Email just isn’t safe and, when your business depends on it, you need to consider other ways of communicating. Emails can end up in the wrong hands – by human error or more sinister means. We’ve all sent emails by mistake (‘Sorry, that wasn’t meant for you’) and we also know of companies who have had their systems hacked. Both of these scenarios are commonplace. They also smack of incompetence and unprofessionalism – both bad news for any professional firm. So what’s the alternative? We believe it’s all about building layers of security, making it harder to access or make mistakes. docSAFE allows you to send an encrypted message to a secure portal. The recipient is notified and then visits the portal to collect it. The email, its contents and any attachments STAY IN THE SECURE PORTAL. You can also see who reads it (or not). It’s really inexpensive, simple and it works – please ask us for more details or a free trial.
We traditionally provide docSAFE to the professions who demand top security and client confidentiality (among other things). However we are seeing docSAFE rise in popularity with other sectors, almost by accident but with very good reason. You may have seen a mailer we sent out recently that illustrated how the NHS had suffered a huge breach of data of its junior doctors in the north-east. We researched this and found that the NHS staff use of WhatsApp is also widespread which is really worrying. Organisations that hold any personal data, especially publicly accountable organisations, should be using systems to communicate that are extremely secure. docSAFE has been designed to be secure on a number of key levels – secure login (using 2-factor authentication), secure portal in which to exchange messages and documents, online signing, to be GDPR compliant, offer automatic backups to secure EU based servers and much more. By using a portal instead of email, for example, the message sit in the cloud until the recipient accesses it. By return, the responses sit in the cloud until the sender accesses it. Both are notified and know the information is there – but it’s locked away safely, staying put, not flying through the ether. We are expecting more uptake of docSAFE by schools, colleges, universities, doctors and hospitals and similar organisations where security simply cannot be the weak link. Talk to us if you think we can help with your secure communications.
Making Tax Digital (MTD) presents a significant change for British tax payers and is a massive undertaking for HMRC who has ambitious plans for its tax administration. Quite simply, if you are a business that is VAT registered, under the new MTD scheme, your annual return will become a thing of the past. The new system is intended to help everyone keep on top of their tax affairs more effectively by bringing together all of an individual’s or organisation’s tax affairs and monitoring all the information on a monthly basis. “HMRC’s ambition is to become one of the most digitally advanced tax administrations in the world, modernising the tax system to make it more effective, more efficient and easier for customers to comply.” (HMRC) It would seem that one of HMRC’s key motivators is the many billions of pounds it loses through incorrect returns. “In 2014 to 2015 over £3.5 billion of revenue was lost due to these mistakes in VAT returns alone” (source: gov.uk). The key points to note: Every business and individual will have their own digital tax account, enabling them to see payments in and out, as well as their ‘balance’ – just like online banking It comes into effect April 2019 Businesses under the VAT threshold (currently £85,000) can choose to opt in or out of the new system, as preferred It is expected that all businesses will have to use MTD by April 2020 Information that can HMRC can obtain from employers, banks and government departments won’t be required to be provided The new system should create ‘tax in real time’ showing what is owing as close to real time as possible Better communications are proposed, allowing secure messaging “ICAEW welcomed the announcements. The institute’s position on MTD has been supportive of the move to digital in principle, but that MTD should not be mandatory or impose unreasonable admin burdens, and its introduction should allow enough time to ensure the system works. Removing mandation for the smallest businesses is a welcome step forward and one less regulatory burden for SMEs to worry about.” (ICAEW) This is a useful overview, provided by ICAEW: https://www.icaew.com/technical/tax/making-tax-digital
It really doesn’t matter how good your systems are if they are open to all. By having a portal that is as secure as it is possible to be, you are safeguarding your data, your clients’ data and your reputation. No one likes to work with a business that is flaky or relaxed about the security of their business, and this is especially true of the professions. We build in layers and layers of security which we believe is the safest approach. It would be a very confident organisation that claims they are impenetrable as hackers are increasingly sophisticated. However you should be working with a business that is ahead of the game, adding new elements of security and constantly active in developing its security. You might be forgiven for thinking that hackers aren’t interested in Joe Bloggs high street firm – but they are, for many reasons. They can add hidden links in the content of your website, diverting visitors away to another place. They can access data, information and your most sensitive files. This, as well as being highly alarming, also means your systems are non-compliant and the new GDPR data protection rules could mean your business faces huge fines if caught in breach. We could go on and on (and yes we have little bit) but we can’t stress enough how important security is. We can help if you think you could (or should) improve.
Yes we do go on about this quite a lot but with good reason! If you can offer an online signing facility, you speed things up no end, avoid unnecessary meeting time (save that valuable time for things that matter), no waiting on the post and you look incredibly cutting edge (and ahead of the game) at the same time. For us, online signing is safe, secure and complete no-brainer.
For any professional managing information on behalf of clients, email is dead. It is not secure and highly susceptible to human error. How many times have you sent information to or received information from the wrong source? I am regularly wrongly emailed client documents by a highly intelligent, trusted professional simply because I have a very similar name to his client. It is completely understandable but it could have any number of repercussions. A client portal is a cloud-based safe. The documents go in (added by you or your client), the recipient is notified and they are then retrieved. It is also subject to several layers of top-level security. For the sake of your practice, your reputation and your clients’ trust, switch from email to a secure client portal before it is too late. We can help, advise and support a quick transition to a much safer and more professional way to communicate.
We’ve all been there – passing round a document for feedback via several people. We lose track of the most up to date version and then someone comments late on an early iteration. It makes for confusing and long-winded communications at the very least. At worst, it can lead to much bigger problems if the wrong versions are acted on or published externally. With docSAFE, everyone accesses the same document. It is held in the central hub where one version exists. All participants visit the file in question and feedback in the same place. No more missed comments or version muddles. If only all of life could be made simpler so easily!
So why should you consider cloud working? We’ve written extensively on this but we’re going to keep it simple and give you five good reasons over the next few blogs on why you should be working in the cloud. The first reason is the foundation of all cloud working functionality. You can get to your files anytime, anywhere – that’s 24/7 from anywhere with internet access. No more ‘I’ve left it in the office’ or ‘I can’t get that to you until tomorrow, sorry’. You can access all the files you need to, all the time. What’s more, you can even give secure access to your clients so they can get to their own files – how much time and admin would that save? That’s it, told you we’d keep it simple.
We have been busy this month with online webinars that have been well-attended. Due to their popularity (and we attribute this to their brevity!), we have recorded them for any late-comers who wish to know more about developments in online portal functionality. Both webinars are less than 5 minutes and tell you more (with a live demo) about: How you electronically sign a document (and why you would want to offer this) 2-factor authentication (and why you should care) Both offer huge efficiencies to your organisation – find out more by listening. We also welcome any questions you may have by emailing firstname.lastname@example.org or calling on 0121 794 0685.
Infographic GDPR What is the GDPR? Firstly, the GDPR affects every business that holds personal information on anyone, be they employees, customers or suppliers. It is a rare business that does not hold a list of personal data of some kind, on or offline. The General Data Protection Regulation (GDPR) is a legal directive from the European Union for the protection of such personal data. It seeks to address the inconsistent data protection laws currently existing throughout the EU’s member states. Despite Brexit, the UK is still bound by this new law, not only because the UK has chosen to (because it makes sense) but trading with countries who operate under GDPR will be compromised if we don’t uphold the same standards. What’s the big deal? Failure to comply with GDPR could mean you risk being fined up to 4% of your company’s global annual turnover. Not only could your business suffer financially but you could also damage your reputation and credibility – who wants to do business with an organisation that doesn’t prioritise its clients’ security? So begins the 12 month countdown… What should you be doing? You must:
- Keep a record of data operations and activities and consider if you have the required data processing agreements in place
- Carry out privacy impact assessments (PIAs) on products and systems
- If applicable to your organisation, designate a data protection officer
- Review processes for the collection of personal data – do you ask permission? Many CRM systems encourage a dual confirmation (hence why you are asked to click a link via an email after registering with an organisation)
- Be aware of your duty to notify the relevant supervisory authority of a data breach
- Implement ‘privacy by design’ and ‘privacy by default’ in the design of new products and assess whether existing products meet GDPR standards
- A really powerful solution that we recommend is to use a secure client portal and NEVER use email to distribute information of any kind. A secure portal like docSAFE means data doesn’t leave the portal but can be accessed by authorised people only
- Educate your staff – and explain the implications
- Set up internal systems for reporting a data breach
- Make sure you extend your GDPR preparation to include any third parties who may have access to your data
- Ensure you extend the policies to cover everything your store both offline and online