Our portal is a secure way for you to share information with us. We strongly recommend that you share your files with us this way instead of using email. Email was not designed to be a secure method to send confidential information. Cybersecurity risks include:
Often email is relayed by several servers between your email server and ours, with each relay being a potential for the email to be read or altered.
Senders can select the wrong recipient(s) which can expose confidential information to an unintended party.
Our internal cybersecurity guidelines are restrictive on handling emails that include attachments—too often these days attached files contain malware.
Using our secure portal ensures that no one other that you and your Hospitality Asset Management Services account representative have access to your confidential information.
Your Hospitality Asset Management Services account representative will create an account during your firm’s onboarding process. You will get an email from ShareFile Support (using the email address “[email protected]”) that has an account activation link.
Each staff member from your firm who needs access to the portal should have their own account. If staff with a portal account separates from your firm, you should let your account representative know so that they can terminate that account.
Our portal allows users to use a second form of identification beyond their password. It is call “Two-Step Verification.”
You can opt-in for Two-Step Verification when you sign into our portal. Two-Step Verification reduces losses from someone stealing your online identity secured by a password alone by 99.9% (per a 2020 paper by Microsoft, Flash whitepaper: Why MFA is a top priority in 2020 – Microsoft Community Hub).
The first time you access your account from a device, you will have the option to “trust this device” after Two-Step Verification succeeds. If this is a device under your control, and it is not a public device, it is fine to have the device “be trusted” so that you won’t be challenged the next time you sign in.
Once you sign into the secure portal, you can add Two-Step Verification from Personal Settings > Personal Security > Two-Step Verification (direct link). Citrix ShareFile instructions are here. This will enable sending a text message with a code to your phone. Codes expire in two minutes.
If you would prefer to use an authenticator app that provides rolling codes, you can pair an authenticator app from the same Two-Step Verification page. Citrix ShareFile instructions are here.
If you are a new client, you can opt for Two-Step Verification during the enrollment process.
To prevent from being locked out if you lose your Two-Step verification device, we recommend both setting up a backup phone and creating backup security codes and storing them in a safe place.
If you no longer have access to your phone, your backup phone, the synchronized authenticator app, or your backup codes, please contact your Hospitality Asset Management Services account representative. They will set up a new account for you. Once your new account is working, the old account will be deleted.
Selected files that are used as accounting or bookkeeping “workpapers” are copied to a separate system so that Hospitality Asset Management Services can provide an audit trail for your accounting information.
Your files will remain on the portal for two years after their upload. After that we will remove them. An important concept in cybersecurity is to keep only the information that you need.
We recommend that you keep a copy of all your files in your system that you might need for your tax records, which is often seven years but you should check with your tax advisor.
We will maintain our separate copies of your files for at least ten years. These are intended for records to be used in future audits and may not be the complete set of files that you uploaded to our portal.