E-mail systems have minimal security. This is because:
One of the latest scams is to hack into a business e-mail account, then use the e-mail system off site. (You, the owner has no way of knowing this is happening once the offender has the password). The hacker sends e-mails from your account to your customers advising of changes to your bank accounts deposit information. Once the e-mail has been sent, the traces of the sent e-mail and all responses to the request are removed. You are none the wiser! At the customer end, they receive an e-mail with the correct e-mail address on it, therefore they believe it is legitimate, and they will simply change the bank accounts. Gone is your money. Because the hacker has access to delete and/or respond to confirmations, it could take quite a while for you to know this has happened to you. Will the customer want to pay you a second time? If they do, they will likely discontinue doing business with you. Meanwhile, all your revenue has been deposited in the scammer's account, and you have lost your money, and possibly your customers.
The portal is a secure platform in which stores documents in the cloud. The files in the cloud are encrypted, so if a hacker manages to gain access to the files (without the passwords), the only information they can see is a jumbled mess of characters. Without the encryption key, there is no chance that they can view the contents of the file.
2SA is available as an optional feature, requires two steps of security validations, and therefore provides even more file security for your customers. The user needs to know (1) the password and (2) the authority code. Only the user who has setup the "Authenticator" has access to the authority code, and the code itself is only valid for 30 seconds. (The authority code is unique by the user.) The Australian Taxation Office currently requires this level of security for accessing online or cloud based accounting packages.
I expect soon this will soon include distribution of any financial data. Will you be ready?
You can install authenticator programs on your phone. (and other devices) Once implemented, the following occurs:
With the 2SA security, you need to correctly enter your user id and password, and also correctly enter the authenticator code. This code is unique to the user, and cannot be generated on more than one device. This way your files are secured by both the passwords, and the authenticator applications. Without completing both these steps properly, you are not given access permission to the files.