Banking & Finance

Is It Safe to Email Tax Documents?

Whether you’re onboarding new clients, or planning to file your own taxes, here are 4 ways to reduce the risks of sharing your PII and PIFI online.


When it’s time to start funneling tax documents to your accounting department or CPA, the preferred method of exchange is often email. A report even says that 92% of office workers review and collaborate on documents using email.

As email is a digital communications channel already regularly used by more than half the world’s population – rivaled only by text and instant messaging applications – it’s unsurprising that it remains a default channel even when users exchange sensitive data such as personally identifiable financial information (PIFI). Nevertheless, most users do not understand the potential data breach risks associated with data passed through email. 

Since 2020, global cybercrime rates have spiked by 600%. While this cybercrime wave has seen some surprising developments in attack vector sophistication, the bulk of successful cyber incidents occurs across familiar vectors. Among polled organizations, 93% report having experienced a data breach within the last 12 months. Of these, email phishing scams account for 90%

Given the known and evolving information security risks endemic in email, it’s worth taking the time to consider better security practices and alternative delivery methods for your tax documents and other pieces of PIFI/personally identifiable information (PII).

Tax Document Delivery Options

Whether you’re filing your own taxes, or filing taxes/collecting tax documents on behalf of your clients, here are four ways to mitigate the risks of sharing tax documents online:

1. Online Tax Filing Services

If you’re preparing your personal or business taxes yourself, you can place reasonable trust in online tax filing platforms such as TurboTax and H&R Block. These service providers offer standard, up-to-date information security features such as: 

  • Industry-standard transit encryption
  • Multi-layer authentication
  • Browsing encryption
  • Cloud data services with 99.999%+ SLAs
  • Regularly scheduled information security audits

2. Email Attachment Best Practices

Sometimes in a pinch, email may be the only option available to you. That doesn’t mean all email attachments are created equal. If you must send documents containing PIFI in email attachments, here are three ways to mitigate associated information security risks. 

  • Assign Password Protection to the Attachment: Most word processors contain features to password-protect documents.
  • Encrypt the Attachment: Most common email service providers such as Gmail and Outlook allow users to encrypt attachments in the options menu for new messages. 
  • Encrypt Email Contents Entirely: Using the Public Key Infrastructure (PKI) paradigm, most popular email platforms can end-to-end encrypt email messages and, by extension, their attachments.

3. Physical Delivery

While this option isn’t available to everyone, if you happen to be located in the same area as your clients, you can absolutely take advantage of the opportunity to eliminate digital document exchange risks by simply requesting delivery of the physical documents themselves. Naturally, the security perks of this approach also depend on how well you trust the information security practices of any delivery services.

4. Document Collection Platforms

If you are a business that collects tax documentation on a repeated basis you should consider offering your clients access to document collection and client portal services. These platforms eliminate intermediary email servers and can provide superior transit and storage encryption, in addition to interior information security protocols. If this option is available to you, it can provide the highest-grade document security. 

And if you are on the other side of this relationship, sending off your tax information to an accountant, know that you are able to make this recommendation to your accountant! Especially as data breaches in the financial services industry continue to make the headlines, your accountant will most likely appreciate the forward-thinking recommendation.

(And we know this firsthand, as some of our own team have referred their accountants to our secure document collection system!)

Assessing Security in Digital Document Exchange Channels

If you’re in the market for a document collection service, making the right choice depends on understanding the features and criteria that distinguish secure services from risky ones. Two features stand out in this area.

1. Service Organization Controls (SOC)

In the proliferation of software-as-a-service (SaaS) platforms, buyers shoulder the burden of assessing vendors’ claims regarding their internal security standards. To combat this market confusion, the American Institute of CPAs (AICPA) has developed a set of voluntary infosec compliance standards that businesses can elect to maintain to verify their trustworthiness to potential clients. These service organization controls (SOCs) come in different tiers of security rigidity. 

For banks and financial institutions, SOC 2 Type 2 compliance has become the industry gold standard for demonstrating an organization’s commitment to IT best practices and privacy controls. When auditing businesses for SOC 2 Type 2 compliance, auditing organizations apply five trust services criteria.

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

2. Encryption

Encryption complexity comes in tiers. Presently, 256-bit end-to-end encryption occupies the bank-grade standard. Recent studies estimate that brute forcing 256-bit end-to-end encryption with high computational capacity would fall in the range of 2.29x1032 years. Services that employ this level of encryption can safely be considered secure. 

Secure Document Collection with FileInvite

FileInvite is a secure document collection and client portal platform that offers users SOC 2 Type 2 compliance and bank-grade, 256-bit end-to-end encryption for all files, data and documents in transit and at rest. In order to safely request and receive tax documents, FileInvite effectively mitigates information security risks as well as improving the user experience for both CPA and client.

To learn more and request a demo, visit FileInvite today.

New call-to-action

Related Posts:

Similar posts

Gather all the documents, signatures, and data you require up to 80% faster.

Eliminate the monotony of back-and-forth emails and inefficient systems when gathering client information. Get hours back each week as FileInvite handles the most time-consuming work for you.

Get started in as little as 5 minutes.

Stay in-the-loop. Subscribe here to receive the latest from FileInvite.