Can't find what you are looking for? Call our customer support at 1300 856 710 or email us at [email protected]

1300 856 710 or Book a Call
Join Us Log In
Join ABN
Or Call 1300 856 710

Latest News

All the latest news and events from the Bookkeeping Industry

Negotiating in a cyber-attack

Cyber insurer Accountancy Insurance explains how to handle a ransom demand.

With the ATO warning of increasing security controls around Online Services For Agents (OSFA), Associate Director of Accountancy Insurance, Karen McDonald, explains the hefty consequences for business owners faced with a ransom demand from a cyber attacker.

“More and more we’re seeing attackers literally holding businesses to ransom, threatening to release the data unless they are paid,” said Karen. “We’ve upped our minimum cyber security cover to $250,000 as anything less would not give enough protection.”

With bookkeepers and accountants now considered more vulnerable to attack, Karen says the complexity of the negotiation is best left to the professionals.

“With every standalone cyber insurance policy, you would expect there to be an Incident Response Team who you can call on as soon as a cyber ransomware demand is made,” said Karen.

“A team like this would include a legal negotiator, a forensic IT specialist to verify the data and contain the leak, and a PR team to deal with the communications with clients and relevant stakeholders, plus more,” said Karen.

“With access to that insurance, you’d instantly contact the professional negotiation team and not engage at all in any ransom negotiation from the outset,” said Karen.

Melbourne legal firm Mills Oakley, who deliver on the Accountancy Insurance cyber insurance policy and manage the Incident Response Team take steps that include:

  • Engaging with hackers quickly. While payment is always a last resort, engagement is done to extend time to verify the attackers claims and plug the leak.
  • Verify the attacker has the data. IT security experts and the company whose data has been breached will request a sample of the files.
  • Negotiate with the attackers and liaise with the business under attack. This would be done in collaboration with the management team in the business who are best placed to understand the risks to the firm of the data breech.
  • Manage stakeholders. Regulators might be notified, as well as authorities and necessary vendors. This is all done, noting the relevant legal obligations.
  • IT security will work to fix the cyber leak. Recovery to business as usual would include finding out how the breach occurred, upgrading the cybersecurity systems and training staff.
  • Discuss recommendations. After finding loopholes in your Cyber security, the team will make recommendations to avoid this from happening again.

 

The following is an actual Ransomware claim involving  a small accounting firm:

For your ABN member discounted cyber insurance and professional indemnity insurance with Accountancy Insurance visit www.accountancyinsurance.com.au
or call 1300 552 867

Category
ABN
Published
14 Jun 2023
NEXT More being spent on IT security, but it's not a failsafe.
PREV Bookkeeper Radio: EOFY - Deliver the Perfect Set of Books
Back to news listing
Click here to subscribe