From 23 February 2018, mandatory reporting laws for accounting firms with a turnover of $3 million and upwards will come into force, requiring firms to notify the Office of the Australian Information Commissioner of an eligible data breach. This may also require a public notice to be displayed on the firm’s website.
The definition of an eligible data breach is unauthorised access, disclosure or loss of personal information where it could be reasonably concluded that serious harm to the end client is likely to result.
Accountants are often unaware of this impending change, and more worryingly, often turning a blind eye to the like likelihood that they will face a cyber attack.
“Cyber crime is the fastest growing crime in the world. It's here, it's here right now, it's here to stay, and it's only going to get worse. If you haven't been a target of cyber crime, you're very, very lucky, and chances are you're going to be a victim very, very soon,” said Karen McDonald, associate director of professional risks at Accountancy Insurance, on a recent Accountants Daily podcast.
Scams often infiltrate firms through non-invasive, non-obvious means, like a fake email from the firm’s chief executive.
“Ransomware is very common with accountants. [For example] when you see those fake emails from the CEO, sending an email to someone in accounts, asking them to transfer funds,” said Ms McDonald.
“People get busy and they make mistakes, and those transfers do take place,” she said.
You can listen to the full Accountants Daily podcast with Ms McDonald below.