Responding to a data breach: What the ACSC recommends

Recent cyber breaches have shone a spotlight on the importance of data security. From the Optus breach, to the MyDeal one, and to the most recent Medibank hack, it’s emphasised now more than ever that any firm privy to client data should take their data custodian duty seriously.

In light of these cyber events, the ACSC are reminding businesses to ensure their data is secure, and to be aware of the Notifiable Data Breach Scheme.

The Notifiable Data Breach Scheme

The Notifiable Data Breach scheme requires that any organisation or agency the the Privacy Act 1988 covers must notify any affected individuals and the OAIC when a data breach has occurred at their firm.

A data breach happens when personal information is accessed or disclosed without authorisation or is lost.

If you’re a business that has access to client’s personally identifying information, you’re required to report a breach if it happens.

How can small businesses respond to a data breach?

Every breach is different, from the type of information compromised, to the remediation needed in order to contain or respond to the breach. 

However, once a breach has happened or is suspected in a business, these are the basic steps one should take:

  • Change any passwords that could have been compromised
  • Be on alert for phishing emails or calls
  • Do not click on any links in emails or messages that ask for passwords, password resets, or verification information

Keeping your data safe

Accounting firms are privy to sensitive client information. From bank logins and email systems, to the devices your team members use, these are our top tips for keeping data safe:

  • Have secure, unique passwords for your accounts. We recommend using passphrases that are more than 8 characters in length.
  • Be aware of what personal data you share online, and limit what personal information you share on public profiles
  • Secure your devices and accounts

Prevention is better than a cure. Now that you know what to do in the case of a breach at your firm, it’s time to find out how to prevent breaches from happening, and mitigate the risk of a cyber event at your firm.


Talk to Practice Protect, the world’s #1 cyber security platform for accounting firms, to see how we can help. Book a demo with our team below: