Accountants be warned: Train your team on the importance of increasing cyber threat
An increase in public reporting on major cyber security incidents, over the last 12 months, has put mandatory data breach reporting schemes in the spotlight internationally. Notable examples include data breaches involving hotel group Marriot International, property valuer LandMark White, and the airlines British Airways and Cathay Pacific. Additionally, scrutiny over the privacy policies and practices by some of the world’s leading brands has lead regulators in the world’s advanced economies – the United Kingdom, the United States, Canada, Brazil, China and Japan amongst others – to make major reforms to their privacy laws.
The European Union responded with the implementation of the General Data Protection Regulation (GDPR) in May 2018. It brought stronger data subject rights, new governance and accountability requirements and a strict 72-hour mandatory data breach notification reporting regime. Similarly, the Office of the Australian Information Commissioner (OAIC) commenced the Notifiable Data Breaches scheme (NDB scheme) in February of last year. Its first annual report, detailing the state of data loss reported by government agencies and private sector organisations (entities) that have existing information security obligations has revealed some troubling insights into the practises and trends within regulated industries causing major data loss.
Importantly, the report exposes that the accounting, legal and management services sector was the third-highest sector to report data breaches between 1 April and 30 June 2019. Only health service providers and the finance sector recorded more breaches during the quarter. According to the NDB scheme report the human element is more critical than ever, as human error now accounts for one in three breaches in the form of compromised credentials; with login and password information used to gain unauthorised access to personal information. This also includes individuals clicking on a phishing email or reusing passwords across services, which allow for further data breaches.
The evidence presented in the report reinforces the crucial need for audit and accounting firms, the world over, to train team members on the importance of cyber security, how to employ best practises and take precautions, as well as cyber governance at large.
Speaking at Accountants Strategy Day 2019, Practice Protect head of business development Jack Kay That being said, raising cyber security awareness and preparedness in the workplace, is not to undermine team members ability. Simply put, people don’t think about the implications until they understand their obligations, what they can or cannot do with your data and how it all works. Cyber training is essential to future proofing your firm and protecting clients in a digital economy. Get professional help to ensure compliance with regulation and data reporting requirements. Implement proactive internal data management processes and practises to prevent loss, and continually assess your organisation’s risk and preparedness vis-à-vis data breaches.
Sources of data breaches: Top five sectors 1 April 2018 – 31 March 2019
|Sector||Human error||Malicious or criminal attack||System fault|
|Legal, accounting & management services||39||59||2|
|Health service providers||113||90||3|