A Small Firm’s Guide to Secure Client File Sharing

IMGCAP(1)] Many small accounting firms are looking for a more efficient way to share files with clients. However, most have concerns regarding security, privacy and compliance — and for good reason.

According to the American Institute of CPAs (AICPA), “With the rampant growth in cybercrime, it’s no longer a question of if CPAs, their client or their organization will become a victim, but when.” The good news is that recent data suggests that 87 percent of security breach cases could have been avoided if reasonable security controls had been in place at the time of the incident.

Secure file sharing
For many small accounting firms, digitally sharing files such as 1040s and other sensitive documents is not worth the risk. In fact, a recent study found that only 10 percent of accounting firms surveyed utilize online or cloud solutions to share accounting information with clients.

Fortunately, there are secure options available to small firms that want a faster, more efficient way to share files. Below, I list common file sharing methods and provide a list of best practices for each.
Sharing files through email

Many small accounting firms already use email to share files. Although email is a helpful tool for firms that need to share information quickly, general email comes with a host of flaws.

To start, large Quickbooks files are often not supported by email. This results in emails being bounced back to the sender, requiring follow ups and disrupting workflow.

Additionally, many email providers do not encrypt email messages, which makes it easy for individuals and malicious programs to access email messages and file attachments. It is also worth noting that the GAPP (generally accepted privacy principles) prohibits sending confidential files through unencrypted email.

Although email is not the most secure method of file sharing, there are things accountants can do to reduce their risk of a security breach and help ensure compliance.

  • Use anti-virus software. Although employees should never open emails from untrusted sources, accidents can happen. Anti-virus software is designed to search for, prevent, and remove malicious software, including adware, trojans and worms that can compromise data security and lead to system failures.
  • Choose strong email passwords. Email passwords should include a combination of numbers, upper and lowercase letters and special characters. Additionally, email passwords should never be shared with anyone else, including colleagues.
  • Encrypt, encrypt, encrypt. The best way to protect emails from unauthorized access is to encrypt them. Encryption scrambles data, making it decipherable only to the user(s) with the proper credentials. If your company’s email provider does not provide encryption, we suggest changing email providers — encryption is that important.

Sharing files through mobile applications
Being able to work while on the go is a must for most professionals. Mobile applications enable accountants to share files, send emails, join meetings and edit documents from anywhere at any time.

These benefits have urged many large accounting firms to implement bring your own device (BYOD) policies, which allow employees to use their own smartphones, computers and other devices for work purposes.

BYOD policies have several advantages, including saving firms money on equipment, keeping devices up-to-date and increasing productivity. However, with heightened mobility comes a myriad of potential security threats.

According to Forbes, “All it takes is one infected device to hook into your business network to compromise all the systems and data in your business. All it takes is one lost laptop to lose your customer contact list.”

By following the right guidelines, however, even smaller firms can utilize BYOD policies while also protecting the integrity of their files, network and data.

Some ways that your firm can help protect data from mobile security threats include:

  • Performing regular audits. A BYOD audit will tell you which devices your employees are using and help you keep track of authorized devices on your network.
  • Documenting your BYOD policy. Put a detailed BYOD policy in writing and share it with employees. Your BYOD policy should outline which apps are allowed and in what ways employee devices can be used for business.
  • Determining access controls. Will personal devices have access to all company data or will there be limitations? Determine what is best for your company and set access controls accordingly.
  • Ensuring that business data can be remotely wiped. You should have complete control over company data, even when that data lives on an employee’s device. This means that you should be able to remotely wipe business data without first getting permission from the employee. Being able to remotely wipe a device is essential to the security of your data.

File sharing software
File sharing software helps solve some of the biggest challenges accountants face, including those related to email and mobile security.

Effective file sharing software enables you to send and receive large files quickly while preserving the confidentiality of the data you are transferring. Effective File sharing software also enables users to send and receive files from their smartphones and mobile devices using high-grade security protocols.

It is important to note, however, that not all file sharing software is created equal. To ensure the privacy and security of your firm’s files, your file sharing software should include:

  • Firewalls. Network firewalls prevent unauthorized users from accessing private networks, especially intranets.
  • File versioning. File versioning enables you to preserve and download multiple versions of a single file, preventing changes from being lost between edits.
  • Encryption. Encryption is imperative to the security of your data. An effective file sharing solution encrypts data using AES 256-bit encryption protocols, the same encryption standard used by the U.S. government.
  • Activity reports. Activity reports enable administrators to track every download, upload and file modification that occurs on their network.
  • Industry compliance capabilities. As an accountant, you have strict compliance guidelines that you must meet when it comes to storing and sharing files. Therefore, your file sharing software should support FINRA regulations and Generally Accepted Privacy Principles (GAPP).

The right file sharing software allows you to “check the box” on all the best practices mentioned in this article and ensure that your client data is protected 100 percent of the time.
Jason Goldfinger is the director of corporate sales, Accounting/CPA Division for Citrix ShareFile, the secure file sharing, storage and sync solution that is built for business and used by thousands of accounting professionals around the world. Jason’s specialty is helping accountants and CPAs streamline their workflows, meet compliance and security standards, and better serve their customers. He attended UNC-Wilmington and graduated with a degree in Entrepreneurial and Small Business Operations.

 

For reprint and licensing requests for this article, click here.
Technology
MORE FROM ACCOUNTING TODAY