I had a security concern related to TaxFolder. It seems that documents uploaded to TaxFolder are stored on AWS but anyone who has the link to the document can view those documents without authentication (this can be tested by clicking on a document, copying the link and then opening the link in a private browser window). We wanted to share this in case you haven’t been aware, and perhaps there’s a setting that can be changed to increase the security level in this regard such that authentication is required to access documents?
My question - is this correct? And is there something I should be doing to fix this issue?
I have only been able to duplicate that behaviour if I have not signed out of TaxFolder. Once I log off or sign out of TaxFolder I get the “Forbidden Acces” message, even when using a private browser (tried on both Firefox and Edge).
Another point of interest is that under the security rules, the encrypted data MUST be kept
IN CANADA in the process of sending, receiving and soring for “esignatures”. Any business
using Microsoft cloud in the process of saving, has a problem. The cloud is NOT in Canada.
