Accounting, finance record spate of data breaches: OAIC figures

Posted 23 Aug '18

Accounting, finance record spate of data breaches: OAIC figures

The accounting and financial industries feature in the top-three industry sectors to report data breaches, as the first quarterly statistics come through following new data laws.

The Office of the Australian Information Commissioner (OAIC) has published its first full quarterly statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme, since it commenced on 22 February 2018.

Between 1 April and 30 June 2018, the finance, legal, accounting and management services industries accounted for a combined 56 out of 242 notifications of data breaches, just below the health service sector.
 
Of those breaches, 29 were due to malicious or criminal attack, 24 due to human error, and three owing to system faults.

Speaking to Accountants Daily, Julian Plummer, managing director of Kamino Cyber Security and Midwinter Financial Services, said the numbers showed the relative attractiveness of accountants as targets for data breaches.

“Accountants have a huge amount of data for their large numbers of clients, so attacking an accountant gives the hacker access to a larger scale of information as opposed to attack[ing] an individual person,” said Mr Plummer.
“The other side is that accountants are generally underprepared when it comes to information security and in large part this can be attributed to not fully understanding their obligations under the new laws.

“What was interesting is the high amount of human errors that led to data breaches – this leads me to believe that accounting practices that suffered from a data breach had poor levels of security hygiene and lacked basic staff training. Policies for sending out personally identifiable information should be a part of the information security policy, and this is a basic thing to get right.”

Further, Mr Plummer believes with the rise of accounting firms picking and choosing different applications for different processes, more breaches will be likely to be reported before the industry starts to take the issue more seriously.
“Things are only going to get worse before they get better,” said Mr Plummer.
“Consider the increasing number of accountants that are currently “picking their own stack” of applications with the intention of integrating them via API. This is going to only lead to more data being produced, dramatically increas[ing] the attack surface area of the practice.

“A mistake we see quite often is an accountant thinking that installing a virus monitoring tool will take care of everything. It won’t,” he added.

“Instead they should be investing in an information security policy, a layered security approach and the training of staff to increase awareness.”

The Tax Practitioners Board (TPB) has warned the industry that failure to comply with the NDB scheme could result in possible sanctions from the body, on top of severe penalties issued by the OAIC.

Source: Originally published by  accountantsdaily
jotham.lian@momentummedia.com.au

Related News



MYOB Cashbook is currently unavailable for Australia and NZ. This is also affecting MYOB AO / AE Client Accounting with integrated client ledgers. Some clients have reported Client Accounting crashing when attempting to download data from an online ledger. If this occurs, please close and restart MYOB AO/AE. If you're unable to do this, please send an e-mail to helpdesk@sbsystems.com.au.

SBS Support Team.


You're not alone! There are currently issues with Microsoft email. MICROSOFT UPDATE: Title: Issue affecting viewing email content User Impact: Users may be unable to view email message content.Current status: We’ve identified the underlying cause of impact and are applying a fix. This fix will reach all affected users incrementally over the course of the next four-to-five hours. Once users receive the fix, they will need to restart their email client to apply the fix. In some circumstances, users may need to restart their client a second time for the changes to take effect. We expect to complete this process and restore service for all affected users by May 12, 2021, at 3:00 AM UTC. Next update by: Wednesday, May 12, 2021 at 3:00 AM UTChttps://portal.office.com/servicestatus


With so much disruption and uncertainty at this time with COVID-19, we would like to assure you that SBS has measures in place to ensure we are here to continue to support you and your business throughout this time.

  • The health and well-being of our team and clients is our highest priority. We follow all official recommendations, and government advice.
  • We’re taking extra steps to ensure the safety and well-being of our team. As well as cleaning and sanitising we have reduced team member numbers working within our office premises. The rest of the team are fully operational and working remotely.
  • Our support team is very busy assisting clients to get set up to work remotely. We will do our best to minimise wait times and make this as seamless as possible for you.
  • We ask that visitors refrain from coming to our office. If you need to visit us or pick up / drop off, please contact us by telephone. We will work out the best method available to facilitate this.
  • For the safety of our clients and our team, we respectfully request that all non-essential site visits cease. We can support you remotely on the majority of issues and appreciate your understanding in this area. If there is a critical need for on-site support, please contact us to discuss the safest method possible.
  • We are not currently experiencing supply issues, however this may change at any time. We will do our best to keep you informed of any delays.
  • Lastly, thank you to our clients and colleagues we appreciate you and look forward to working with you and all doing our bit to minimise the risk. Please contact us with any concerns or queries.