As a CPA, you go above and beyond to help your client get the most out of their tax return and finances. However, as the industry migrates more and more into the digital space, you need to balance your efforts between number-crunching and protecting the highly sensitive information your client entrusts you with.

Every day malicious, outside parties attempt to take advantage of lax cybersecurity practices to gain access to any client information they use for gain.

So, what does ‘client information’ entail? Any personal information obtained from or given by clients for a variety of purposes is considered client information. That could mean its information relative to the completion of a sale or an invoice. Or, it could pertain to delivering any sort of data, product, or service. 

The key here is that the information can either be client contact info or it could be financial information or something else.  Think, credit card numbers, addresses, mobile numbers, emails, etc. 

You need to arm yourself with the right tools and backup plans to block any efforts by attackers to access your clients’ personal information. One of the first things you should know when dealing with sensitive data is encryption and how it works. Most communication on the web uses some form of encryption, but what really matters is how it’s used and how strong it is. That’s why we’ve compiled a list of tips that will ensure you protect your client information. Compliance with these tips will enhance your cybersecurity.

Encrypted File-Sharing

Banks and governments utilize what’s called 256-bit AES. It’s a standard of encryption that scrambles data and is virtually impossible to decrypt without the key. The next standard of encryption to know about is called SSL/TLS, a protocol that establishes an encrypted connection between computers. When sharing sensitive data such as financial documents, it’s important to find a solution that uses both. Email uses some form of encryption, but it’s one of the least secure methods of sending documents.


A file-sharing platform is much more secure than email. Rather than directly emailing you the file as an attachment, it emails a link to the recipient that takes them to a secure site where they can directly download the file to their computer, instead of their email service. This is a connection secured with SSL/TLS, which transmits documents encrypted with 256-bit AES.

While encryption protects against external threats, there’s still a high chance of an attack coming from inside the system, in fact, this is how a lot of high-profile data breaches occur. Phishing is a common tactic that attackers use to obtain system login information through the deception of being a legitimate business inquiry. Once they’ve gained access, they can collect a large volume of data and cause damage like installing malware on the network.

Regularly Update Your Software

Security threats are constantly changing. To make sure you’re providing your clients with the best protection, upgrade software as often as it becomes available to protect against viruses and potential hackers. 

Most securities breaches happen when security software is out of date. That’s because hackers are always looking for new ways to get at sensitive information. If you stick with older software, hackers have the potential to go through the back door and infiltrate your secure files. Often, it’s easier to just postpone security updates, but this is what causes these vulnerabilities. Stay up-to-date, and stay secure.

Multi-Factor Authentication

Having tech solutions such as two-factor authentication can help prevent attacks like this. Setting up multi-factor authentication systems for your network and software means that users must have their password and a secondary form of authentication to access the system. This adds an extra step for users, but this can be invaluable in stopping attackers from gaining access. Even if they obtain someone’s login information, they still won’t be able to gain access because they lack the second authentication factor, which could be anything from a physical key, to randomly generated code that only the user has access to. Mobile authenticators are useful in this regard, as the user must use their mobile device to receive a randomly generated code that changes each time they log in.

Limit Human Access

Another way to protect against internal threats is to have strong permissions settings that keep all others on the system from tampering with your client’s documents. You can shut out all others from even seeing the documents you work with while granting limited access to whoever you directly work with. Even then, you can set how much they’re able to do with documents, even restricting them from downloading and setting expiration dates to limit the amount of time they have access to them.

Additional Client Information Security Tips

  1. Implement anti-virus software and firewalls
  2. Use web hosts that make the client’s security (your security) their top priority
  3. Limit access to customer data by password protecting everything
    • Change passwords when an employee leaves the company to ensure that the client’s personal information remains secure
  4. Notify anyone potentially involved when a data breach occurs.
    • This way, people can take preventative measures as far as their various bank accounts are concerned
  5. Hire a security professional to monitor all server activity
  6. Make sure that equipment like computers and tablets are locked up during overnight cleanings

eFileCabinet is a document management system that takes data security seriously and arms you with the tools to be more efficient at your job and protect your client’s personal information. You can use it to securely share and request essential financial documents without fear of them being intercepted and decrypted by attackers. It furthermore protects documents by being a secure system that can be protected by two-factor authentication and a strong permissions toolset. It’s recommended that this is utilized when your business deals with sensitive financial data.

To learn more about how to better protect your client’s financial data, download and read our eBook Tech-Savvy Clients Are Going to Ask You Tough Questions.


Tech-Savvy Clients eBook