Secure File Sharing Checklist: The Trinity
Explicitly stated or not, your clients trust you to keep them safe when doing business with you. And in the increasingly paperless world of professional services today, that involves protecting them electronically, i.e., minimizing their exposure when communicating or sharing files online. Purchasing security software alone isn’t enough. If you want to take security seriously, you need three things: the right technology, good habits, and an unwavering commitment to educating your clients. Just one or two out of three won’t do. And in our experience, the ball most firms drop is education. Namely, educating clients on secure file sharing best practices and why they should care.
New rules on secure file sharing.
Your tech savvy clients will likely embrace secure file sharing best practices and appreciate you for it. Your clients who are still trying to figure out how copy and past works will probably resist any change in routine. But you can’t let that discourage you. You have to lead clients to an understanding that email simply isn’t a safe place to communicate or share files. For their own good, and because regulatory authorities including the IRS, FINRA, and ABA have all published new guidance around cloud storage, client portals, and how we share files electronically with clients. The common thread between professional services being vigilance and an expectation that we all stay up to date on secure file sharing best practices, including current software solutions.
Numbers don’t lie. Email is the problem.
Regardless of company size, email remains the preferred point of entry for cybercriminals looking to steal your data. The bad guys know professional service firms store and exchange critical data all the time, and that email is the easiest way to steal it. Phishing attacks, ransomware, social engineering, spoofing — all of it starts with an email.
The proof is in...the proof.
A good way to handle resistance to change is to provide hard proof. Some clients won’t connect the dots unless the dots have price tags attached. There are some insightful studies available online that are filled with jaw dropping stats. Don’t hesitate to share those with skeptical clients (Google’s Identity Theft: The Aftermath is a good primer).
What about client portals?
Most people incorrectly assume all client portals inherently provide a secure file sharing environment. Unfortunately, portals rely on email for communication. As long as email is part of the equation, secure file sharing is impossible.
Secure file sharing is a two-way street.
Most systems that claim to offer secure file sharing only work one-way in practice. The firm uses the “secure” system to send docs, but the clients return them via email. Using email anywhere along the process compromises the security perimeter.
The First Three Steps
Step One: Choose the right technology.
The most obvious way to reduce your clients’ exposure to data breaches is to avoid using email altogether for client communication and file sharing. That includes platforms, such as client portals, that rely on email to work. Another critical consideration is friction. If you introduce more process overhead (steep learning curve, too many steps, or multiple platforms instead of a single home-base platform), your adoption rate will suffer. Instead, choose an intuitive, easy-to-use solution — preferably an all-in-one with a mobile app — that clients will actually enjoy using. The right technology will improve security, increase engagement, effortlessly scale, and make both your employees and clients much happier.
Step Two: Establish good habits.
There’s a wide range of things you can do to improve your cybersecurity. Some of them require investment dollars, while others simply require a change in behavior. We published our own cybersecurity checklist — “7 simple ways to immediately boost your firm’s cybersecurity” — that you can download for some best practice suggestions you can adopt right away, at no cost.
Step Three: Commit to educating your clients.
Arguably the most important step. After all, what good is adopting a bona fide secure sharing platform if you can’t convince clients to join you? There are a ton of great studies and resources you can share, including our own, with varying levels of detail and approachability. Choose the ones that best speak to your clients. Use them as part of a year-round effort to show clients exactly why they should follow your lead in making cybersecurity a priority now and into the future.
To learn more about secure file sharing processes, check out Insightful Accountant's webinar with Liscio CEO Chris Farrell on November 5, 2019 at 12:00 p.m. Eastern Time. Register here.