Training team members on the importance of cyber security is more critical than ever as the human factor now accounts for one in three breaches, says the Office of the Australian Information Commissioner.
The latest Notifiable Data Breaches (NDB) scheme statistic report shows that the accounting, legal and management services sector made 24 notifications between 1 April and 30 June 2019, making it the third-highest sector to report breaches.
Only health service providers and the finance sector recorded more breaches during the quarter.
Accordingly, the human element continues to be a key factor in the breaches, with one in three cases caused by compromised credentials, with login and password information used to gain unauthorised access to personal information.
This also includes individuals clicking on a phishing email or reusing passwords across services, which allow for further data breaches.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk.
Speaking at Accountants Strategy Day 2019, Practice Protect head of business development Jack Kay said training team members was crucial for an accounting practice.
“I am not degrading team members here; it is just that people don’t think about these things. I never did before I understood how it all works,” Mr Kay said.
“Basic cyber training is really important; you need to make sure team members understand their obligations and have it in black and white what they can and cannot do with your data.
“Train your team, get professional help, and continually assess your risk.”