These are significant numbers for any individual in a world where we are increasingly more connected – blurring the line between personal and professional lives. People manage their work emails through a personal device. We may have photos of a whiteboard brainstorming session stored next to a photo of a child’s first day of school.
“Workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place.”
Where work stops and personal lives begin is almost impossible to measure on the devices, apps and information we all share and use.
Yet workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place. However, the interconnected nature of our lives, devices and information, means organisations have started recognising the need to help staff and their families keep themselves safe and secure online.
These days it’s not just the individual at risk but the organisation employing them that may have the greatest online exposure when information is shared.
The Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach Scheme shows a growing risk. Since the Notifiable Data Breaches scheme was implemented in February 2018, there has been an alarming 712 per cent increase in breach notifications. Some 60 per cent of breaches were attributed to malicious or criminal attacks while 35 per cent were attributed to human error.
By aligning workplace training on cyber security to individuals’ personal lives as well as workplaces, the knowledge gained will be more effective and ultimately reduce both the organisation and the individual’s risk exposure.
Being on top of cyber security doesn’t end when someone walks out of the office door each day – it’s personal. Organisations, no matter their size, need to recognise and implement a strategy reflective of the personal bias we all carry.
If organisations want their staff to reduce their cyber risk by simply implementing new mandatory training or cutting off the internet, it will all be in vain. Providing simple and empowering actions to be carried over into an individual’s life is what will make a difference – even if that person has limited and in some cases no technical capabilities.
This year, the focus for Safer Internet Day is on starting a conversation about online safety. Only by making it a topic of conversation, bringing it to front of mind can we begin reduce the cyber risk.
In a recent Uber ride, Catherine was asked by the driver what she did for a living. She told him she worked in the cyber security field, providing advice and education about topics such as malicious emails, identity theft and fraud.
The driver described a phishing email he received claiming to be from his telecommunications provider, saying he knew it was a scam because he didn’t recognise the sender. He was proud he had identified it but conceded it was one of many more filling his inbox.
So Catherine shared some tips to on how to identify a phishing email – such as a request for internet banking login details – and spoke about sharing these tips with the people he cares about. Sometimes, a simple conversation can help keep others around you safe online, because we’re just one click away from a compromise.
Paul Burrow & Catherine Wise are Senior Cyber Security Behaviour Managers at ANZ
ANZ is working with the eSafety Commissioner, Australia’s national independent regulator for online safety, again in 2020 to make the internet a safer place.