The Ambitious Bookkeeper Podcast

59 ⎸ How to Keep Your Client Data Secure

July 27, 2022 Serena Shoup, CPA Episode 59
The Ambitious Bookkeeper Podcast
59 ⎸ How to Keep Your Client Data Secure
Show Notes Transcript

Having a virtual bookkeeping business means you need a secure way to store and share documents with your clients and your team. In this Solo podcast I’m going to go over how to use G Suite in your bookkeeping business and best practices for file structures and naming conventions.

Listen to Episode 23 with on what kind of Insurance Bookkeepers Need >>

In this episode you’ll hear:

Thanks for listening. If this episode inspired you in some way, take a screenshot of you listening on your device and post it to your Instagram Stories and tag me, @ambitiousbookkeeper

For more information about the Ambitious Bookkeeper Podcast or interest in our programs or mentoring visit our resources below:

Visit our website: ambitiousbookkeeper.com

Follow the Blog: ambitiousbookkeeper.com/blog

Connect on Instagram: instagram.com/ambitiousbookkeeper

Connect on LinkedIn: Linkedin.com/in/SerenaShoup

Connect of Facebook: Facebook.com/serenashoupcpa

Thank you for your support of our show. If you haven’t left a review yet it’s super simple. Please go to: https://www.ambitiousbookkeeper.com/podcast and leave your review.

Podcast Publishing Tools

This episode is sponsored by: LiveFlow
Receive 20% off your first 3 months by using code AMBITION at checkout:
http://www.liveflow.io/partnerships/ambition

[00:00:00] Having a virtual bookkeeping business means you need a secure way to store and share documents with your clients and your team. And in this podcast, I'm going to go over how to use G suite in your bookkeeping business and some best practices for file structures and naming conventions and all sorts of fun tips. So if you're ready to take control of the files of the digital files in your bookkeeping business, or you're just starting out, and this is all kind of new to you. Keep on listening

[00:01:00] First off, I want to step back and talk about what's important to look for in a cloud file storage system, whether you decide to use G suite, Google drive, whatever you want to call it. Or something else like Dropbox or Share Point, or I don't know any of the multiple options that are out there. And why you need one. 

[00:01:22] No matter what system you go with, it's important to do your due diligence. This goes for every software app you use in your business, really. But even though I've done this for my own firm, you should still take it upon yourself to educate yourself and make the decision for yourself and your firm. It's also worth mentioning having a cyber insurance policy is a must. So please go back and listen to episode 23, titled: what kind of insurance do bookkeepers need? It's an interview I did with Jock Walls, who is a business insurance broker who specializes in our industry and some other service industries. So definitely go back and listen to that. It is linked in the show notes. Insurance is non-negotiable like, you have to have it. And this day and age, you should probably have a cyber insurance. 

[00:02:14] However you also want to take things upon yourself and be more secure in the way that you do things and don't rely on just the insurance to save your booty. So don't email sensitive stuff back and forth. Email just is not secure enough. Educate yourself, your clients and your team on what is okay to email versus what is not. I still have clients that try to email me a lot of stuff, and it's an ongoing education opportunity. 

[00:02:44] So, how do you know if your file storage system is secure? There are two reports that any third party software provider you work with should be able to provide you. SOC1 that's S O C number one and a SOC2 S O C two. A SOC, or a system and organization control report is a report that certain aspects of an organization have undergone audits for security and controls. So, if you came from an audit background, this is not new to you, but if you are a newer bookkeeper or maybe you've never been exposed to working in a public company, this might be completely foreign to you. So I felt it was important to talk about. Not a very riveting episode. I know, but stay tuned. I'm going to try and keep it short. 

[00:03:30] Each of these reports covers slightly different aspects of the organization, but due to the nature of information we work with as accountants, I would honestly require both reports, and here's why. A SOC1 audit is focused on internal controls related to financial reporting. So if you store data in your file storage system that flows through to your accounting system or affects financial reporting in any way, the SOC1 is important. Think anything like spreadsheets that contain information used for revenue calculations or depreciation calculations? Especially important. If you're working with public companies.

[00:04:09] And a SOC2 audit is focused on information and IT security. So this is where the data sharing and secure transfer of files comes into play. What steps has the third party software organization take to make sure that my client's data is secure is the question that you need to be asking. Think about all of the sensitive information that you have on clients and their vendors, like social security numbers, W2's et cetera. For a really good explanation on the differences of these two reports. I'm going to link an article in the show notes. So you can dive deeper and nerd out even more. 

[00:04:45] But if you're still with me, let's move on to the file storage of choice for our firm, which is now called Google workspace, but I'm going to cover pretty much the whole Google suite because we use a good portion of the features of G suite. And it goes without saying, but G suite obviously checks the box on the SOC1 and SOC2 reports, and you can request them by contacting their support. If you are interested in seeing that if you're an existing customer. Or you can contact their sales department if you are not already a customer. 

[00:05:20] Okay, so G suite for bookkeepers. G suite is pretty robust. And even though I'm not using it to its full potential, there are a lot more features than what I am going to cover here. But these are the tools that we use in our firm and we love, and it's an all in one solution. Also side note, we are all on Mac computers. So we don't use most of the Microsoft stuff. Although I do have Excel still installed, and I do prefer Excel for more robust spreadsheet calculations. But for what we need it for our clients. We just don't need the whole Microsoft suite. And that's just a choice that we've made. So G suite is really super compatible for the way that we do business on the cloud. So the first thing that we use the G suite for is an email domain. So even if you don't yet have a website set up, as long as you know, what you want, your domain name to be, and maybe you've even purchased it, you can start using an email address with that domain name. So you can be your name at Susan's bookkeeping.com. Right. For an example. The growth of your business really has a lot to do with how you present it and how you position yourself. So if you have a professional email address, customized with your domain name, it makes you look more credible. 

[00:06:43] I cannot tell you, and I'm sorry if I'm calling you out or you feel called out, but I cannot tell you how many times I work with what I think is going to be a reputable business, whether local or online, and I go to the bottom of the email or. The bottom of their website to contact them, or somehow we'll try to contact them. And I see it's like susan's bookkeeping@gmail.com or something. If we're going to keep that Susan's bookkeeping example. So if you're a Susan bookkeeping out there, I'm sorry, I'm using you as an example. I don't even know anyone with that, it was just, it. A name that popped into my head. But what I'm getting at is if you want to set yourself apart and you are trying to succeed and you have envisioned succeeding in this business, purchasing a domain name and paying the $6 a month for basic G suite to be able to have a legit email @ your name.com. Then that's just going to help you achieve what you want and get you there faster. In my opinion. So. That's one thing that you must budget for. Straight from the beginning, like just be professional. Do the domain name. 

[00:07:54] Because if you here's the flip side of this and I'm getting on a tangent going off on a tangent right here, but the flip side is it's like, if you're afraid to spend $6 a month or say $25 a month to hold. Website domain and your email, your G suite and a couple other things, maybe, maybe that's all you have to do at $25 when you're first setting up. If you're afraid to spend $25 to look like a legit business, you're kind of shooting yourself in the foot. So just consider it an investment. And if you want people to trust you, this is a great way to, to start. 

[00:08:32] Okay. Let's move on. The other thing that we use G suite for is a productivity suite. So this includes Google docs, Google sheets. Slides and some other fancy things, but those are the, the main tools that we use. So Google sheets and Google docs we use heavily in in our business. Google sheets are basically an Excel spreadsheet, but it's on the cloud and you can share it. This is how we actually send our monthly suspense report to our clients. So we call it suspense. If you're in QuickBooks online, the typical account is ask my accountant. I've heard some bookkeepers call it the ask report. So basically a list of transactions that you need more information from the client on. We pop these into. The same Google sheet every month, we just do a new tab and we send it off to our clients to update, and we don't have to worry about different versions floating around, saving it, making a copy, all that good stuff. It's the same link every time they know where to find it, we send it to them every month, but it's just easy. 

[00:09:36] Okay. Surveys and websites. So you can also get access to a form builder and a website builder. In case you don't have a website up yet, you can do this in. G suite. And I could see the potential of creating a simple website and an intake form on here for new clients until you get something else up. We use the forms for gathering information from our students, like during our cohorts of the bookkeeping business accelerator. Used to be called Google drive. Now it's called Google workspace, but the basic plan comes with a lot of storage. We do hot seat calls and I asked the students to submit a hot seat request before each call, if they want to get vulnerable and ask their question in front of the group and have me coach them. 

[00:10:21] Okay. And then the other one, which mainly is what this podcast was supposed to be about was a file storage. The business plan gives you unlimited storage, you can share folders with others in your organization and your clients, and I'm going to get into exactly how we use this in just a moment. 

[00:10:39] Initially we, we were on like the basic plan of Google drive So it's made things a lot easier that does come with a price, but like I said, we ran it on the basic, basic, basic version for like five years and it was fine. 

[00:10:55] Okay. And then you can use it for each meeting. So like web meetings. that we were grandfathered in on, and we just recently upgraded to business workspace where we have like special shared folders and can provision access among the team based on the shared folders, video conferences, and you can get around having to pay extra for Zoom if you do everything in your Google meets. 

[00:11:18] Like I said, this is not an exhaustive list of what G suite provides. For more information on everything that it includes and pricing, I have dropped my affiliate link into the show notes. And just as a side note, little asterisk here, I only affiliate products that I use and I love. And using an affiliate link from a creator that you follow like me, because you're listening to this, is a really great way to show your appreciation for us. So maybe you're not ready yet, but when you are ready to enroll into something like G suite or other softwares or programs that I talk about, by all means shoot me a message. Ask me if I have a link. There's some things that I don't have links for. And I will just say, I don't have a link, but thank you for asking. So when you get to this point, just shoot me a message, come back to these show notes and my affiliate link will be here. 

[00:12:13] 

[00:12:13] 

[00:14:20] All right, moving on Google workspace for bookkeepers. So I want you to be able to structure your files, whether you use Google drive or not, this applies and follow best practices in your bookkeeping business. So number one, my number one tip is when you're working on the cloud, sometimes it's better to download the app, the desktop app to your computer for some things, because the functionality is different, better, whatever. There is a desktop app of Google drive that will make it easier to upload files from your computer, download files, save things. It pops in just right to your, if you're on Mac it's Finder, you can connect it to your Finder in windows. It's the... file... I don't even remember now I've only been on a Mac for like a year and I don't remember what it's called, but I'm sure someone will let me know. The little file thing where you find your files. Okay. So I would highly recommend doing that to get the most out of being able to do this, instead of accessing it from a web browser. 

[00:15:26] Number two, I would stick to a file structure. So within my Google drive, I have the structure set up of whether, if you're just working on the basic version where all you have is quote, unquote, mind drive, which is like a personal drive, or you're in a shared drive. Like I said, we recently upgraded to the Google workspace business edition. But before that the main folder was called my drive and then I had a sub folder called clients, and then sub folders within that folder for each client name. The way that I lie, I'm going to get pretty granular here. So, if you want to read this, if you're more of like a visual person and need to see this laid out, you can actually head over to ambitiousbookkeeper.com/blog/gsuite and read basically this podcast, but I kind of outlined my whole file structure on that blog. So in the client sub folders, I have a sub folder for each client. I use the legal business name and the DBA, if they have one, so that no matter what you search or what, you know, the client as it will come up. The search function and Google drive is amazing. So. That's how we do that. And we also use the client initials before each of the folders. And we do that across all of our systems. We use the same initials to. Identify the client stuff. So we do that in our Asana projects and the Google folders, all over the place. 

[00:16:47] Okay. And then in each client file. You have multiple sub folders again. You have a permanent file. So in this folder, You will keep the incorporation documents, LLC filings, EIN letters from the IRS, maybe state tax ID letters, anything that you are going to need throughout the engagement with the client that pretty much never changes. You want to keep that in a separate permanent file. And this is just a naming that I picked up. When I worked at a CPA firm, we always had a permanent file on all of our clients. So that's separate from anything that's like just happening regular course of business. It's all there. You know, initial establishing documents. And if you need to know what you should be requesting, I do have a freebie for download. It's my onboarding email templates. And in those templates, I give a checklist to send to your clients for documents that you'll need. I will also link that in the show notes. 

[00:17:43] Okay. The second folder that you need in each client file. Is going to be your client shared folder. So this is a folder that you're going to share with your client. So this will be shared externally, but only with your clients. So you can just add their email address to grant them access to it. I like to create another folder with a short version of the client's name. So this client shared a folder is going to be ClientName_shared at the end. And like I said, this is the folder I actually share with the client for them to drop files in if they need to and where I store the shared financial reports and other sensitive documents with them instead of emailing. So, this is also where we keep that monthly ask report and the financials, and if we have meeting recordings, they go in there, and we might have more sub folders in the shared folder, depending on how much we're sharing with the client. However you do not share all of your work papers with the client. So your work papers are your internal documents that you use to complete month end, or to complete the work. Unless you and the client have worked out an agreement where they get copies of everything that you do, I wouldn't suggest doing that. 

[00:18:51] So the only stuff that goes in the shared folder is stuff they're sending to you and stuff that you need to send to them that's sensitive, like their financial statements or anything like that. 10 90 nines at year. End all that good stuff. Then in the regular client folder. So far, we have the permanent file, the client shared file that goes with them, and then you start having more folders, depending on the level of work you're doing with the client. So I always have a client for every year, and then within that folder, there's each month for all the work papers associated with that period end. So my preferred naming convention on dated folders is the full year. So four digits of the year. So if we're in 2022, It would be 2022- the month number. So. What are we in July? So this month's folder would be 2022-07. And I keep a file for each year and month of accounting, we do for the client. And when a full year is completed, I create the years folder and move it all over. So there's less clicks as you're working throughout the year. You just keep all of the monthly folders out there, loose kind of. And then at the end of the year, we archive them into a year a folder called just 2022. And we just do the same thing every month and every year. So anything you use to work on your clients' backup documentation, bank reconciliation reports, amortization schedules, all of that goes in here. Those are your work papers and those you are not required to give to the client. 

[00:20:23] Okay, your next folder. We've talked about permanent file, your client shared file, monthly accounting files, the month-end files, and now anything else that you might work on with the client. So for us, we do sales tax with our clients. So we have a sales tax folder. So instead of burying all the sales tax within each monthly folder, I like to have those in a separate folder so that I can just pull up the whole sales tax folder and see exactly, you know, everything that we filed. For me, it's easier to see visually. 

[00:20:53] We also do the same thing with bank statements. I like to see the bank statements all in a separate folder. What else do we do that way? Oh, payroll is one of them. We do that as a separate folder as well. If you're doing added services to the engagement, you'll likely want to have a separate folder for that. So some other examples are Planning. So if you're providing any type of tax planning, goal setting or budgeting services for your client, those would get their own folder. And anything, like I said, that doesn't fall into those categories usually gets left out loose in the client folder until we have a group of things that deserve its own folder. So that's pretty much it on the folders. 

[00:21:29] Now let's recap. The the folders. So you have your main clients and then you have a folder for each client and within each client folder, you'll have a permanent file, a share file, and then your monthly accounting folders at minimum. And then depending on the services, you might have multiple other types of folders like sales tax, or payroll, bill pay things like that. 

[00:21:52] All right. Number three. On my tips for getting the most out of your digital file storage stick to a file naming convention. So like I talked about, I'm pretty much a stickler on how I date and name my files. However you decide to name files, just stay consistent. I will admit I'm not always the best at this, but in general, I do use the following conventions. So year- month and then company initials. So the initials that we use for the, the client name. So using our example from before Susan's bookkeeping, if that was two different words, I would say the company initials or the client initials would be SB. And then whatever the type of file it is, we name it. And then Sometimes we might have an underscore at the end and the date that the file was actually created. So this is important when you're trying to control versions. So you could do like V1 V2, or you could actually have the date of when you've created that file. So for example, and this is way easier if you go and just read the blog, but it would be 2022-07_ SB Financial Statements and then another underscore for the date that it was created. So the date you actually ran the report. So if you're doing July month end, you're probably actually running the reports in August. So it would be dated August at the very end. Like I said, I only use the date at the end of files where version control is important or for contracts. I usually date those for the date the contract is actually signed. 

[00:23:26] All right. Number four. To get the most out of your pretty much any software you use, enable two factor authentication. This goes for all apps, not just G suite. Remember that we are entrusted with sensitive data and information safe guard that 

[00:23:40] 

[00:23:40] All right. So in summary, no matter which file storage system. Or other software you use, remember these key points, select a secure file sharing system to share sensitive data with your clients. Do not email this stuff. Number two, the company should be able to provide you with a SOC1 and a SOC2 audit report. Do your due diligence in your software provider selections. And number three, invest in cyber liability insurance for your business. Go back to episode 23. Number four, safeguard your client's data and information as if it were your own or better. 

[00:24:21] All right, that's it for this week's episode, if you found this helpful. Entertaining or informational. I know today was not that entertaining. I was just trying to sprinkle in some fun there. Please take a screenshot, share your ahas or your takeaways, tag me at ambitious bookkeeper on Instagram, and I would love it honestly. If you left me a review on the podcast, probably even more than if you used an affiliate link of mine, to be honest. I just want to make sure that more amazing ambitious bookkeepers, just like you are finding this podcast. So share it with a friend you know in the industry. Or better yet, write a review and share it with a friend and I will be forever grateful. Thank you so much for listening and we'll talk to you next week. 

Podcasts we love