Why all CPA’s must have a secure client accounting portal

January 21, 2019 | Sakshi Sharma

Should I create an accounting portal for my CPA business?

All CPA’s should have a secure client accounting portal as it is mandated that all financial information shared between clients and the CPA via email be uploaded to a secure portal.

Tax season is a very stressful time. There are many people you must manage and each of those people have a stack of documents you must sort through. You and your clients need an easy way to communicate and manage documents in a quick, simple, secure way that increases efficiency. That is what an accounting portal can provide for both parties.

The most important reason, however, to have an accounting portal is for security reasons. Most CPA’s have spent years communicating through email. Important documents have been passed back and forth between CPA and client. This has caused serious issues over the years because emails have been hacked and private information has been stolen.

Although CPA’s and accounting firms have added encrypted emails to help with this, it’s still not quite enough. A more secure way of passing documents back and forth is through a client accounting portal. The IRS has become more strict about how CPA’s should be communicating with their clients. Your CPA website should include a client portal. If you already have a website with a client portal that is old and outdated, you may want to think about updating your website.

What are the IRS rules for receiving information from clients?

1. You must have an Extended Validation SSL Certificate (EV SSL) which is something you would install into your website to give it more protection against hacking.

2. An External Vulnerability Scan is something you must do at least once a week to ensure that your website is secure and it must be done by a third party that’s completing it in accordance with PCIDSS. This scan will go through your entire system to check for any breaches. If you do have one, it must be reported right away which means the day of the incident.

3. Information privacy must be maintained as well as having safeguard policies. Certain standards must be met in order to process and store people’s personal information and documents. Having the accounting portal helps greatly with this. The only way you can run your accounting business online is to have accreditation, a license seal, and privacy seal.

4. There has been quite a bit of fraud with regards to bulk filings of client income tax returns. There has to be a high level of protection against this bulk filing fraud.

5. You must have your domain name registered with a company that is accredited by ICANN and in the United States. It should also be locked and public.

6. This was mentioned in number 2 but the last rule is to report any incident to the IRS within the same day of the incident. Do NOT wait because you could face issues with the IRS if you do.

CPA Website Features

-Newsletters -Blogs about Accounting and Tax details -Login fields that access the accounting portal with strict password requirements -Contact details -Information about the portal and about your company

Accounting Portal Features

-Complete data security -Permanently delete any and all data and files -Request, store, view, edit, e-sign, and send documents -Collect payments via various transfer and/or payment methods -App integrations with other software like QuickBooks -Collaboration tools in the cloud -Simple drag and drop options for uploading files -Convert papers into a digital document -E-signature requests -Receive notifications for tasks -Run various reports -Bulk Printing -Secure bulk distributions of returns -An easy client user interface to prepare taxes themselves -Access limitations


Both the website and the portal must have strong encryption, anti-virus, anti-spyware, firewall, backups, data security, secure wireless network, and 3rd party fraud monitoring. This is not to be taken lightly. You must ensure that you select the right companies that can meet all the IRS regulations.

This is a difficult subject because fighting cybercriminals is a team effort. Identity theft is at an all-time high so the IRS works closely with states and tax professionals to ensure information is secure. Every person within your organization including yourself should be informed about the types of security threats the company could face, teach them how to prevent it, and how to handle it if something does happen. Everyone should be able to recognize the signs of a data breach and the steps to take next.

The Consequences

What happens if your CPA website, accounting portal, and/or email gets hacked? What happens is that your client information gets stolen which puts your company at risk for various problems. Your reputation could take a nose dive which means your current clients could leave and new clients would be at an all-time low. You could also be subject to an investigation. If you didn’t follow all the rules and regulations and/or took shortcuts you will be met with serious problems.

Client Accounting Portal

If you don’t already have a portal for you and your clients, it is time to create one. You can no longer discuss or send documents back and forth through email or any other form of communication other than through the portal. However, just because you have a portal does not mean you are completely secure. Again, you have to make sure you follow every guideline and you are implementing the correct security measures. If you are not then you and your clients are not properly protected.

There are multiple ready-made accounting software and mobile apps for you to choose from. Many of them have proper security measures in place. It can make implementation a lot easier. If you are unsure about how to proceed such as which one to choose or if creating one from scratch would be better you should talk to a proper software development company like SDI.

Companies like that can not only help you determine which course of action would be best for you and your clients but they can also implement everything for you. The company you choose should know all the IRS regulations and be able to provide advice on what you should do and help you get it done. If you want to learn more about this you can contact Sakshi Sharma at 408.621.8481 or email her at sakshi@sdi.la.

  • Views1901
  • Views1901

    Recent Blogs

    Let's Discuss

    All information provided by you will be kept 100% confidential.