Some accountants treat their email inbox like a junk drawer, using it as storage place for digital odds and ends, including attachments, spreadsheets, and years of client correspondence. While that definitely leads to a cluttered inbox, it also potentially increases your exposure to two huge accounting liabilities:
- Data breaches.
- Malpractice lawsuits.
It may seem silly to talk about your email as if it were a disaster waiting to happen, but the truth is that many accountants and financial advisors underestimate their data-related risks.
So let's get down to it. In this guide, we'll go over your accountant cyber liability and point out five things in your email that could threaten your business and potentially lead to lawsuits or data breaches.
Cyber Liability for Accountants
Before we get into the dangers lurking in your inbox, let's talk briefly about your cyber liability as an accountant.
If your accounting firm were hacked, what kind of data could criminals steal? Depending on the kind of accounting work you do, you might have the following files on your network or cloud storage:
- Tax returns.
- Financial statements.
- Corporate memos.
These documents are sensitive by themselves, but they also contain private information such as bank account numbers, home addresses, and other data that cyber criminals are looking to steal.
State laws require you to protect this data, and if you're hacked you'll have to inform your clients that their data was compromised. Data breaches not only damage your reputation, they can also lead to client identity theft and lawsuits filed against your accounting firm. (To learn about covering data breach costs, read up on how Cyber Liability Insurance can protect accountants).
5 Things in Your Email that Could Lead to Lawsuits or Data Breaches
It's crucial for accountants to prevent data breaches and limit their cyber risk exposure. How do you do that? In addition to investing in secure technology, you should limit what you store in email, cloud storage, and other accounts that could be hacked.
Here are five things accountants shouldn't keep in their email:
#1: Scanned documents.
As an accountant, you receive all sorts of documents that contain an individual's private and protected information, including trade confirmations, trust agreements, wire transfers, and bank statements. You might need these files, but after you download them to a secure location, delete them from your inbox.
#2: Personally identifying information.
Personally identifying information.
Files containing Social Security numbers, addresses, and other personal information are usually protected by data breach laws. This can be especially tricky because you might take every precaution to secure private data only to have a client email you their Social Security number in plain text in the body of an email. Remember that when a client sends you personally identifying information, it's your legal responsibility to make sure it's stored securely.
#3: Proprietary information.
If you work in commercial accounting, you might have access to files containing trade secrets, intellectual property, and information about potential mergers and acquisitions. If this information were leaked, it would be costly for your clients. Make sure you protect it.
#4: H.R. records.
Remember when you hired that temp during tax season? Well, their scanned driver's license, job application, and H.R. records need to be deleted from your email account. Employee, contractor, and temp worker files are legally protected, so make sure to wipe them off your hard drive and online accounts.
#5: Negative comments about a client.
Negative comments about a client.
The South Florida Legal Guide points out that your firm's internal emails can be used against you in a malpractice case. If one of your employees is frustrated with a client and emails something negative to a coworker (e.g., suggesting the client might be totally incompetent), a jury might take this as evidence that your firm had a grudge against the client. Remind employees that they shouldn't badmouth about clients, and certainly not do it via email!
Accountants should keep these five things out of their inbox for many reasons, not least of which is that human error is one of the leading causes of data breaches. If an employee left their laptop on the train or lost their mobile phone, you might be legally required to report this data breach. Yes, lost smartphones can be considered a data breach — if the employee used it for work, anyone who found or stole the device could have access to sensitive data.
With nearly every employee having a mobile device, it's crucial for accounting firms to adopt best practices that will minimize the risk of a data breach and prevent a malpractice lawsuit.
To learn more about limiting your cyber liabilities, see our Q&A, "How do I protect against data breaches?"