Whether it was a credit card number, a client’s balance sheet, personal information or even a password, everyone’s made the mistake of emailing or texting this data.
The good news is that in most (not all) cases this kind of lapse in judgment hasn’t led to some catastrophic ending. Most of the time, luckily, that account or social security number ended up in the hands of the person we intended and not in the hands of a criminal or a dark-web middle man. The bad news is that your luck will run out if you or your clients continue this activity.
The tools used to peer into your email, intercept your text messages and attach themselves to your servers or even to monitor your every keystroke are evolving faster than the technologies used to stop them. In short, we’ve been rolling the dice on security long enough and it’s time to squash the habit of using insecure means to share client information. Here's why...
1. Phishing is everywhere
Email is probably the worst means for sharing important information mainly because of phishing. Phishing occurs when a perpetrator impersonates a trusted email sender in an attempt to get the recipient to click a bad link.
These emails often look identical to the emails you get from your bank or social network. And the links can do all kinds of horrible things, like installing malware or ransomware on your computer without your knowledge or taking you to a page that looks identical to your bank’s login page, but is really designed to steal your username and password. When you use email to share financial information, you are volunteering that information into a system that is frighteningly easy to compromise.
2. Privacy laws are different throughout the world
Another problem with email is that emails often travel through foreign jurisdictions on their journey from your outbox to your client’s inbox. This means that if your email bounces onto a server in a region where privacy isn’t protected, it can (and most likely will) be read by someone other than the person you intended.
3. You can’t trust your recipients to be secure
The grim reality is that your clients are often careless in how they manage their own privacy. They might use an email service that relies on advertising for revenue. They might use a public server.
They might have malware running on their machine and there’s nothing you can do to stop or prevent it. When you send financial details to someone over email, you not only have to trust the security on your end, but you have to trust the security on the recipient’s end as well and that can be a gamble.
4. The cloud is safer than your computer
Most cloud storage companies have much more robust security in place than you do on your laptop. You might think you’ve got a clever password or that you’ve developed unimpeachable security habits.
But unless you’re a security expert, it would likely be simple for a hacker to steal or hold for ransom every bit of data on your hard drive when you step away from your computer.
5. SMS is never secure
This is a common mistake that many people don’t know they’re making. Most of us know that we shouldn’t send important information over text message. But what many of us don’t consider is that when we use SMS to verify a bank account through a four-digit code or to reset a password, we’re putting that critical information into a position of discoverability for any hacker with the right tools. End-to-end encryption doesn’t mean much if a hacker can code his way into your local cell tower and impersonate your device.
Maybe your accounting firm can survive a data breach, but the truth is most small businesses can’t survive the major breach of trust that comes from mishandling client data. Some percentage of your clients will leave and all you’ll be able to do is apologize for being careless.
Do yourself a big favor and start using encryption and the cloud to minimize your risk. Stop sending client information using email.
Keep the most important data somewhere other than on a hard drive. Provide your clients with a secure means for sharing information (and insist that they use it). These simple measures will help ensure that you and your small business clients survive these scary times.