Are You Protecting Client Data When Sending Files Over the Internet?
Column: Small Business Tech Advisor
May. 28, 2012
As the world moves online, a whole new paradigm is developing around the concept of data storage and data transfer. For the past 30 years, computer users have gradually learned about the tradeoffs of storing data on our local PCs compared with centralizing file storage on LAN servers.
But before the PC revolution (i.e. the mainframe era), users had no involvement in decisions about where the data would be stored. At most, we controlled file names, but usually we had little or no control over the location of the data. Along our path to the cloud computing model where data is centralized and access to data is “granted,” as opposed to “transferred,” there is both a paradigm shift, and a transition path that warrants some thought.
When you incorporate the cloud into your systems, there are two important concepts to think about when storing, managing and transferring data files. The first is how to transfer files securely between computers, and the second is how and where to store, manage and archive data in ways that is secure and flexible for business processes.
Cloud Storage and File Sharing Solutions for Casual Users
If you’ve searched the internet for “cloud storage,” you’ll find several “free” products/services available, such as Box.net, DropBox, Google Drive, Microsoft Skydrive, and Apple iCloud. All of these have “freemium” services, meaning, you can use limited features for free, after which you can upgrade and pay if you need larger file transfer or storage needs. For the most part, each of these services are fine for casual use such as photo sharing, personal file storage, and similar non-business critical use, but when you design solutions for business environments, you should look for more secure, full-featured solutions.
Secure File Transfer Options
As we move some or all of our business data into cloud environments, we’ll still need to transfer files between computers from time to time. Of course, it’s easy to attach documents to emails, but without special tools, there is no easy way to securely send and receive documents.
As an accounting professional, you’re required to transfer sensitive information every day in tax returns, payroll reports, financial statements, QuickBooks or Peachtree files, and other financial documents. You could just attach these files to an email, but is that really the safest, smartest way to share information?
Considering the ever-increasing security risks associated with internet communication, and especially email, it’s more important than ever for accountants to find secure means of file transfer that help them protect their own business information as well as their clients’ information.
Think of an email as a postcard – if you attach a file containing confidential information to that email, it’s just about as risky as writing that confidential information on the postcard. As the postcard travels through the postal service all of the information is visible to anyone who happens to see it, including the mail carrier and anyone who sees the mail before it reaches the recipient. Also, a file attached to an email can be hacked.
Even if you password protect that file, it’s still quite risky. While password protection is much better than no security at all, it’s shockingly easy to crack passwords on attached documents using password hacking software. Even password-protected PDF documents are vulnerable (Google it), so the bottom line is DO NOT ATTACH SENSITIVE DOCUMENTS TO EMAILS.
The better way to transmit documents is to use a cloud-based service that provides encryption upon upload by the sender, and decryption upon download by the receiver. There are a few cloud services that provide that encryption (which is analogous to shredding that postcard before you send it out and then reassembling it for the recipient), but with widespread concerns about the safety of your data in the cloud, which product do you choose?
There is a plethora of information about cloud file transfer providers, so be sure to do your homework and choose a reputable vendor with solid security practices.
Every business’s needs are different, but the answers to the following questions are important considerations for any firm:
- Are all data transmitted and stored with at least 128-bit encryption?
- Has the vendor ever experienced any sort of security breaches?
- Is the data stored in a SAS 70 or SSAE16 compliant data center?
- Does the provider perform regular third-party audits?
- Is the interface easy to use?
- Does the program integrate easily into current workflows?
- Can the business owner revoke access to documents after sharing them?
At The Sleeter Group, we use two products that provide somewhat similar capabilities, but each has its own unique strengths. Both products have earned our Awesome Add-on awards, and show great value for customers.
ShareFile, recently acquired by Citrix, is a great solution for centralizing data transfer between computers and data storage in the cloud. ShareFile helps you securely transfer large files to anyone on the Internet. You can use the Web interface to upload/download files, or you can use the ShareFile Outlook Plug-in to securely send files by attaching links to the files in the body of an email.
ShareFile can provide you with your own branded online portal accessible through your firm’s website if you find that you need more data storage, bandwidth or features. In addition to securely sending files, ShareFile allows you to create shared folders in the cloud, so you can have a single place for storing documents and you can control access to that folder as needed.
SmartVault is both a file transfer solution and an online document management portal where documents can be connected to transactions or list entries in QuickBooks, Results CRM, Method CRM, SpringAhead, XpandedReports and other applications. SmartVault also just released their Outlook Plug-in that allows you to send files securely by attaching a link to files in email. With both of these services, all files are transmitted with 256-bit SSL encryption, and folders within the client portal are only viewable and accessible to specified users that are predetermined by you.
So how do these solutions work in the real world? At The Sleeter Group, we use both solutions, but each serves a different purpose in our company. We use ShareFile primarily for sending/receiving files, and we use SmartVault for storing all documents that are connected to a financial transaction or to a CRM record (contracts, employee forms, etc.). So while both services have overlapping features, we find that both serve our needs, and provide enough unique value to us that we wouldn’t be able to do without either of them.
Whatever solution(s) you choose for cloud storage, file transfer, and document management, make sure they allow you to transfer large files (e.g. QuickBooks files) securely and professionally, and if you also need to “connect” documents to transactions in the general ledger or CRM, make sure they provide integrations with your back end accounting, CRM, or other back end system.
Figure 1 ShareFile Web Portal
Figure 2 ShareFile Outlook Plugin
Figure 3 SmartVault Document Management Web Portal
Figure 4 SmartVault Toolbar with Documents Attached to Records in QuickBooks
Figure 5 SmartVault Outlook Plugin