Email has always been an albatross of sorts for firms. Most firms use it as their primary source of communication and are under the belief that they are “secure” if they use encryption. Add in the fact that is actually illegal to have personally identifiable information (PII) on your machine and it all equals one thing: you’re doing email wrong.
Email was never meant to be this nebulous, communications and file sharing zone. Nor was it intended to be a source of truth for document exchange and storage. And now, with new data security laws there are some pretty strict controls on how you can actually use email.
Sure, firms have increasingly used portals for security purposes and a means to be a clearinghouse for all digital document exchange and even client communications. But we all know getting clients to use your portal, with consistency, is rarely the case and can even seem like herding cats at times.
So, what can you do to both stay compliant as well as feel like you have some control over data security when it comes to the exchange of documents and essential information? Out of the gate the response is likely “we encrypt all of our email.” As mentioned above, it’s not a bad idea, but encryption only works one way so unless your client is also sending you an encrypted email it may not have the desired effect.
Some firms have also taken to blocking all attachments, which can be fairly easily done in your email program. The sender receives a simple notice informing them that you are not accepting attachments and you can then have a link to a client portal in the alert. But then, another issue arises…
The very nature of messaging these days comes in a variety of forms, from email to SMS. How do you even keep tabs on who sent what, from where, and keep it in some kind of chronological order? There are numerous situations where a staffer may be in a line of communication with a client, but then they’re out or they are often dropped off of an email string at a crucial point. It’s on a deadline or a problem will arise and you need that communication string to keep track of where a key document or instructions may be.
My point here is that relying so much on email communications and even SMS from clients or between staff can get messy, even outside of the compliance issues. For those that use Liscio as their portal, there may be a way around the mess.
Liscio was designed to disrupt email, but firms still want all or nothing which, as we said, doesn’t really exist. Small firms may be able to keep better controls, but as they grow or as you move of the chain in firm size, it gets increasingly more challenging.
What Liscio has started doing through it’s Timelines feature(in beta as of this writing), users can embed Gmail or Outlook inside Liscio. It then auto-associates client email with a specific client on the account and places a time and date stamp on it, so you can chronologically follow the communication exchange. In short, if a manager wants to go into an email string and see what the communication was, but without trolling through or having to ask the client, they can do so with permissions. In Liscio, the partner or manager can go into Liscio, pull up a client, and see everything that was sent to staff from that client. Effectively, you have a single source of truth.
What’s more is that because a staffer had that email hooked up with Liscio, via permissions, it is secure and doesn’t have to be in the inbox. The original email can then be deleted and responses can be via Liscio, hence preventing PII from being in your inbox or email folder.
Here’s a snapshot of what I’m taking about:
The interaction here is not all that dissimilar to sharing and commenting on a document in Google Drive. The recipient doesn’t have to worry about the security because it’s already in a secure environment. You also no longer have to worry about someone dropping off of a communication because they were put in BCC or about moving things between platforms (email and SMS).
Is this going to stop clients from attaching and sending things to you? No. But it can be a gradual thing. Like anything new, it can take time and ultimately you can “train” clients, and staff, do share communications and documents in such a way that keeps you compliant and the data secure as it can be within your controlled environment.
Sounds like a much better situation to me.