Protect your Private Post

Many businesses opt out of using secure portals because they believe the technology to be confusing, the cost high, and the administration burdensome. And yet secure portals remain the surest way of protecting private information.

It's that time of year: quarterly statements are due and year-end tax preparation is happening at a furious pace. Translation: a lot of private information is being shared over the Internet. Unless you are using a secure portal to work on those live files and then transfer finished goods, you cannot be sure those files are safe from prying eyes.

If you're not convinced, just think about the implications of Bell Canada's move to start collecting detailed information about its customers' buying and viewing habits and even their calling behaviours and favourite apps. In many ways, Bell's announcement simply confirms the fact that whatever travels over the Internet is scanned and read — unless the information is encrypted.

Determining whether you are communicating securely should be a priority. The fact is, if you had to send sensitive information to someone 15 years ago, you paid a courier to deliver it. And if it was very sensitive information, you more than likely paid the premium of using a bonded courier to ensure its secure arrival. You would not drop the envelope containing the file into a Canada Post mailbox even though Canada Post was (and is) a relatively secure way to send information. If we used secure delivery methods as responsible businesses back then, why wouldn't we do it now? Yet, today, most accountants are attaching sensitive files to an email or worse yet, referring to private information directly in the body of the email.

The reason: many businesses are frightened of secure portals because they imagine the technology is confusing and view it as an additional administrative and cost burden. This could also be said about using a bonded courier. People don't want to take the extra step to secure their information. At the same time, they have a false sense of security because the information travels unseen, so they assume it's safe. It's not.

What's more, secure portals are not as complex as many people fear. Here's a very quick breakdown of what you need to know.

  • Hypertext Transfer Protocol Secure (HTTPS) is a secure third-party verified web browsing protocol. HTTPS is the equivalent (and more) of a bonded courier, as the exchange of content is encrypted. Simply look in the address bar: if you see https://, then you know your content is secure.
  • User authentication is necessary to access content through portals so only the correct person can receive the email or attachment.
  • There are secure public portals, such as Hightail and ShareFile, which work well for one-time or occasional usage.
  • Some vendors offer collaboration portals that combine file transfer, synchronization of work in process and messaging services.
  • Using a portal is a best practice and ensures you are compliant with regulatory obligations around securing confidential information.

While there is an additional cost to using a secure portal, it is nowhere near the cost of distributing sensitive information to the wrong people. This is a protocol we as accountants are not adhering to and we should. Given that big players such as Bell have openly admitted they are collecting our data, it makes you wonder who else might have prying eyes. It's up to us to keep private information safe.