6 Documents that Accountants Shouldn’t be Sharing via Email

Did you know that you could be putting yourself at risk of serious data breaches just by emailing a contract, invoice or receipt to a client?

In this article I will be looking at 6 documents commonly used by accountants that shouldn’t be distributed via email, the reasons why they shouldn’t be and the solutions out there that you can use in order to share these sensitive files securely.

Hopefully after reading this article you will understand how careful you need to be when dealing with documents containing personally identifiable information and what you can do to avoid any risks of data breaches.

  • Payslips are an indication of how much employees have been paid, detailing the number of hours worked, amount paid, as well as the amount left after tax and national insurance. They are sent to employees usually once a month, depending on how often they are paid. Payslips include personal information about employees that shouldn’t be disclosed within an email.
  • A contract is a written agreement that is enforceable by law, agreeing a deal between two or more people/organisations. Contracts are used all the time between accountants and their clients. Despite the importance of contracts, they should never be sent via email due to the information that they might contain.
  • Accounting reports are another document that accountant’s regularly share with their clients. Used to keep a record of income and cash flow etc, they typically include a balance sheet, an income statement and a cash flow statement and therefore sending them by email is a high risk.
  • Receipts are commonly sent via email, and it’s not always an issue because they don’t always contain any personally identifiable information. However, for accountants it can still be a risk when querying about receipts with clients and directing them by name.
  • An invoice is a payment request from the seller to the purchaser of goods or services. It contains both the buyer and sellers name and address, details regarding what is being purchased, the total amount due for payment, taxes, invoice number etc. This is personally identifiable data and therefore they shouldn’t be sent or received by email.
  • Accounts are a record of various things kept by accountants for their clients. This can include income, profit, costs, cashflow etc, this needs to be kept up to date in order to meet legal duties and calculate how much tax you owe. Accountants will send them to their clients regularly but may not realise that this information isn’t secure when sent by email.

Why can’t you send these files via email?

Since the 25th of May 2018, new GDPR regulations have been in place meaning that businesses now need to comply with a strict set of guidelines in order to protect individual’s personal data, otherwise non-compliance can result in a large fine.

The reason emailing personal data isn’t entirely secure is because unless emails are encrypted, they can technically be read at any of the servers that they pass through.

As well as the added risk of accidentally sending an email containing personal data to the wrong recipient.

How can you send sensitive files?

We know that this can be difficult for accountants seeing as you need to send files containing personal data to your clients within your day-to-day work life.

There are options that can solve the issue with unsecure emails such as implementing end-to-end encryption, there’s also solutions available to allow file sharing in a more secure environment than email.

I will be going through the three main options for secure file sharing: end-to-end encryption, cloud file storage and client portals.

Using end-to-end encryption (E2EE) will keep your client’s data secure and ensure you’re not at risk of any GDPR data breaches. E2EE works by encoding data sent back and forth within emails between you and your clients, so that only the sender and receiver can view the contents of the message by decrypting it.

Nobody else, whether an email service provider, other third-party application service providers, or hackers, will be able to access the data. However, end-to-end encryption isn’t just a straightforward method of securely sharing important information with your clients, it also has its difficulties and can be a painful process to set up.

One of the biggest pain points of end-to-end encryption is that software needs to be implemented on both ends, the sender and the receiver of information. Meaning that each one of your clients need to ensure that they have end-to-end encryption set up before you can share any private documents with them via email, which as you can imagine can be very time consuming.

Cloud storage is a form of online document storage where instead of keeping files on your computer hard drive, your files will be stored online within the cloud. There are many popular services for cloud file storage such as Dropbox and Google Drive.

The way that cloud document storage works is by storing your data within servers rather than on your computer, so that you can access it anywhere from any device simply by logging in to whichever cloud storage service you may be using.

Cloud storage has many advantages; it’s very simple to use, it’s GDPR compliant, it defeats all the risks of losing your files if something happens to your computer and it’s also ideal for collaborating on files with clients seeing as multiple people can access a live version of a document from different places.

A disadvantage is that cloud storage relies on being connected to the internet, so you won’t be able to access your data offline.

The final option is a Client Portal, this is a centralised area that is bank grade secure and completely white-label, where you can share important documents with your clients in your own professional, branded environment.

Using a client portal tool allows your clients to login to an area where they can communicate with your team, view any documents such as reports, invoices etc and even review and sign contracts.

Overall a client portal is a great solution for Accountants as it results in a much more effective and reliable method of communicating, sharing and collaborating on documents with your clients, helping you build trustworthy relationships – as an alternative to email.

As a result of GDPR you can no longer use email to send any documents that contain personal information, this means you can’t send payslips, contracts, accounts, invoices etc to your clients via email.
If you do need to send these files then you need to be using either end-to-end encryption, a cloud storage service, or a client portal.

If you think that using Clinked white-label client portal could benefit your accounting firm by providing a secure platform to collaborate with your clients, then you should book a demo with one of our product specialists.

They will be able to show you through our simple-to-use software and demonstrate how you can cater it specifically to fit your company’s needs and work for your benefit. Use this link to schedule a time that suits you.