Jump to content

Client Docs and Security with EN / Encryption


Recommended Posts

I am a CPA and have been working toward going paperless for many years (scanning).  I now have everything scanned and continue to scan new items daily to keep the paper down.  


 


Secondly I have been a user of Evernote for several years and I love it.  But I have not become comfromtable enough with the idea of storing client information in my EN account.  Which is a huge limitation for me as I believe it could be my Shangri-La.  


 


The idea of being able to walk to the front of the office, pick up something from a client dropping it by, turning around heading back to my office and drop it on the scanner sending it directly to EN then dropping it in the shred box and being able to tag it for @next or whatever it might be, would be life altering.


 


BUT, much of this information is only for my eyes and if I began putting all of my client files in a system like this, it might not end up so well if information is compromised.  It is my understanding that we can encrypt certain spots within a doc, but I would never have time to do all of that, so I haven't because of what appears to be a limitation in the encryption of the data.


 


I have read on here that many people store their own tax returns in EN.  But it's different when you have a responsibility to others and so I have stayed away.


 


So my question is is there anyone who has already been down this road with EN and if so what did you find or decide? And am I incorrect about my understanding of the security offered with EN?


 


Thanks for any help you can provide.


Link to comment
  • Level 5*

I am a CPA and have been working toward going paperless for many years (scanning).  I now have everything scanned and continue to scan new items daily to keep the paper down.  

 

BUT, much of this information is only for my eyes and if I began putting all of my client files in a system like this, it might not end up so well if information is compromised.  It is my understanding that we can encrypt certain spots within a doc, but I would never have time to do all of that, so I haven't because of what appears to be a limitation in the encryption of the data.

 

So my question is is there anyone who has already been down this road with EN and if so what did you find or decide? And am I incorrect about my understanding of the security offered with EN?

 

I would not recommend Evernote for your use case, since I consider Evernote a minimum, or at best, a medium, secure cloud storage.

Evernote does NOT provide for encryption of Notes or Note attachments.

The best security, best encryption available today uses "Zero Knowledge Keys".  Evernote does NOT use this.

 

See this LifeHacker article that provides a review:

The Best Cloud Storage Services that Protect Your Privacy

.

The two services that stand out to me are:

  1. Wuala
  2. Spider Oak

For more info on Evernote security, see:

 

Link to comment
  • Level 5

I agree with JMichael.

A CPA putting their client information into Evernote is not a good idea.

 

Here is a quote made by Phil Libin in 2012 - the CEO of Evernote:
"I think companies that are not comfortable using the cloud aren't going to be Evernote customers," Libin said. While he estimated that may eliminate 50 percent of potential corporate business, he expects that more companies are going to get comfortable using cloud products in the future. Libin isn't expecting to sell to financial institutions since, he said, that is the industry least likely to purchase cloud products at the moment.
 
Here is a link to the article in ComputerWorld.
Link to comment

Thanks folks.  Unfortunately that affirms my thoughts (understanding of) on evernote usefulness in my application.  I was just hoping real hard that my knowledge was dated and/or maybe I just wasn't clear on exactly how safe and secure EN actually is and as such I would be able to do all of the GTD EN combo'd into TSW.  So I wanted to reach out for some good scoop.

Link to comment
  • Level 5*

Thanks folks.  Unfortunately that affirms my thoughts (understanding of) on evernote usefulness in my application.  I was just hoping real hard that my knowledge was dated and/or maybe I just wasn't clear on exactly how safe and secure EN actually is and as such I would be able to do all of the GTD EN combo'd into TSW.  So I wanted to reach out for some good scoop.

 

If you are using Evernote, then you have three options: local notebooks, encrypt files before uploading, or use a new service called SafeRoom that will encrypt content on a note-by-note basis. 

https://discussion.evernote.com/topic/81336-saferoom-zero-knowledge-encryption-for-evernote-and-more/

 

It seems that many people who handle other people's data are careless with it (I'm looking at you US OPM) and I am glad to see that you are thinking seriously about the security of your clients' data. As an enthusiastic Evernote user in the past, I had to transition away from it as I began handling more and more data that was not my own.

http://www.christopher-mayo.com/?p=288 

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...