Free Trial: TheSiteFactory.com

Secure Portal

Software. Marketing. Training. Running your business.
#1
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Curious as to what TPT members use for secure file transfer.

I'm currently using SecureFilePro by Drake, but am considering upgrading over the summer as one of my major practice upgrades.

My main problems with SecureFilePro are the following:

-Some browsers give clients problems and I lose time playing tech support (looking at you Safari and Firefox).
-Multiple users for an entity are not allowed. Also would like to be able to create an account for a user, then assign access to various "entities".
-Download notification emails don't always go through on my end.

Currently paying $20/month for 1 GB at SecureFilePro. I can afford to pay more if the value proposition is compelling.

Does anyone use Caseware Cloud? I did a webinar with them in January and was pretty impressed... Also open to any other suggestions.
 

#2
smtcpa  
Posts:
273
Joined:
28-Jul-2014 5:16am
Location:
Colorado
I switched from SecureDrawer by eFileCabinet to Sharefile and really like it.
 

#3
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
I use SecureDrawer by eFileCabinet and really like it. I have not encountered any of the three limitations you list, although some users are just boneheaded and will not be able to use any portal reliably. I only configure notifications for file uploads, I rely on the audit logs available to the admin if I actually need to check on whether or not someone downloaded something, which is rare.
 

#4
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
I use Sharefile. I like that it functions as a portal, can be used on my website (though no one does), and encrypted e-mail. Finally, I agree with makbo that some people are just boneheaded and they will still have issues regardless of how much you help them out.
 

#5
Posts:
120
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
Dropbox and Google Drive are no less secure than a "Secure Portal", and are a heck of a lot easier to use (on the client side, including the boneheads).
 

#6
Posts:
275
Joined:
11-Oct-2016 2:59am
Location:
California
I use Sharefile. Can also use it to get 8879s electronically signed without any additional downloads. ShareFile is also more secure on the back end compared to Dropbox.
 

#7
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Thanks guys. A lot of votes for Sharefile. I see they offer a free trial. I'll definitely look into them when it slows down.

WilsonCA wrote:Dropbox and Google Drive are no less secure than a "Secure Portal", and are a heck of a lot easier to use (on the client side, including the boneheads).


Didn't DropBox get a lot of publicity recently from a data breach? Maybe those two are as secure as a "Secure Portal" however I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.
 

#8
Posts:
120
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
CreditMyDebit wrote:ShareFile is also more secure on the back end compared to Dropbox.

How so?
 

#9
smtcpa  
Posts:
273
Joined:
28-Jul-2014 5:16am
Location:
Colorado
For some reason, people remember a Dropbox data breach from 2016 and keep repeating that. Sharefile has had a few breaches, the latest in December 2018. There is no such thing as 100% security proof portal software. The biggest reason people get their stuff stolen is they use stupid-simple passwords.

ManVsTax wrote:Didn't DropBox get a lot of publicity recently from a data breach? Maybe those two are as secure as a "Secure Portal" however I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.
 

#10
Posts:
140
Joined:
2-Feb-2015 5:49pm
Location:
Texas
We have used Sharefile (Citrix) for years and like it. Sometimes clients have some issues getting their credentionals but it generally works well. One thing I really like is the Outlook plugin. You can send or receive via email. We have a policy to NEVER email documents with sensitive information (ss numbers, etc) by regular attachment. A few that have trouble with Sharefile we do send passworded psf files when they pretty much demand it.

I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home. However he says Sharefile is very safe and we send files back and forth with it, no problem.
 

#11
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Texas Al wrote:I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home.


Guess those snail mail documents aren't encrypted.... :D
 

#12
Posts:
120
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
ManVsTax wrote:... I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.


True. It depends on what you're going for in your own practice. I use Drake, so the veneer of "professionalism" is kind of off the table for me already. They don't exactly make much of an effort to make the end product look nice! I mean, the tax forms themselves look fine, but the worksheets, statements, comparisons, etc all look like they were designed at different times by different people, and it shows. They're too busy trying to sell you on Gruntworx and SecureFilePro to actually give their main product a decent cleanup, which it badly needs.

But I'm way off on a tangent now...

Some of my clients love the usability of Dropbox and Google Drive. Others don't know anything about storage and security, and would appreciate the (false) sense of security that comes from a separate portal. So for me, it's a question of which type of client I personally prefer to work with.
 

#13
Posts:
1
Joined:
14-Dec-2020 2:11pm
Location:
Baltimore, MD
I'm not too familiar with Caseware Cloud. We had a bad experience with SmartVault, but I think it's just a little cumbersome and dated.

ShareFile (sharefile.com) was great, but we had concerns about it not being as clear on if a person can access the wrong folder which SmartVault did well. In the end, we found that Zapa Client Portal worked well and was very simple for our clients (zapaclientportal.com).

Hope you found something that works well for you!
 

#14
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
I ended up with ShareFile. You definitely have to pay attention to what you're doing when you add a new client or assign access to folders, but as long as you're paying attention it's not that bad. At the end of the day it's a system that does exactly what you tell it to do.

You can also run a folder access report for each user to see what they have access to, if there is any concern that they were setup improperly.

There are some limitations that I wish would be improved, but overall I'm currently satisfied. It would be difficult at this stage to migrate to a new client portal so I'll just keep my fingers crossed and hope the improvements I want to see are made over time.

Longevity is also important for me. Citrix is large, established, and well known.
 

#15
Joan TB  
Posts:
1510
Joined:
21-Apr-2014 9:08am
Location:
Texas
We have Sharefile as well... I use it a lot and I have been very satisfied with it.

Hubby & his secretary only use our Sharefile occasionally, so have they issues with remembering details of how it works, which means I have to go help. But, they are constantly asking for my help when they are accessing dropbox files from a client, too -- so I probably just can't win.
 

#16
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
Different solutions for all. I used ShareFile for a few years and ditched it. Did not think it was worth the cost for the feature set and personally enjoy SmartVault much more, particularly ease with which it integrates with my tax software and DocuSign. No system is ideal, though, IMO.
 

#17
Beagle  
Posts:
89
Joined:
16-Jan-2020 3:15pm
Location:
Freelander
Texas Al wrote:I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home. However he says Sharefile is very safe and we send files back and forth with it, no problem.


I have a client who is an FBI agent and he forbids me from using any of the fire share services for his account and I'm not allowed to send him encrypted pdf files via email. When he hired me we went through my security procedures to make sure they were acceptable.

I have a nephew who works in Silicon Valley at a major firm and said we should always assume anything that says it is encrypted has been hacked. I see encryption as being comparable to putting the club on your steering wheel. Will it 100% save your car? No. Maybe it gets them to move onto the next car because it is easier. With that in mind I encrypt all files, instruct clients to do so and just email them and text passwords.
 

#18
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
Nothing is actually secure, including anything sent by USPS/FedEx/UPS/fax. I have experienced or witnessed mail being stolen and it has led to identity theft and bank fraud. The safety precautions such as encryption are nothing more than a "best effort attempt" to protect everyone. CPA firms are certainly targets and I can tell you even the larger firms can have horrendous intrusion security measures with their networks and paper files.

Personally, I would refuse to work with any business or individual that prevents me from using my established systems or any electronic system, in general. To me, it is akin to people thinking they are at greater risk of bank fraud by doing electronic payments...the same damn information is available on every single check these individuals mail out. Heck, one of the highest risk areas is using a debit or credit card at a bar or restaurant where they take your card and run it at a terminal...they can easily swipe your card with an inexpensive machine to then create a duplicate card. Another high risk area? Medical practices and medical billing since they have every bit of information needed for identity theft.

Anyone that believes paper and mail system/common carrier is more secure than electronic methods is as naïve as anyone that thinks electronic systems are completely secure.
 

#19
Posts:
115
Joined:
13-May-2016 9:21pm
Location:
SF Bay Area
Here's what you do: Go get some alcohol or narcotics, take enough so you are calm enough to accept the fact that no data security policy will every be secure enough. As Cornerstone said wisely - all these precautions are just "best effort attempts to protect everyone".

We all need to exercise reasonable standards to safeguard client data. Check with you state law and insurance carrier to take the minimum precautions so you aren't liable for reckless endangerment of information and party to a lawsuit. Treat your clients' data as if it were your own and use good judgement. Yes, you can still get hacked, but at least you did everything you could to safeguard our clients valuable data.

ONE IMPORTANT TIP : Don't ever open up attachments from anyone you don't know- its the same as letting a burglar into your home.
 

#20
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
Gnfr_tax wrote:
ONE IMPORTANT TIP : Don't ever open up attachments from anyone you don't know- its the same as letting a burglar into your home.


Even if it is from someone you know, you still have to be careful and carefully look at the wording and attachment type. A law firm I do work for recently had a breach with their e-mail system, and the miscreants sent e-mails to everyone they could find, including me. I responded asking if they sent an attachment, received a strange response, and then called the client to confirm. It was NOT legitimate.

Another tactic I sometimes use for questionable attachments is open them on a phone or tablet that does not have anything else on it.

Look at what just occurred using SolarWinds as a gateway. Nothing is secure, and this is an expert IT company with very qualified people and partners.
 

#21
Posts:
418
Joined:
12-Jun-2014 6:13pm
Location:
North Carolina
Good thinking, Cornerstone. It's generally a good idea to call the sender on the telephone and ask if they sent the e-mail and attachment before you open it.

In the last two weeks I have gotten two awfully suspicious e-mails. One of them was almost certainly a test from my employer. This has happened before. They figure that if anyone falls for it that means we need better security training. The other one I was less sure about. I reported the details of both to the folks who are in charge of security issues and deleted them twice - once from my in-box and again from the deleted items folder.

In our business we handle too much sensitive data not to be very very careful!
Because on T.A. ten was the most you were allowed
 

#22
Posts:
115
Joined:
13-May-2016 9:21pm
Location:
SF Bay Area
Nice additional comment about being wary of attachments - Cornerstone.

Because on T.A. ten was the most you were allowed

Ten Letters : What does this mean ? Just curious - thanks !
 

#23
Posts:
418
Joined:
12-Jun-2014 6:13pm
Location:
North Carolina
There used to be a site similar to this one called Tax Almanac. When it shut down most of the folks who used to hang out there migrated here.

When I first signed up at Tax Almanac my original user name was too long. A site admin. told me it would not display right and that I should limit myself to ten letters. I noticed that "tenletters" had 10 letters in it and decided that was as good a user name as any. I've used it ever since.
Because on T.A. ten was the most you were allowed
 

#24
dsocpa  
Posts:
590
Joined:
5-May-2014 11:15am
Location:
Maryland
I look at the email address. Lately the sender will appear to be someone I know but when I look at the actual email address it is clearly not that person.
 

#25
EZTAX  
Posts:
1262
Joined:
24-Apr-2014 6:48pm
Location:
California
Wondering what happens when you decide not to renew the portal. I imagine you loose all your data?
 

#26
Posts:
3574
Joined:
4-Mar-2018 9:03pm
Location:
Near the Kwanzan cherry tree
Check your contract/user agreement.

I'm sure there's a grace period, after which all bets are off.
 

#27
Posts:
135
Joined:
5-Feb-2015 9:28am
Location:
TimBuckTwo
EZTAX wrote:Wondering what happens when you decide not to renew the portal. I imagine you loose all your data?



You should be able to download all files to a local pc ? We use Encyro and can keep copies of all documents locally too. That way if something better comes along we can switch and not loose anything. But for the price and ease of use, Encyro is hard to beat. But with Encyro your account will never disappear if you decide not to renew. It switches back to their free service and everything is still accessible. Plus they are offering free kba till May 15th for signing documents.
 

#28
Posts:
1552
Joined:
21-May-2018 7:50am
Location:
SC
Twin Turbo Z wrote:You should be able to download all files to a local pc ? We use Encyro and can keep copies of all documents locally too.


Didn't Encyro just implement the portal with signatures? I have only been using their encrypted e-mail service but I recall seeing an e-mail, recently, about their portal/esig option.

I retain copies of everything that is in SmartVault locally, too, and can reproduce originating software if need be. I will not place all my eggs in one basket--my time with FileCabinet taught me great lessons on that.
 

#29
Posts:
135
Joined:
5-Feb-2015 9:28am
Location:
TimBuckTwo
CornerstoneCPA wrote:
Twin Turbo Z wrote:You should be able to download all files to a local pc ? We use Encyro and can keep copies of all documents locally too.


Didn't Encyro just implement the portal with signatures? I have only been using their encrypted e-mail service but I recall seeing an e-mail, recently, about their portal/esig option.

I retain copies of everything that is in SmartVault locally, too, and can reproduce originating software if need be. I will not place all my eggs in one basket--my time with FileCabinet taught me great lessons on that.


Yes they are offering FREE kba signature feature till mid may.
 

#30
Hunter  
Posts:
40
Joined:
5-May-2014 10:01pm
Location:
Charlotte
Dropbox has Shared Branding on the Professional level and up now. I've been trying it out this past week and its pretty cool. It still has some dropbox logos and such but it also has my company's logo and name implemented for a more "professional" look. I also created an upload folder and link which clients can use for general secure uploads.

Everything synced on my computer to my local hard drive.

I'm a big dropbox user, especially since I have integration through a tax portal that I built that can connect clients' folders with their personalized online portal. And any client uploads automatically pop right into their client folder. It has saved me HOURS. https://www.wpcloudplugins.com/plugins/ ... r-dropbox/
 

#31
Frankly  
Moderator
Posts:
2032
Joined:
21-Apr-2014 9:08am
Location:
California
If you have trouble losing things that get loose, try Scotch tape or a Glu-Bird. Works wonders.
 

#32
s054  
Posts:
33
Joined:
4-Jun-2020 3:15am
Location:
Jerusalem, Israel
Does anyone have any experience with TaxDome? Sounds like a really good value, if it actually does all they say
 

#33
Posts:
3
Joined:
6-Feb-2021 1:02pm
Location:
Georgia
I use Verifyle. Provides secure email, file sharing, and document signing.
 


Return to Business Operations and Development



Who is online

Users browsing this forum: No registered users and 13 guests