Dangerous Document Sharing Mistakes – Are You Making Them Too?

Document sharing is something we do constantly as bookkeepers and accountants. We share electronic documents with clients, vendors, our clients' customers and suppliers, and the list goes on. While document sharing is a typical activity in our world, I have been shocked time and again when seeing what ‘typical procedures' actually involve for many of us.

For example, what would you do in these scenarios?

Your client just hired a virtual assistant and you need her completed Form W-9 so you can issue the required Form 1099-MISC for your client at the end of the year.


You've just won a new client using value pricing, which includes getting pre-approved recurring monthly payments via QuickBooks Payments. So as part of your onboarding process, you need to collect the new client's bank or credit card information along with a signed authorization.

How do you go about getting these documents electronically?

What's Happening in Reality

More than a few people who SHOULD be using secure document sharing and controlled procedures aren't. Most are simply using (unencrypted) email! It's convenient, and many just use it without a second thought.

Unfortunately, that includes a lot of bookkeepers and accountants (and lawyers and financial institutions, and software companies, etc.).

  • I've had my own clients, despite being advised otherwise, send me their tax information through regular email
  • I've seen colleagues share sensitive logins and passwords through email
  • I've had financial institutions request me to send them sensitive client information, again, via email
  • Even other large accounting industry organizations for whom I've done work have asked me to provide my own sensitive payment info via email (I didn't follow their procedures)

Why This Is a Problem

Identity theft hit an all-time high in 2016, affecting an estimated 15.4 million people (one in every 16 adults in the U.S.). It caused losses totaling $16 billion, according to Javelin Strategy & Research. Likely you've been affected in some way in recent years too, maybe multiple times.

Personally, I've had to replace several credit and debit cards over the years due to security breaches or actual ID theft, and even my cell phone account was hacked this past winter. I was the one who discovered it (within 24 hours, thankfully), but it's a complete mystery how the crook got access to my information (the phone company fraud department was baffled too).

As bookkeepers and accountants, we have a moral and even a legal responsibility to protect our clients' sensitive information. That's likely why the AICPA recently said, With the rampant growth in cybercrime, it's no longer a question of if CPAs, their clients or their organization will become a victim, but when. Accordingly, they've released a white paper this year that lists the top cybercrimes that are the strongest threats to CPAs, and offer recommendations on prevention, detection and recovery strategies.

Bluntly stated, mishandling of clients' (and others') personally identifiable information (PII) can put you out of business. Not only can breaches lead to a bad reputation or loss of clients, but also to federal and state compliance audits and even being sued by the government. And that doesn't just apply to accountants, but to all businesses who handle PII.

We need to be paying attention to this!

What Can You Do About It?

Start by thinking before sending email.

Yes, it's convenient to just attach a document and hit the Send button. But as true professionals, we must stop to think about what could happen if what we are sending fell into the wrong hands. Red flags for information that should not be emailed include:

  • Documents that expose Social Security numbers
  • Bank and credit card information
  • Passwords, especially to online banking
  • Debit card PINs
  • Dates of birth
  • Health records
  • Anything that contains personally identifiable information

Use a secure online document portal or file delivery system instead. Provide instructions to your clients on how they should handle their information properly. (By the way, this is part of the advisory role that clients truly need from us and is of high value, especially to small businesses that don't realize the risks.) Consider your internal workflow and processes, and communicate them clearly to your team. If they are not standardized, this is a great reason to get started with that.

Personally, I use SmartVault for my document management almost exclusively because of the high level of protection and ease of use when sharing information with my clients. It integrates with other apps I use as well, such as for the scenarios at the beginning of this article. RightSignature can be used to securely automate the gathering of sensitive information that requires a signature. It then delivers the documents directly to SmartVault. (Just be sure you adjust the settings, so the signed documents are not automatically emailed once executed!)

If you're looking for ways to think through your workflow and see how to vet the apps you use, including considering your security requirements as an accountant or bookkeeper, join us in TFB Premium this month on “Recommended Apps for Today's Virtual Bookkeeper

By the way, because SmartVault is a key app I use in my own bookkeeping practice (and have since 2009), they are now a trusted sponsor of The Freelance Bookkeeper. Which apps do you use to protect your clients and help streamline your workflow when it comes to sharing documents?


Freelance bookkeeper, trainer and consultant who works with internet savvy business owners and bookkeeping professionals to maximize cash flow and build true win-win relationships.

Tagged As: , , , , , ,

2 Responses to “Dangerous Document Sharing Mistakes – Are You Making Them Too?”

  • Susan Natali on July 27, 2017

    I have clients on both extremes – the ones who refuse to do even online bank feeds, and those who email me their bank passwords! When there are SSNs or credit card numbers on forms, I have them fill out the form leaving out that information and then have them call me with the numbers which I then fill out by hand.

    • Gabrielle on July 27, 2017

      Thanks for sharing your experiences, Susan. Yep, clients are all over the map with security sensitivity. Good low-tech way to keep their info safe with your method. (Of course, you’ll also have to make sure those paper documents are then stored safely, or shredded after they have been used too.)

Leave a Reply

Your email address will not be published. Required fields are marked *

  • January 2018
    S M T W T F S
    « Dec