Before You Request Personal Accounting Info Via Email, Read Thison 7 February 2024
If you’re an accountant who still uses email as your primary method of contact and collecting information from clients, we get it. Email is familiar to both you and the businesses you serve. It’s also convenient, and everyone knows how to use it.
But we’re here to tell you that your clients would like to (politely) ask you to STOP.
Because clients are concerned about the security of their sensitive financial information. And they have good reason to be, as you’ll find out later in this article. For now, though, keep reading to learn why you should think carefully before hitting that send button.
Emailing finance information isn’t the same as emailing about dinner plans. See why sharing important accounting information via Glasscubes is a better (and safer) choice. Book your free demo NOW!
5 Reasons To STOP Using Email To Request Personal Accounting Information
Email isn’t dead by any stretch, but it SHOULD BE if you’re an accountant communicating with clients. Here’s why:
Emails are vulnerable to interception.
The inherent design of email allows messages to pass through multiple servers and networks, providing ample opportunities for attackers to eavesdrop, access, or tamper with the content. In other words, it’s fairly easy for cybercriminals to intercept your clients’ emails and thus their personal financial information, such as bank account numbers or social security numbers.
Phishing attacks are prevalent in email communication.
Phishing involves tricking individuals into revealing their personal or financial information by masquerading as a legitimate entity. Attackers send deceptive emails that appear to be from reputable organizations like banks or financial institutions, requesting personal financial information or directing recipients to fraudulent websites. These emails often look convincing, making it challenging for users to distinguish between genuine and fake requests.
Emails lack end-to-end encryption.
Most emails are not equipped with end-to-end encryption. While some email providers offer encryption options, it requires both the sender and recipient to have the necessary encryption settings configured. So even if your firm uses encryption, it’s not fully secure if your clients don’t also use encryption.
Without encryption, your clients’ emails could be intercepted and read by unauthorized parties, leaving their personal financial information exposed.
Storage devices may not be properly safeguarded.
Emails are typically stored on various devices, email servers, and backups for an extended period. This can create additional vulnerabilities as these storage locations may not have the same level of security as other storage options (think encrypted servers and file storage platforms). If your clients’ personal finance information is included in these emails, it remains at risk of unauthorized access or data breaches for an extended period.
Emails can be easily forwarded to unauthorized parties.
When an email containing personal finance information is sent, the sender loses control over who can access the information. The recipient may inadvertently forward the email to unintended recipients or reply to all, exposing confidential information to unauthorized individuals. This lack of control over the email's journey increases the risk of data leakage.
Need more reasons to give email the old heave-ho? Here are 10 scary email statistics…
1. 91% of all cyber attacks begin with a phishing email to an unexpected victim [Deloitte].
Imagine you’re in charge of the purse strings at a large company. Someone sends you an email from what seems like a legitimate email address using names you know—perhaps team members from a longtime business partner.
Given the familiarity, you’re not likely to be on high alert. That’s how phishing perpetrators weasel their way into even large organizations. It only takes one unsuspecting person to fall for the trick and open the company up to bad actors.
2. On average, employees receive 14 malicious emails per year, with some industries receiving as many as 49 [Tessian].
An increasing number of cybercriminals use email as a method to distribute malware, ransomware, or other malicious attachments. These emails may contain infected attachments or malicious links that, when clicked, can compromise the recipient's device, network, or organization. The frequency of these malicious emails underscores the need for strong email security measures and user awareness.
3. Business email compromise (BEC) scams accounted for $1.8 billion in losses in 2019 [FBI].
BEC scams involve cybercriminals impersonating high-level executives or trusted business partners to manipulate employees into transferring funds or sensitive information. These sophisticated scams exploit trust and often involve social engineering tactics. BEC scams have been highly successful, leading to significant financial losses for businesses across various industries.
4. Data breaches caused by email compromise have increased by 67% since 2014 [Accenture via Norton].
Consider this story of a firm whose client’s email was compromised. The bad actor posed as the client while requesting the firm send funds to the client’s “new account,” which was actually owned by the bad actor. After multiple email exchanges, the firm complied, leading to a large financial loss for the client.
5. 76% of organizations said remote work would increase the time to identify and contain a data breach [IBM].
Remote work can cause delays in identifying and containing a breach because employees who are working from home may not have the same level of cybersecurity protection as they would when working from a secure office environment. Additionally, remote work can also result in a lack of centralized visibility and control, which can slow down the detection and containment process.
Ensure the work you do with your clients is secure using Glasscubes, a client portal tailored for industries like accounting. Don’t waste another day—book a free demo now!
7. Attackers send around 3 to 4 million malicious emails per day [Splunk].
The volume of malicious emails sent daily is staggering, highlighting the scale of the threat organizations face. This statistic underscores the importance of sophisticated email filtering systems and advanced threat intelligence to identify and block these malicious emails effectively.
7. 94% of organizations experienced phishing attacks in 2023 [Egress].
Phishing attacks are prevalent across various industries and organizations of all sizes. Cybercriminals continually refine their techniques, making it crucial for organizations to stay vigilant and implement robust security measures to protect against phishing attempts.
8. Email encryption adoption rates are still relatively low, with only 35% of organizations implementing encryption in 2021 [Statista].
Despite the risks associated with email interception, data leaks, and unauthorized access, many organizations have yet to fully adopt email encryption technologies. Encryption helps secure the content of emails, ensuring confidentiality and protecting sensitive information from unauthorized access. Increasing adoption of email encryption is crucial for improving overall email security.
9. Email remains one of the primary vectors for spreading malware, accounting for 92% of malware delivery [PurpleSec].
Malware-laden emails continue to be a favored method for attackers to distribute harmful software. Whether through infected attachments or links to malicious websites, these emails aim to exploit vulnerabilities and compromise systems. Organizations must employ robust email security solutions that can detect and block malware, minimizing the risk of infection.
10. The average cost of a data breach in 2023 was $4.45 million [IBM].
Data breaches can lead to significant financial ramifications for organizations. The costs associated with a breach include legal fees, regulatory fines, notification and credit monitoring services for affected individuals, reputational damage, and potential loss of business. Investing in robust security measures and incident response plans can help mitigate the financial impact of a data breach.
CPAs: Your Emails Could Present Liability Issues
Using email to request personal accounting information from clients is clearly risky. To make matters worse, your firm may be liable if your clients’ information is exposed from your email.
The specific liability and consequences will vary based on the jurisdiction and circumstances of the incident. However, there are several factors that could contribute to your liability:
- Duty of care. As an accountant, you have a professional duty to protect client information and maintain confidentiality. If you fail to take reasonable measures to secure your email system and prevent unauthorized access, you may be considered negligent and held liable for any resulting damages.
- Contractual obligations. You likely have contracts or engagement letters with your clients that outline the terms of their relationship and obligations regarding data security. If you breach these contractual obligations—such as failing to implement adequate security measures to protect client information—you may be held liable for any resulting harm or breaches of confidentiality.
- Privacy laws and regulations. Depending on the jurisdiction, you may be subject to specific privacy laws and regulations that govern the protection of personal information. If you fail to comply with these laws or regulations, you may face legal consequences, including fines, penalties, or lawsuits.
- Professional liability insurance. You may carry professional liability insurance, also known as errors and omissions insurance, which provides coverage for claims and damages arising from professional negligence. If your email is hacked and client information is leaked, your insurance policy may cover some of the financial liabilities resulting from the incident.
To fully understand the specific liability and consequences you or your firm may face in such a situation, you should consult legal counsel and consider the specific laws and regulations applicable in your jurisdiction.
Instead of email, request your clients’ personal accounting information through a client portal.
Email may be simple and familiar, but it has clearly become a risky form of communication with today’s numerous cybersecurity threats. That’s why it’s important to engage with clients in a secure environment, such as within a client portal.
Glasscubes is a secure client portal and collaboration solution that focuses on helping service providers like accountants reduce their administrative burden while safeguarding their activities.
Not only does it protect data by SSL encryption in transit and at rest, but also distributes it across multiple physical locations to ensure high availability and retains it for 30 days.
Glasscubes is also accredited by UKAS with the ISO/IEC 27001 Information Security Management Systems certification and by IASME Consortium with the Cyber Essentials certification. These accreditations demonstrate our commitment to the continual improvement of our security management systems.
Our portal is both secure and easy to use. Plus, its multiple capabilities help you work seamlessly with clients to ensure you don’t miss any client files or important tax deadlines.
Beyond security, here are a few other key features accountants love about our client portal:
- File sharing and document management
- File request
- Real-time collaboration
- Task management
- Version control
- Audit trails and access control
- Workspace management
File Sharing And Document Management
Easily share and organize financial documents, tax returns, and reports securely in one centralized location.
This eliminates the need for manual tracking and searching through numerous email attachments, ensuring that everyone has access to the latest versions of documents.
Avoid the annoyance of emailing clients to collect multiple files (an especially useful feature during tax season or audits!). Whether you need 10 documents or 100, you can collect them all via a single link that navigates to a unique, secure portal where clients can upload the documents you need. Files are checked off as they’re uploaded, so you and clients can easily see progress.
Communicate and collaborate internally and externally in real time.
This feature eliminates delays and miscommunications associated with email threads.
Create and assign tasks to clients.
Task reminders and notifications make it easy to convey clear expectations and deadlines, which improves accountability and timely completion of deliverables.
Never again lose track of document versions!
Rest assured that everyone is working on the latest iteration of every document. This mitigates the risks of using outdated or incorrect information.
Audit Trails And Access Control
Automatically record and track all your accounting activities.
Glasscubes provides an audit trail for accountability and compliance purposes. Accountants can control access permissions to determine who can view, edit, or download specific documents.
Organize your work with workspaces.
In Glasscubes you can create a workspace for each client and give access to only that client’s team and relevant members of your staff.
Ready to change your document management system for the better? Request a free demo of Glasscubes today.
“Saving us hours of resource”
“Prior to using Glasscubes, our whole team was involved in contacting our clients multiple times a year to request their records. This was very time-consuming and was not as successful as we would have liked.
We started using Glasscubes this tax year and to date it has saved us around 288 hours of resource, allowing our staff to proceed with actual work. ”
—Sophie M, a manager in the accounting industry, via Capterra