With most of us working remotely during the current COVID-19 pandemic, finding the right file-sharing solution has become critical. We have put together some tips to assist you in starting your search, but these are just tips, not a substitute for your own due diligence.
Most important to CPAs is our need to keep client information secure. When searching for an online solution in Canada, all businesses have a responsibility to safeguard information in their care and control.
Avoid using email
Email is often used to share files, but it is not very secure especially if you or your clients are using one of the larger free email services such as Yahoo!, Gmail, or Hotmail/Outlook.com. Even most pay-for-use services provide limited security to you and your clients since you can only ensure that your end of the email transmission is secure.
If you must send a file by email, you should password protect it and ensure that only your client knows the password, thereby minimizing the risk of an untended recipient accessing a confidential file. Do not send the password by email; instead send the password by text message or via a phone call to your client.
Consider cloud-based sharing
There are a variety of cloud-based file-sharing services, some of which are great for family sharing, but may have security risks for confidential information. However, there are some cloud-based file-sharing services that have improved security and can be used for businesses purposes, as these cloud services are designed to address strict legislative requirements.
It’s important to be aware of the risks involved with such activity as well as to understand how different cloud services may store, manage, process, and disclose data. Without proper security measures, information that comes into contact with cloud services may run the risk of being exposed to hackers, sold for third-party profits, lost, exploited, or stored in a way that breaches privacy legislation.
When selecting a cloud-based file sharing service, here’s what you should consider:
- Data ownership: Within the terms and conditions of some file-sharing providers, once you upload any type of information to their service, the provider may claim ownership of the data including the rights to sell, re-sell, and analyze it. This includes personal data. In some instances, some services will even claim ownership of any Intellectual Property (IP) of information on their servers. This includes any IP that may belong to your clients. Look for a cloud service that acknowledges that all the data you upload will remain in your care and control as well as your ownership. A cloud service should also detail what happens to your files if you choose to close your account.
- Data privacy: More than anything, you want to keep your clients’ confidential files secure and away from prying eyes. The right cloud-based file-sharing service will detail how your clients’ files will be secured against intentional and unintentional access. They will also detail how they meet or exceed privacy legislation relevant to your needs.
- Easy account management: Since cloud-based file-sharing services know that most people do not always have an entire Information Technology team to support them, they make their security controls easy for you to understand and utilize. They also provide you with their own support. Look for one that provides the amount of support that you require.
- Data backup: You should also look at what a cloud service’s procedure is on how often they will back up your data, how you’ll be able to restore your data, and how you’ll be able to retrieve files you or someone else may have accidentally deleted.
- Consistency of service: If you have ever had an Internet outage, you know how frustrating it is to keep working. Most cloud-based file-sharing services will provide you with details of when they are experiencing a problem as well as detail their “up-time” expectations. Up-time is the amount of time their servers are operational without issues during business hours. Look for a service that has at least a 99.9% up-time history.
Vet your cloud service provider
It is important to do your due diligence when selecting the cloud service for your business. Use the checklist developed by Michela V. Fiorido, a privacy lawyer at Harris & Company LLP in Vancouver to vet your cloud service provider.
As mentioned earlier, there are many cloud-based file sharing service providers, and you must do your own due diligence as to which one is right for you. Here are two that have dedicated Canadian services .
- TitanFile is a Canadian company that provides a secure, easy way for professionals to communicate and share files with their clients.
- Sync.com is a Canadian cloud service that makes it easy for users to access and share their files from virtually any computer, phone, or mobile device – without giving up their right to privacy.
Secure electronic signatures
When a signature is required from a recipient, it’s common for the recipient to print the document, sign it, and then scan the document so it can be returned to the sender.
A more secure method is to use providers that offer a “secure electronic signature” service, where you can upload the file requiring a signature, indicate the spot where the signature is required, and send the file to your recipient. The recipient receives a secure email link to the document where they can review the document and utilize a unique signature to sign the document without the need for printing and scanning.
The advantage to these types of services is that they allow you to audit the route of the document to prove who did what and when. Both British Columbia and Canada have specific requirements detailing what is acceptable as a “Secure Electronic Signature”. Here are two Canadian-based services1 that meet these requirements:
For more information on using electronic signatures and managing document sharing, CPA Quebec has a resource page on other potential tools and options.
Written by Jeffrey Nyeboer and originally published to CPABC’s Industry Update.