APL Accountants Latest News December 2019
APL Accountants Latest News December 2019
Most Vet Practices are not using email securely
Email has been around for a very long time, and how it gets used has changed significantly. The correct practices for email use today are vastly different from what would have been appropriate 10 years ago. However, most practices have not kept up to date, and we are still very surprised to find the following problems when we communicate with our clients:
- Your team still use private addresses
This is probably the most common offence. Your team should all have their own email address set with the domain of your business. For example, if your website is at xyzvets.com then all your team should have their own @xyzvets email address.
It is still very common for us to find that practice employees are using a ‘hotmail’ or ‘gmail’ email address for work communications
Why is this so important?
Firstly, all work communications are property of the veterinary practice. Imagine a legal dispute over an email communication that was sent to a private email address. What happens if that person no longer works for you?
- Your team all use a single shared email address
Whilst this in itself is commonly done in a lot of businesses and does have some uses, it does not preclude each team member having their own email address as well. The communal email address should only be used for communications from your website and general enquiries, nothing else. If anything more was done with a communal email communication, then it would once again be impossible to establish which employee sent a communication that caused some problems.
Why else is this so important? It’s a matter of security. You may or may not have noticed that a lot of cloud software systems such as facebook, mailchimp, trello, slack etc require an email address to log in and perform password recovery or password change. Essentially anyone who has access to that email address can recover and change the password. So imagine you have 10 employees and one of them leaves. If all 10 of these employees used this single email address to do jobs like log into your mailchimp system, or posting on your facebook business page, then you would have to remember to change the password on all these systems as soon as each employee left. Not doing so would mean the exiting employee would still have access to your data and the ability to change the password and lock the remaining team out.
What’s more, if for example the access is to the facebook business page, a malicious employee could post profanities on your facebook site and there would be no way of tracing back who did it – yes, this has happened more than once.
If on the other hand each employee had their own email @xyzvets.com, then simply disabling that email address would prevent malicious access and changing passwords that could lock the rest of your team out.
You would still have to remove their access from the various sites like Facebook, however any malicious posts would clearly be tagged with the offenders name.
- Your practice still uses a generic email address:
Although most practices how have a meaningful email address that is the same as their domain name. Probably about 20-30% do not. So if you still use email@example.com, then you are long overdue a change.
To get a professional email address is very easy these days. Personally we love Google Mail’s corporate offerings which allow you to link your website domain to your email and also manage email addresses for all your team. It’s very affordable and has a host of tools that are easy to use for security, backups and managing multiple email addresses.
Our office will be closed over Christmas:
Business Advisory closed 20 December – 2 January, 8 – 14 January
Tax closed 20 December – 6 January
Bookkeeping closed 25 December – 6 January
I’m feeling pretty smart today! I overheard a conversation in the office and even me the lowly sausage can dispense some knowledge here after more than 3 years pretending to sleep in the corner but actually being super alert.
The question was – does it matter if the buying group I am part of is owned by a competitor (eg. a corporate) as the only thing they will know is what I buy from the wholesaler? My floppy ears pricked up and I thought I bet it does matter as this is what I would know about your business after 3 years hanging around this office:
- You do approximately x number of vaccinations
- You have approximately y number of active clients
- Your turnover is approximately z
- Your clients buy a lot or a little of their preventatives and food from you
Then I stopped thinking about all the things I would know about your business and instead thought hmm I would like to open a clinic in that area, or I already have a clinic in that area and this is what special offers I will advertise to attract your clients.
Then I thought, why would any business owner want to give all this potential information to their competitor?
Tired out I went for a power nap in the sun…..