What is a secure portal?

Software. Marketing. Training. Running your business.
#1
Posts:
748
Joined:
15-May-2014 12:26pm
Location:
USA
I have this client who wants to send tax information to me. And he asked if I have a "secure portal" to receive the information? What does it actually mean?
 

#2
skassel  
Posts:
680
Joined:
22-Apr-2014 6:04pm
Location:
San Mateo County, CA
Had to chosen to simply Google this, you would have found it in roughly five seconds. He uploads to a secure cloud site and you go up and get it with a password.
Steve Kassel, EA
 

#3
Posts:
748
Joined:
15-May-2014 12:26pm
Location:
USA
skassel wrote:Had to chosen to simply Google this, you would have found it in roughly five seconds. He uploads to a secure cloud site and you go up and get it with a password.


Well, I have just done some research on "Box". It seems to me anyone can set up a box account, upload a file to there and share the file with a specific person (or persons). If that's the case, my client (not me) would be the one who needs to set up a box account, upload the information he wants to forward to me, and then provide me with the share link so I can access the information. But then if that is really the case, why would he ask me if I have a secure portal?
 

#4
Nilodop  
Posts:
18752
Joined:
21-Apr-2014 9:28am
Location:
Pennsylvania
 

#5
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
Nilodop wrote:http://www.journalofaccountancy.com/Issues/2010/Feb/20092359.htm

That is a four-year-old article, not sure how much still applies.

I have a few basic observations here:

    Sending confidential data via unencrypted email (body text or attachment) is not cool.

    TrueCrypt is no longer supported.

    If someone credibly threatens me to a sufficient degree, I will give up my secure data.
 

#6
Posts:
175
Joined:
23-Apr-2014 6:08pm
Location:
San Diego CA
I send all confidential data via encrypted email. With over 2500 clients it seems to me that it would be terribly expensive, to say nothing of a nightmare in logistics, to open a portal for each of the clients. Especially since you would use it at most once a year except for a small handful of clients.

Maybe I am missing something here, but what I'm reading seems to say that "one portal, one client". And best price I saw was $100 per month for 1,000 portals. So I would have to pay for and maintain 3,000 portals at a cost of $3,600 per year just to send the few who would want it a copy of their tax return? Hell, If the email doesn't work I could afford to send it certified!
Jim
Pettit Financial Services
 

#7
Nilodop  
Posts:
18752
Joined:
21-Apr-2014 9:28am
Location:
Pennsylvania
That is a four-year-old article In my life, a mere blink of an eye. Truth is, I don't really know what a secure portal is, and the cloud I'm familiar with is often a portent of rain. But I do know that 15 minutes will ...
 

#8
makbo  
Posts:
6840
Joined:
23-Apr-2014 3:44pm
Location:
In The Counting House
PETITFIN wrote: it seems to me that it would be terribly expensive, to say nothing of a nightmare in logistics, to open a portal for each of the clients. Especially since you would use it at most once a year except for a small handful of clients.

This is not my experience. I use SecureDrawer from EfileCabinet. Yes, I have to create a "drawer" (folder, directory) for each client, but it's not a big deal, part of my engagement process. There is no extra charge per client, just an overall limit on drawers and storage. If I want more, I pay for more.
 

#9
skassel  
Posts:
680
Joined:
22-Apr-2014 6:04pm
Location:
San Mateo County, CA
You might wish to look at Secure File Sharing for Accounting Professionals. One is Smart Vault.
Steve Kassel, EA
 

#10
Posts:
71
Joined:
9-Jul-2014 9:06am
Location:
Memphis
I won't use Secured Drawers, I use Safe Underpants. You'll start out with Safe Underpants 1.0, and the cost will rise every year until you get smart and go without underpants again at about 10.003. Tell clients that ask about this that you will give them the ungarnished truth about the matter which is that there is no security on the web. Tell them that such portals and other uberdevices actually attract the U.S. government and the foreign government super-snoops, and the hackers. After you've sobered them up, they'll get off your back.
 

#11
Posts:
748
Joined:
15-May-2014 12:26pm
Location:
USA
Thank you for the replies.

So is Box considered a secure portal?
 

#12
Posts:
281
Joined:
23-Apr-2014 2:03pm
Location:
Massachusetts
BestQuestion wrote:Thank you for the replies.

So is Box considered a secure portal?

Yes and no.

Compare https://www.box.com/business/enterprise-security/ with https://www.dropbox.com/security plus https://www.dropbox.com/business/why-dr ... r-business. Both companies claim to comply with various standards for security and privacy. The thing that stands out for DropBox is the third party auditing, including the availability of their SOC 2 report. It's possible that Box has something similar, but I couldn't find it (or they don't mention it on their web site).

I don't know whether SOC 2 is the appropriate standard, and I can't define due diligence for you. For personal use, I might trust a company with lower standards. But my personal opinion is that for any significant business use involving confidential customer data, due diligence means at a minimum ensuring that the provider undergoes periodic security auditing by a responsible third party.
 

#13
Posts:
728
Joined:
28-May-2014 12:04pm
Location:
Arkansas
MassTaxPro wrote:
BestQuestion wrote:Thank you for the replies.

So is Box considered a secure portal?

Yes and no.

Compare https://www.box.com/business/enterprise-security/ with https://www.dropbox.com/security plus https://www.dropbox.com/business/why-dr ... r-business. Both companies claim to comply with various standards for security and privacy. The thing that stands out for DropBox is the third party auditing, including the availability of their SOC 2 report. It's possible that Box has something similar, but I couldn't find it (or they don't mention it on their web site).

I don't know whether SOC 2 is the appropriate standard, and I can't define due diligence for you. For personal use, I might trust a company with lower standards. But my personal opinion is that for any significant business use involving confidential customer data, due diligence means at a minimum ensuring that the provider undergoes periodic security auditing by a responsible third party.



I love Dropbox, and haven't paid a dime for it.
 

#14
pluskey  
Posts:
39
Joined:
23-Apr-2014 7:17am
Location:
Maryland
I have studied this issue for several years to apply to our practice. Here is what we do: we have an upload facility ( embedded transfer box) on our website that links to a service which allows people to send us their information securely, and the same service lets us send documents to clients securely. The client doesn't need to have an account or do anything special to transfer data to us. This has been received very well by our clients. We need to sign in to retrieve the data. If we send data to clients, the client has to either enter a download password or have their own (but free) account to retrieve the information.

Watch out for services which email a notification with a file download link to retrieve information which does not require a password. You might as well just attach the information to an email because anybody who gets hold of an open download link can grab up the data.

We were using OneHub Transfers (x.onehub.com) but have recently moved to HIghtail (formerly yousendit) because it offers both the file transfer box functionality (clients can send to us from our website) and portal functionality (shared online folders). Box is a newer service, and I am studying them. They appear to offer both the file transfer from our website function and portal function, but before I commit I want to see that their business is stable. I don't want to risk a service running out of money and closing up shop in the middle of tax season. While this can happen to any business, I would like to see Box advertise profits instead of burn rate.

I shy away from Google Drive because the same password is used to access all Google services, like Gmail, YouTube, etc. And, they don't offer the embedded transfer box we like, and our clients like.

What I suggest to look for in a service:

Encryption in transmission to and from the client, encryption at rest, and a password requirement to download files (to client and from client). Services offered should include file transfer box (send to us encrypted but doesn't require the client to sign up for anything) and shared online folders (portal), both requiring a password to download files.
 

#15
skassel  
Posts:
680
Joined:
22-Apr-2014 6:04pm
Location:
San Mateo County, CA
Excellent description!
Steve Kassel, EA
 

#16
rgtax  
Posts:
42
Joined:
5-Feb-2021 7:36am
Location:
us
Can anyone share IRS pub or other IRS recourse which says "secure portal" is required?
I did google search but just find pub. 4557 which does not explicitly require secure portal.
If secure portal is required by IRS, is dropbox professional or google drive considered secure portal?
 


Return to Business Operations and Development



Who is online

Users browsing this forum: No registered users and 30 guests