Download PDF

Keeping the Lights on With Secure Sharing of All Confidential Financial Information

Sharing Sensitive Information Externally Is Much More Than a Use Case

There is a country song called “Coal Keeps the Lights On.” You can imagine the lyrics; they’re formulaic to the point of cliché. In the business world, a company’s Finance department is responsible for keeping the lights on.

Kiteworks’ Finance department is no exception. A team of 10 manages six different entities, each with their own set of books, currencies, and tax laws. In addition to traditional Finance functions, such as Tax, Payroll, Accounts Payable, and Accounts Receivable, Kiteworks’ Finance team supports other organizations with their Finance needs. This includes Human Resources for stock option grants, commissions, and severance payments; Sales for invoicing Partners and their customers; and the C-suite for board of directors’ communications.

Kiteworks’ Finance team, whether it initially realized it or not, proved invaluable to the Product team. Like a Corporate Legal department, the Finance department generates a lot of content and most, if not all, of it is highly confidential: budgets, bank statements, financial projections, customer data, employees’ personally identifiable information (PII), and more. This content is frequently shared with external partners like auditors, tax authorities, boards of directors, and payroll processors, to name a few.

Protecting Confidential Content for Security, Compliance, and Business Reputation

“Given the nature of our department’s responsibilities— generating, processing, and sending extremely sensitive financial information with customers and consultants—it just makes sense to use Kiteworks.”

– Stella Miao, Controller,

If the Finance department keeps a business running, someone must keep the Finance department running. At Kiteworks, that responsibility falls largely upon Stella Miao and the Accounting team. As corporate controller, Stella manages the operations for all six Kiteworks entities. Each entity has its own ledger, unique currency, and separate tax laws. Finally, these entities roll up into a consolidated holding company. When she’s not closing the books at the end of every month, quarter, and fiscal year, Stella is accommodating auditors, assisting the Senior Vice President of Finance (her boss), answering ad hoc questions from the company’s CEO, and (finally) providing valuable guidance to her team, which performs all the typical functions of a Finance department: Accounts Receivable, Accounts Payable, Payroll, Financial Planning and Analysis, and more. Stella is a busy Finance professional.

Like all Finance departments, Kiteworks processes, sends, receives, and collaborates on a lot of very sensitive information: budgets, cash forecasts, bank statements, contracts, salaries, bonus and commission plans, and much more. Regulations like Sarbanes-Oxley, the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and others are created to protect this information from data breaches and cyberattacks. These regulations dictate how businesses must handle, store, and share sensitive content like financial statements, customer data, and employee records.

Case Study

Keeping the Lights on With Secure Sharing of All Confidential Financial Information

Stella keeps the Finance department’s responsibilities in the proper perspective. “We must be more than organized. We must follow an extensive list of procedures, to the letter, otherwise we won’t be in compliance. This could lead to a costly fine but also lost business. Our customers are very risk averse, and I can’t imagine they’d want to do business with a company that has been penalized for not handling sensitive information appropriately.”

Integrating Kiteworks Into Daily Workflows Across the Finance Department

Prior to integrating Kiteworks into a variety of workflows, Stella and the Finance team shared sensitive information internally and externally through email. There were more secure options available like Secure File Transfer Protocol (SFTP) but they were inefficient. Email, by contrast, was simple to use, convenient, and fast; time was always an important consideration for a lean team that moves quickly. And everyone used email: contractors, consultants, vendors, auditors, and other trusted partners. The risk, however, of unauthorized access to sensitive information, whether from a phishing attack and account takeover or a man-in-the-middle attack over a public Wi-Fi network, became increasingly common and concerning.

The Kiteworks platform was a great option—a safe and secure solution that significantly mitigated these risks. The Finance team became early adopters. When Kiteworks’ Product team released the Microsoft Outlook plugin, Finance embraced it right away. “It’s even easier to share documents because we don’t need to go into Kiteworks to send them. We can send them straight through Outlook but with Kiteworks working in the background to ensure the files are completely protected.”

Today, Stella and the Finance team use Kiteworks all day, every day. “We are Kiteworks power users. I can’t think of another department that uses Kiteworks more extensively. The platform is integrated in well over a dozen different Finance workflows. We’d be foolish not to use Kiteworks.”

Here is a snapshot of some of the ways Finance uses Kiteworks every day:

  • Payroll. Finance uses Kiteworks to share PII with a global network of payroll providers. Finance stores these communications and all payroll files in Kiteworks folders, separated by operating entity (e.g., United States, Singapore, et al.). Kiteworks’ payroll administrator limits access to these folders so only the UK’s onsite payroll processor has access to the UK payroll folder, and so on. The processor then downloads the employees’ base salary, bonus, and commission information to calculate income tax, retirement contributions, and other deductions before uploading it all back into Kiteworks so that the Kiteworks Payroll administrator can review, approve, and process payment.
  • Accounts Receivable. Finance sends invoices to global customers utilizing the Outlook plugin to protect Kiteworks’ banking information, which is included in the wiring instructions. Kiteworks’ Accounts Receivable manager can see who downloaded the invoice and when, even when the invoice is sent to a customer’s AP alias email address (e.g., This allows Finance to track whether the payment, especially for large invoices, is being processed in a timely fashion.


  • Share tax and payroll information to external consultants securely and compliantly
  • Send invoices via email, a format everyone is comfortable with, but with much tighter security
  • Monitor who downloads an invoice—and when they download it—to ensure payment is made in a timely manner

Kiteworks Solution

  • Microsoft Outlook plugin to protect and track sensitive financial documents sent externally
  • Secure shared folders with permission settings to limit access to authorized users
  • Read receipt capability to monitor who downloads invoices, even when sent to an email alias

Business Impact

  • Virtually eliminates risk of a phishing attack; customers receive invoices via Kiteworks, not email
  • Increased efficiency provided by the Microsoft Outlook plugin, enabling sensitive document sharing through Microsoft Outlook directly but protected by Kiteworks on the back end
  • Mitigates risk of unauthorized access to sensitive information, such as tax and payroll data for each entity, by storing it in a separate folder with access tightly controlled
  • Accelerates cash collection as Accounts Receivable can monitor who downloads invoices and when and can follow up to ensure invoices are paid on time

Case Study

Keeping the Lights on With Secure Sharing of All Confidential Financial Information

  • Tax. Stella manages the month, quarter, and year-end close for six different Kiteworks entities. She uses the Kiteworks platform to communicate with tax advisors in multiple countries. She uploads income statements, balance sheets, bank account and investment account statements, and other documents into six different folders (one for each entity). Access to each folder is limited to the appropriate tax advisor to protect this sensitive information. The tax advisors download these files, process the tax returns, and upload them into the same folders. Stella receives an email notification that an advisor has uploaded a new file to a folder, thus letting her know in an instant when the tax return has been completed.

The Finance function is clearly a collaborative process. Kiteworks’ Audit and Financial Planning and Analysis managers utilize Kiteworks Secure Shared Folders very similarly to their colleagues in Payroll and Tax. In addition, every member of the Finance team relies heavily on the folder permission and read receipt capabilities to protect access to sensitive information and keep workflows on track, respectively.

In closing, Stella comments, “We use Kiteworks in almost every function across the Finance department. Given the nature of our department’s responsibilities—generating, processing, and sending extremely sensitive financial information with customers and consultants—it just makes sense to use Kiteworks. Let me be clear: We don’t use Kiteworks because it’s our product and we’re trying to set a good example. We use Kiteworks because we must protect some of our company’s most critically important information. We couldn’t do our job effectively without Kiteworks.”

“We’d be foolish not to use Kiteworks.”

– Stella Miao, Controller, Kiteworks

Get A Demo