As a CPA, you go above and beyond to help your client get the most out of their tax return and finances. However, as the industry migrates more and more into the digital space, you need to balance your efforts number-crunching and with protecting the highly sensitive information your client entrusts you with.

Everyday malicious, outside parties attempt to take advantage of lax cybersecurity practices to gain access to any information they use for gain.

You need to arm yourself with the right tools and knowledge to block any efforts by attackers to access your clients’ information. One of the first things you should know when dealing with sensitive data is encryption and how it works. Most communication on the web uses some form of encryption, but what really matters is how it’s used and how strong it is.

 

Encrypted File-Sharing

Banks and governments utilize what’s called 256-bit AES. It’s a standard of encryption that scrambles data and is virtually impossible to decrypt without the key. The next standard of encryption to know about is called SSL/TLS which is a protocol that establishes an encrypted connection between computers. When sharing sensitive data such as financial documents, it’s important to find a solution that uses both. Email uses some form of encryption, but it’s far from the most secure method of sending documents.

 

A file-sharing platform is much more secure than email. Rather than directly emailing you the file as an attachment, it emails a link to the recipient that takes them to a secure site where they can directly download the file to their computer, instead of their email service. This is a connection secured with SSL/TLS, which transmits documents encrypted with 256-bit AES.

While encryption protects against external threats, there’s still the high chance of an attack coming from inside the system, in fact, this how a lot of high-profile data breaches occur. Phishing is a common tactic that attackers use to obtain system login information through deception. Once they’ve gained access, they can collect a large volume of data and cause damage like install malware on the network.

 

Multi-Factor Authentication

Having tech solutions such as two-factor authentication can help prevent attacks like this. Setting up a multi-factor authentication system for your network and software means that users must have their password as well as a secondary form of authentication in order to access the system. This adds an extra step for users, but this can be invaluable in stopping attackers from gaining access. Even if they obtain someone’s login information, they still won’t be able to gain access because they lack the second authentication factor, which could be anything from a physical key, to randomly generated code that only the user has access to. Mobile authenticators are useful in this regard, as the user must use their mobile device to receive a randomly generated code that changes each time they log in.

 

 

Role-Based Permissions

Another way to protect against internal threats is to have strong permissions settings that keep all others on the system from tampering with your client’s documents. You can shut out all others from even seeing the documents you work with while granting limited access to whoever you directly work with. Even then, you can set how much they’re able to do with documents, even restricting them from downloading and setting expiration dates to limit the amount of time they have access to them.

eFileCabinet is a document management system that takes data security seriously and arms you with the tools to do be more efficient at your job and to protect your client’s data. You can use it to securely share and request essential financial documents without fear of them being intercepted and decrypted by attackers. It furthermore protects documents by being a secure system that can be protected by two-factor authentication and a strong permissions toolset. It’s recommended that this is utilized when your business deals with sensitive financial data.

To learn more about how to better protect your client’s financial data, download and read our eBook Tech-Savvy Clients Are Going to Ask You Tough Questions.

 

Tech-Savvy Clients eBook