When it’s time to start funneling tax documents to your accounting department or CPA, the preferred method of exchange is often email. A report even says that 92% of office workers review and collaborate on documents using email.
As email is a digital communications channel already regularly used by more than half the world’s population – rivaled only by text and instant messaging applications – it’s unsurprising that it remains a default channel even when users exchange sensitive data such as personally identifiable financial information (PIFI). Nevertheless, most users do not understand the potential data breach risks associated with data passed through email.
Since 2020, global cybercrime rates have spiked by 600%. While this cybercrime wave has seen some surprising developments in attack vector sophistication, the bulk of successful cyber incidents occurs across familiar vectors. Among polled organizations, 93% report having experienced a data breach within the last 12 months. Of these, email phishing scams account for 90%.
Given the known and evolving information security risks endemic in email, it’s worth taking the time to consider better security practices and alternative delivery methods for your tax documents and other pieces of PIFI/personally identifiable information (PII).
Whether you’re filing your own taxes, or filing taxes/collecting tax documents on behalf of your clients, here are four ways to mitigate the risks of sharing tax documents online:
If you’re preparing your personal or business taxes yourself, you can place reasonable trust in online tax filing platforms such as TurboTax and H&R Block. These service providers offer standard, up-to-date information security features such as:
Sometimes in a pinch, email may be the only option available to you. That doesn’t mean all email attachments are created equal. If you must send documents containing PIFI in email attachments, here are three ways to mitigate associated information security risks.
While this option isn’t available to everyone, if you happen to be located in the same area as your clients, you can absolutely take advantage of the opportunity to eliminate digital document exchange risks by simply requesting delivery of the physical documents themselves. Naturally, the security perks of this approach also depend on how well you trust the information security practices of any delivery services.
If you are a business that collects tax documentation on a repeated basis you should consider offering your clients access to document collection and client portal services. These platforms eliminate intermediary email servers and can provide superior transit and storage encryption, in addition to interior information security protocols. If this option is available to you, it can provide the highest-grade document security.
And if you are on the other side of this relationship, sending off your tax information to an accountant, know that you are able to make this recommendation to your accountant! Especially as data breaches in the financial services industry continue to make the headlines, your accountant will most likely appreciate the forward-thinking recommendation.
(And we know this firsthand, as some of our own team have referred their accountants to our secure document collection system!)
If you’re in the market for a document collection service, making the right choice depends on understanding the features and criteria that distinguish secure services from risky ones. Two features stand out in this area.
In the proliferation of software-as-a-service (SaaS) platforms, buyers shoulder the burden of assessing vendors’ claims regarding their internal security standards. To combat this market confusion, the American Institute of CPAs (AICPA) has developed a set of voluntary infosec compliance standards that businesses can elect to maintain to verify their trustworthiness to potential clients. These service organization controls (SOCs) come in different tiers of security rigidity.
For banks and financial institutions, SOC 2 Type 2 compliance has become the industry gold standard for demonstrating an organization’s commitment to IT best practices and privacy controls. When auditing businesses for SOC 2 Type 2 compliance, auditing organizations apply five trust services criteria.
Encryption complexity comes in tiers. Presently, 256-bit end-to-end encryption occupies the bank-grade standard. Recent studies estimate that brute forcing 256-bit end-to-end encryption with high computational capacity would fall in the range of 2.29x1032 years. Services that employ this level of encryption can safely be considered secure.
FileInvite is a secure document collection and client portal platform that offers users SOC 2 Type 2 compliance and bank-grade, 256-bit end-to-end encryption for all files, data and documents in transit and at rest. In order to safely request and receive tax documents, FileInvite effectively mitigates information security risks as well as improving the user experience for both CPA and client.
To learn more and request a demo, visit FileInvite today.