Secure Portal

Software. Marketing. Training. Running your business.
#1
Posts:
8151
Joined:
4-Mar-2018 9:03pm
Location:
The Office
Curious as to what TPT members use for secure file transfer.

I'm currently using SecureFilePro by Drake, but am considering upgrading over the summer as one of my major practice upgrades.

My main problems with SecureFilePro are the following:

-Some browsers give clients problems and I lose time playing tech support (looking at you Safari and Firefox).
-Multiple users for an entity are not allowed. Also would like to be able to create an account for a user, then assign access to various "entities".
-Download notification emails don't always go through on my end.

Currently paying $20/month for 1 GB at SecureFilePro. I can afford to pay more if the value proposition is compelling.

Does anyone use Caseware Cloud? I did a webinar with them in January and was pretty impressed... Also open to any other suggestions.
 

#2
smtcpa  
Posts:
515
Joined:
28-Jul-2014 5:16am
Location:
Richmond, VA
I switched from SecureDrawer by eFileCabinet to Sharefile and really like it.
 

#3
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
I use SecureDrawer by eFileCabinet and really like it. I have not encountered any of the three limitations you list, although some users are just boneheaded and will not be able to use any portal reliably. I only configure notifications for file uploads, I rely on the audit logs available to the admin if I actually need to check on whether or not someone downloaded something, which is rare.
 

#4
Posts:
2887
Joined:
21-May-2018 7:50am
Location:
Northern MI and Coastal SC
I use Sharefile. I like that it functions as a portal, can be used on my website (though no one does), and encrypted e-mail. Finally, I agree with makbo that some people are just boneheaded and they will still have issues regardless of how much you help them out.
 

#5
Posts:
152
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
Dropbox and Google Drive are no less secure than a "Secure Portal", and are a heck of a lot easier to use (on the client side, including the boneheads).
 

#6
Posts:
275
Joined:
11-Oct-2016 2:59am
Location:
California
I use Sharefile. Can also use it to get 8879s electronically signed without any additional downloads. ShareFile is also more secure on the back end compared to Dropbox.
 

#7
Posts:
8151
Joined:
4-Mar-2018 9:03pm
Location:
The Office
Thanks guys. A lot of votes for Sharefile. I see they offer a free trial. I'll definitely look into them when it slows down.

WilsonCA wrote:Dropbox and Google Drive are no less secure than a "Secure Portal", and are a heck of a lot easier to use (on the client side, including the boneheads).


Didn't DropBox get a lot of publicity recently from a data breach? Maybe those two are as secure as a "Secure Portal" however I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.
 

#8
Posts:
152
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
CreditMyDebit wrote:ShareFile is also more secure on the back end compared to Dropbox.

How so?
 

#9
smtcpa  
Posts:
515
Joined:
28-Jul-2014 5:16am
Location:
Richmond, VA
For some reason, people remember a Dropbox data breach from 2016 and keep repeating that. Sharefile has had a few breaches, the latest in December 2018. There is no such thing as 100% security proof portal software. The biggest reason people get their stuff stolen is they use stupid-simple passwords.

ManVsTax wrote:Didn't DropBox get a lot of publicity recently from a data breach? Maybe those two are as secure as a "Secure Portal" however I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.
 

#10
Posts:
152
Joined:
2-Feb-2015 5:49pm
Location:
Texas
We have used Sharefile (Citrix) for years and like it. Sometimes clients have some issues getting their credentionals but it generally works well. One thing I really like is the Outlook plugin. You can send or receive via email. We have a policy to NEVER email documents with sensitive information (ss numbers, etc) by regular attachment. A few that have trouble with Sharefile we do send passworded psf files when they pretty much demand it.

I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home. However he says Sharefile is very safe and we send files back and forth with it, no problem.
 

#11
Posts:
8151
Joined:
4-Mar-2018 9:03pm
Location:
The Office
Texas Al wrote:I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home.


Guess those snail mail documents aren't encrypted.... :D
 

#12
Posts:
152
Joined:
2-Jun-2014 12:47pm
Location:
Oregon
ManVsTax wrote:... I think there's a level of professionalism conveyed by using a portal instead of telling the client to just upload it to Google Drive and share it with me.


True. It depends on what you're going for in your own practice. I use Drake, so the veneer of "professionalism" is kind of off the table for me already. They don't exactly make much of an effort to make the end product look nice! I mean, the tax forms themselves look fine, but the worksheets, statements, comparisons, etc all look like they were designed at different times by different people, and it shows. They're too busy trying to sell you on Gruntworx and SecureFilePro to actually give their main product a decent cleanup, which it badly needs.

But I'm way off on a tangent now...

Some of my clients love the usability of Dropbox and Google Drive. Others don't know anything about storage and security, and would appreciate the (false) sense of security that comes from a separate portal. So for me, it's a question of which type of client I personally prefer to work with.
 

#13
Posts:
1
Joined:
14-Dec-2020 2:11pm
Location:
Baltimore, MD
I'm not too familiar with Caseware Cloud. We had a bad experience with SmartVault, but I think it's just a little cumbersome and dated.

ShareFile (sharefile.com) was great, but we had concerns about it not being as clear on if a person can access the wrong folder which SmartVault did well. In the end, we found that Zapa Client Portal worked well and was very simple for our clients (zapaclientportal.com).

Hope you found something that works well for you!
 

#14
Posts:
8151
Joined:
4-Mar-2018 9:03pm
Location:
The Office
I ended up with ShareFile. You definitely have to pay attention to what you're doing when you add a new client or assign access to folders, but as long as you're paying attention it's not that bad. At the end of the day it's a system that does exactly what you tell it to do.

You can also run a folder access report for each user to see what they have access to, if there is any concern that they were setup improperly.

There are some limitations that I wish would be improved, but overall I'm currently satisfied. It would be difficult at this stage to migrate to a new client portal so I'll just keep my fingers crossed and hope the improvements I want to see are made over time.

Longevity is also important for me. Citrix is large, established, and well known.
 

#15
Joan TB  
Posts:
1897
Joined:
21-Apr-2014 9:08am
Location:
Texas
We have Sharefile as well... I use it a lot and I have been very satisfied with it.

Hubby & his secretary only use our Sharefile occasionally, so have they issues with remembering details of how it works, which means I have to go help. But, they are constantly asking for my help when they are accessing dropbox files from a client, too -- so I probably just can't win.
 

#16
Posts:
2887
Joined:
21-May-2018 7:50am
Location:
Northern MI and Coastal SC
Different solutions for all. I used ShareFile for a few years and ditched it. Did not think it was worth the cost for the feature set and personally enjoy SmartVault much more, particularly ease with which it integrates with my tax software and DocuSign. No system is ideal, though, IMO.
 

#17
Beagle  
Posts:
189
Joined:
16-Jan-2020 3:15pm
Location:
Freelander
Texas Al wrote:I have client who is a retired computer security expert who says that IRS efile is not secure. He files on paper and we are not allowed to mail tax documents to his home. However he says Sharefile is very safe and we send files back and forth with it, no problem.


I have a client who is an FBI agent and he forbids me from using any of the fire share services for his account and I'm not allowed to send him encrypted pdf files via email. When he hired me we went through my security procedures to make sure they were acceptable.

I have a nephew who works in Silicon Valley at a major firm and said we should always assume anything that says it is encrypted has been hacked. I see encryption as being comparable to putting the club on your steering wheel. Will it 100% save your car? No. Maybe it gets them to move onto the next car because it is easier. With that in mind I encrypt all files, instruct clients to do so and just email them and text passwords.
 

#18
Posts:
2887
Joined:
21-May-2018 7:50am
Location:
Northern MI and Coastal SC
Nothing is actually secure, including anything sent by USPS/FedEx/UPS/fax. I have experienced or witnessed mail being stolen and it has led to identity theft and bank fraud. The safety precautions such as encryption are nothing more than a "best effort attempt" to protect everyone. CPA firms are certainly targets and I can tell you even the larger firms can have horrendous intrusion security measures with their networks and paper files.

Personally, I would refuse to work with any business or individual that prevents me from using my established systems or any electronic system, in general. To me, it is akin to people thinking they are at greater risk of bank fraud by doing electronic payments...the same damn information is available on every single check these individuals mail out. Heck, one of the highest risk areas is using a debit or credit card at a bar or restaurant where they take your card and run it at a terminal...they can easily swipe your card with an inexpensive machine to then create a duplicate card. Another high risk area? Medical practices and medical billing since they have every bit of information needed for identity theft.

Anyone that believes paper and mail system/common carrier is more secure than electronic methods is as naïve as anyone that thinks electronic systems are completely secure.
 

#19
Posts:
154
Joined:
13-May-2016 9:21pm
Location:
SF Bay Area
Here's what you do: Go get some alcohol or narcotics, take enough so you are calm enough to accept the fact that no data security policy will every be secure enough. As Cornerstone said wisely - all these precautions are just "best effort attempts to protect everyone".

We all need to exercise reasonable standards to safeguard client data. Check with you state law and insurance carrier to take the minimum precautions so you aren't liable for reckless endangerment of information and party to a lawsuit. Treat your clients' data as if it were your own and use good judgement. Yes, you can still get hacked, but at least you did everything you could to safeguard our clients valuable data.

ONE IMPORTANT TIP : Don't ever open up attachments from anyone you don't know- its the same as letting a burglar into your home.
 

#20
Posts:
2887
Joined:
21-May-2018 7:50am
Location:
Northern MI and Coastal SC
Gnfr_tax wrote:
ONE IMPORTANT TIP : Don't ever open up attachments from anyone you don't know- its the same as letting a burglar into your home.


Even if it is from someone you know, you still have to be careful and carefully look at the wording and attachment type. A law firm I do work for recently had a breach with their e-mail system, and the miscreants sent e-mails to everyone they could find, including me. I responded asking if they sent an attachment, received a strange response, and then called the client to confirm. It was NOT legitimate.

Another tactic I sometimes use for questionable attachments is open them on a phone or tablet that does not have anything else on it.

Look at what just occurred using SolarWinds as a gateway. Nothing is secure, and this is an expert IT company with very qualified people and partners.
 

Next

Return to Business Operations and Development



Who is online

Users browsing this forum: CaptCook and 20 guests