Helpdesk Login Remote Support 1300 798 717

Accounting, finance record spate of data breaches: OAIC figures

Posted 23 Aug '18

Accounting, finance record spate of data breaches: OAIC figures

The accounting and financial industries feature in the top-three industry sectors to report data breaches, as the first quarterly statistics come through following new data laws.

 The Office of the Australian Information Commissioner (OAIC) has published its first full quarterly statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme, since it commenced on 22 February 2018.

Between 1 April and 30 June 2018, the finance, legal, accounting and management services industries accounted for a combined 56 out of 242 notifications of data breaches, just below the health service sector.
 
Of those breaches, 29 were due to malicious or criminal attack, 24 due to human error, and three owing to system faults.

Speaking to Accountants Daily, Julian Plummer, managing director of Kamino Cyber Security and Midwinter Financial Services, said the numbers showed the relative attractiveness of accountants as targets for data breaches.

“Accountants have a huge amount of data for their large numbers of clients, so attacking an accountant gives the hacker access to a larger scale of information as opposed to attack[ing] an individual person,” said Mr Plummer.
“The other side is that accountants are generally underprepared when it comes to information security and in large part this can be attributed to not fully understanding their obligations under the new laws.

“What was interesting is the high amount of human errors that led to data breaches – this leads me to believe that accounting practices that suffered from a data breach had poor levels of security hygiene and lacked basic staff training. Policies for sending out personally identifiable information should be a part of the information security policy, and this is a basic thing to get right.”

Further, Mr Plummer believes with the rise of accounting firms picking and choosing different applications for different processes, more breaches will be likely to be reported before the industry starts to take the issue more seriously.
“Things are only going to get worse before they get better,” said Mr Plummer.
“Consider the increasing number of accountants that are currently “picking their own stack” of applications with the intention of integrating them via API. This is going to only lead to more data being produced, dramatically increas[ing] the attack surface area of the practice.

“A mistake we see quite often is an accountant thinking that installing a virus monitoring tool will take care of everything. It won’t,” he added.

“Instead they should be investing in an information security policy, a layered security approach and the training of staff to increase awareness.”

The Tax Practitioners Board (TPB) has warned the industry that failure to comply with the NDB scheme could result in possible sanctions from the body, on top of severe penalties issued by the OAIC.

Source: Originally published by  accountantsdaily
jotham.lian@momentummedia.com.au

Related News


Evans Edwards & Associates

"Being a regional based Accounting firm with about 30 users and multiple sites, we were looking for a service provider who could assist us with all of our IT needs, ranging from guidance and advice on the best network environment for our firm, system configuration and hardware installation to the day to day assistance we require to keep all of our systems running smoothly. Fortunately, Smart Business Systems can attend to all of this for us. With expert guidance from SBS, we have been able to successfully transition to a fully cloud based firm with no interruptions to our business, which was fantastic. For us, we were looking for specialists who could troubleshoot and move quickly to resolve any issues that might arise. Smart Business Systems always do this in a friendly and efficient way, with all of their IT techs possessing skills and knowledge in the suite of products that we use. We have been with Matt & Stewart since the very early days and have watched their business grow to the successful enterprise that it is today. Even with that growth, they are still able to provide us with the same friendly and efficient customer service we have always enjoyed and appreciated.”

BMO Accountants

“As a top regionally based accounting firm, finding the right level of technology support can be a challenge. Our size and geographic location mean we require a provider that not only has the capability to support a growing, multi-disciplinary practice, but also understands the nuances of a regional firm — including responsiveness, practicality, and a genuine appreciation of our business priorities. We wanted to engage a partner that understood our needs, could scale with us, and was invested in building a long-term relationship rather than offering a one‑size‑fits‑all solution. We have been using Smart Business Systems for over 15 years and both Jake, and the team have become a valued part of our business. Not only are they technically proficient, professional, efficient and dependable, but they are friendly and approachable. They’re easy to talk to and easy to understand (they don’t use “IT-speak” - which we really appreciate!) Smart Business Systems always has our best interests at heart and look for cost effective solutions without compromising quality."

AH Jackson & Co

"As a large accounting firm based in Brisbane, we were seeking a technology partner who genuinely understands our business and is committed to a long‑term relationship. We have worked with Stewart, Jake, and the team at Smart Business Systems for nearly 15 years, and they consistently provide the experience and service delivery we require as a firm. We experienced this firsthand when we changed IT service providers. Our decision to return to Smart Business Systems within a matter of months is a strong testament to our trust in, and endorsement of, their capabilities. Technology presents both risks and opportunities and continues to evolve in an increasingly complex and ever‑changing environment. While many providers make promises, Smart Business Systems has consistently proven their ability to deliver."