My privacy has been breached – and I want answers

Usually a security breach and privacy hack is not thought of in a positive light, and trust me I have spent all day dealing with it and really asking myself…”How can I not get disillusioned with today’s events?”

So let me explain – I am an Accountant and I run a Financial Coaching & Bookkeeping business. I work in the cloud – internet is a tool that I use every waking minute of the day.  Well today as released in the media there has been a major security breach with online accounting & payroll software.

Hackers were able to somehow pose as users, gain access to data files, review payroll information and go on their merry way.

So how could this teach me anything about communication?  Well it certainly gave me a lesson in what I should not do!

I received a call last night from the software provider telling me there had been a potential breach.  They were to email me some information.  The email never arrived because they had my email address wrong.  2.5 years working with the software provider and they have my email wrong. Not good enough.

Then today, as I wait ever so impatiently I am bombarded by calls and emails from clients saying they have received a call from the software provider saying my employee’s security is breached.  Clients get all scared and now delist my employee’s access to their data file.

Now hang on a cotton picking minute – my employee did nothing wrong.  She had up to date anti virus and security, she had changed her password to something secure – and the hackers still got in.  This was not a breach of my business security, but that of the accounting software provider – however this VITAL piece of information was not told to my clients.

Anyway – I won’t bore you with the detail…..but this is how I responded

1. I took initiate.  First thing this morning I sent an email to all my clients that used this software, advising there may be a potential breach of security and to change their passwords immediately.
2. I emailed the software support asking to be informed of the status asap.
3. I rang my software account manager asking for more information.
4. I spoke to concerned clients on the phone and outlined what I was trying to do and what information I was trying to obtain.
5. I spoke to my employee about 7 times today – going back and forth to ensure passwords had been changed, audit trails were assessed and data files were checked.
6. I informed my clients that no information had been sent out whilst the hackers were in their data files.
7. I emailed my clients tax agents advising of the breach and to be aware of any unathorised activity on their income tax accounts.
8. I sat (impatiently) and waited for the activity log to be sent to me from the software provider.
9. As soon as I had the activity log, I then emailed my clients again with the updated information and told them to advise their employees of the breach, that everyone (including employees) to change passwords, for them to be aware of any scam emails or calls from the ATO, and to speak to their tax agents in case of concern.

Did I get paid to run around like a headless chook today? No

Did I get paid to speak with my clients, to reduce their fears, to ensure them there was no security breach in my business? No

Did I cancel appointments and work today to deal with this urgent matter? Yes

Did I reassure Shelley my beloved staff member that I knew it wasn’t her fault and unfortunately we got caught in a massive scam? Yes (I trust Shelley with my clients and with my own business and today has not changed my view on that).

Did I write off an entire day today to ensure my clients knew what was going on? Yes

That is communication.  Sometimes telling clients the truth is hard.  But it is vital to retain their trust.

Telling clients about a security breach is not something I ever want to do again – but I wanted to ensure they heard it from me and knew I was doing everything I could to give them peace of mind.

I wanted to be available to take their calls and to ensure they could talk to me about the situation.

Internet is a way of life for me and I have been using it on a daily basis for many years.  Today’s event’s have not changed my perception of cloud software.

What I hope comes from today is that the software provider increases their authentication process so future days of me running around like a headless chicken can be eliminated.