As a CPA, you go above and beyond to help your client get the most out of their tax return and finances. However, as the industry migrates more and more into the digital space, you need to balance your efforts number-crunching and with protecting the highly sensitive information your client entrusts you with.

Every day malicious, outside parties attempt to take advantage of lax cybersecurity practices to gain access to any client information they use for gain.

So, what does ‘client information’ entail? Any personal information obtained from or given by clients for a variety of purposes is considered client information. That could mean it’s information relative to the completion of a sale or an invoice. Or, it could pertain to delivering any sort of data, product, or service. 

The key here is that the information can either be client contact info or it could be financial information or something else.  Think, credit card numbers, addresses, mobile numbers, emails, etc. 

You need to arm yourself with the right tools and knowledge to block any efforts by attackers to access your clients’ personal information. One of the first things you should know when dealing with sensitive data is encryption and how it works. Most communication on the web uses some form of encryption, but what really matters is how it’s used and how strong it is.

Encrypted File-Sharing

Banks and governments utilize what’s called 256-bit AES. It’s a standard of encryption that scrambles data and is virtually impossible to decrypt without the key. The next standard of encryption to know about is called SSL/TLS which is a protocol that establishes an encrypted connection between computers. When sharing sensitive data such as financial documents, it’s important to find a solution that uses both. Email uses some form of encryption, but it’s one of the least secure methods of sending documents.


A file-sharing platform is much more secure than email. Rather than directly emailing you the file as an attachment, it emails a link to the recipient that takes them to a secure site where they can directly download the file to their computer, instead of their email service. This is a connection secured with SSL/TLS, which transmits documents encrypted with 256-bit AES.

While encryption protects against external threats, there’s still the high chance of an attack coming from inside the system, in fact, this how a lot of high-profile data breaches occur. Phishing is a common tactic that attackers use to obtain system login information through deception. Once they’ve gained access, they can collect a large volume of data and cause damage like install malware on the network.

Multi-Factor Authentication

Having tech solutions such as two-factor authentication can help prevent attacks like this. Setting up a multi-factor authentication system for your network and software means that users must have their password as well as a secondary form of authentication in order to access the system. This adds an extra step for users, but this can be invaluable in stopping attackers from gaining access. Even if they obtain someone’s login information, they still won’t be able to gain access because they lack the second authentication factor, which could be anything from a physical key, to randomly generated code that only the user has access to. Mobile authenticators are useful in this regard, as the user must use their mobile device to receive a randomly generated code that changes each time they log in.

Role-Based Permissions

Another way to protect against internal threats is to have strong permissions settings that keep all others on the system from tampering with your client’s documents. You can shut out all others from even seeing the documents you work with while granting limited access to whoever you directly work with. Even then, you can set how much they’re able to do with documents, even restricting them from downloading and setting expiration dates to limit the amount of time they have access to them.

Additional Client Information Security Tips

  1. Implement anti-virus software and firewalls
  2. Use web hosts that make the client’s security (your security) their top priority
  3. Limit access to customer data by password protecting everything
    • Change passwords when an employee leaves the company to ensure that the client’s personal information remains secure
  4. Upgrade software as often as it becomes available to protect against viruses and potential hackers
    • If you stick with older software, hackers have the potential to go through the back door and infiltrate your secure files.
  5. Notify anyone potentially involved when a data breach occurrs.
    • This way, people can take preventative measures as far as their various bank accounts are concerned.
  6. Hire a security professional to monitor all server activity
  7. Make sure that equipment like computers and tablets are locked up during overnight cleanings.

eFileCabinet is a document management system that takes data security seriously and arms you with the tools to do be more efficient at your job and to protect your client’s personal information. You can use it to securely share and request essential financial documents without fear of them being intercepted and decrypted by attackers. It furthermore protects documents by being a secure system that can be protected by two-factor authentication and a strong permissions toolset. It’s recommended that this is utilized when your business deals with sensitive financial data.

To learn more about how to better protect your client’s financial data, download and read our eBook Tech-Savvy Clients Are Going to Ask You Tough Questions.


Tech-Savvy Clients eBook