reports are another document that accountant’s regularly share with their clients. Used to keep a record of income and cash flow etc, they typically include a balance sheet, an income statement and a cash flow statement and therefore sending them by email is a high risk.
- Receipts are commonly sent via email, and it’s not always an issue because they don’t always contain any personally identifiable information. However, for accountants it can still be a risk when querying about receipts with clients and directing them by name.
- An invoice is a payment request from the seller to the purchaser of goods or services. It contains both the buyer and sellers name and address, details regarding what is being purchased, the total amount due for payment, taxes, invoice number etc. This is personally identifiable data and therefore they shouldn’t be sent or received by email.
- Accounts are a record of various things kept by accountants for their clients. This can include income, profit, costs, cashflow etc, this needs to be kept up to date in order to meet legal duties and calculate how much tax you owe. Accountants will send them to their clients regularly but may not realise that this information isn’t secure when sent by email.
Why can’t you send these accounting files via email?
Globally, data security and cyber attacks have been hot topics. The impact may not have reached your organization or client base, but you likely know another organizations or individuals impacted.
Often the culprit to these breaches are emails intercepted on either the sender or receiver side. By offering a solution to sending files via email to your clients, who may be using personal email without security protocols, the service offered ensures your data is also not compromised. Also, human error can come into sending emails as checking email addresses to ensure the correct contact is an added risk with files containing personal data.
As a note, if you are based in Europe or work with European clients, the GDPR regulations that came into law as of 25 May 2018 were implemented for businesses to comply with a strict set of guidelines in order to protect individual’s personal data, otherwise non-compliance can result in a hefty fine.
How can you send sensitive files?
We know that this can be difficult for accountants seeing as you need to send files containing personal data to your clients within your day-to-day work life.
There are options that can solve the issue with unsecure emails such as implementing end-to-end encryption, there’s also solutions available to allow file sharing in a more secure environment than email.
We will be going through the three main options for secure file sharing: end-to-end encryption, cloud file storage and client portals.
End-to-end encryption (E2EE)
Using end-to-end encryption (E2EE) will keep your client’s data secure and ensure you’re not at risk of any GDPR data breaches. E2EE works by encoding data sent back and forth within emails between you and your clients, so that only the sender and receiver can view the contents of the message by decrypting it.
Nobody else, whether an email service provider, other third-party application service providers, or hackers, will be able to access the data. However, end-to-end encryption isn’t just a straightforward method of securely sharing important information with your clients, it also has its difficulties and can be a painful process to set up.
One of the biggest pain points of end-to-end encryption is that software needs to be implemented on both ends, the sender and the receiver of information. Meaning that each one of your clients need to ensure that they have end-to-end encryption set up before you can share any private documents with them via email, which as you can imagine can be very time consuming.
Cloud storage is a form of online document storage where instead of keeping files on your computer hard drive, your files will be stored online within the cloud. There are many popular services for cloud file storage such as Dropbox and Google Drive.
The way that cloud document storage works is by storing your data within servers rather than on your computer, so that you can access it anywhere from any device simply by logging in to whichever cloud storage service you may be using.
Cloud storage has many advantages; it’s very simple to use, it’s GDPR compliant, it defeats all the risks of losing your files if something happens to your computer and it’s also ideal for collaborating on files with clients seeing as multiple people can access a live version of a document from different places.
A disadvantage is that cloud storage relies on being connected to the internet, so you won’t be able to access your data offline.
The final option is a Client Portal, this is a centralised area that is bank grade secure and completely white-label, where you can share important documents with your clients in your own professional, branded environment.
Using a client portal tool allows your clients to login to an area where they can communicate with your team, view any documents such as reports, invoices etc. and even review and sign contracts.
Overall a client portal is a great solution for Accountants as it results in a much more effective and reliable method of communicating, sharing and collaborating on documents with your clients, helping you build trustworthy relationships – as an alternative to email.
As a result of GDPR you can no longer use email to send any documents that contain personal information in the EU, this means you can’t send payslips, contracts, accounts, invoices etc to your clients via email. If you do need to send these files then you need to be using either end-to-end encryption, a cloud storage service, or a client portal.
If you think that using Clinked white-label client portal could benefit your accounting firm by providing a secure platform to collaborate with your clients, then you should book a demo with one of our product specialists. They will be able to show you through our simple-to-use software and demonstrate how you can cater it specifically to fit your company’s needs and work for your benefit. Use the link below to schedule a time that suits you.
Or find out more on our dedicated Accounting page.