Data security is in the news. Phishing scams, ransomware, spyware and other exploits keep security experts on their toes. Accountants aren’t typically in the data security business, but keeping client data secure is an imperative for anyone hoping to stay in business. Firms and clients are most vulnerable when they are exchanging documents and data. While portals are the go-to secure channel for collaboration, firms need to stay on top of the latest security best practices. To protect your clients, follow these five portal security suggestions.
Passwords aren’t as foolproof as they used to be. You can put a lot of effort into an uncrackable password only to inadvertently give it away to a hacker perpetrating a phishing scam. Two-step verification requires clients to verify the device they are using to access their files in addition to entering a password. Implementing this best-practice security measure is simple, and it could save your firm and your clients a lot of hassle.
Set retention policies
Keeping files too long can be just as risky (if not more) than not keeping them long enough. This applies to clients as well as to your firm’s document retention policies. Setting expiration dates on files in the portal can prevent files from hanging around longer than intended. If you know a client uses the portal just for short-term file exchange, you can set up the expiration period to be as short as just a week or two. If clients use their portals for longer-term storage, you can set up the expiration date to be longer.
Deactivate unused portals
If you no longer have a relationship with a client, leaving the portal active could be a risk. Clients may be careless with credentials, or they may forget that they’ve granted access to others. Deactivate the client’s portal to prevent anyone from accessing the files. By deactivating, rather than deleting, a portal, you can easily re-activate the portal if needed.
Limit access to portals
Make sure your staff doesn’t have access to client portals that they don’t need to access. Use permissions built in to the system to limit access to the portal. And when a staff member leaves your firm, make sure to remove access to any of their assigned portals. Using access groups can simplify this process. Don’t forget to remind clients to delete inactive users they’ve added as well.
Encryption and virus protection
Using encryption when sending and receiving information is not enough. Files must be encrypted even when not being accessed. If your data is not encrypted on the server, it’s vulnerable to hacking. Store the encrypted files behind secure firewalls. You should also make sure all files are scanned for viruses before they are stored.