Cyber risks at home: bad for business

Paul Burrow & Catherine Wise

Senior Cyber Security Behaviour Managers, ANZ

By 2020 the average Australian home will have more than 17 connected or internet of things (IoT) devices operating at any one time. Meanwhile, in a mix of personal and professional emails, we receive well over 120 messages a day and operate anywhere between 60 and 90 apps on our phone.

Click image to zoom Tap image to zoom

These are significant numbers for any individual in a world where we are increasingly more connected – blurring the line between personal and professional lives. People manage their work emails through a personal device. We may have photos of a whiteboard brainstorming session stored next to a photo of a child’s first day of school.

"Workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place.”

Where work stops and personal lives begin is almost impossible to measure on the devices, apps and information we all share and use.

Yet workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place. However, the interconnected nature of our lives, devices and information, means organisations have started recognising the need to help staff and their families keep themselves safe and secure online.

Online exposure

These days it’s not just the individual at risk but the organisation employing them that may have the greatest online exposure when information is shared.

The Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach Scheme shows a growing risk. Since the Notifiable Data Breaches scheme was implemented in February 2018, there has been an alarming 712 per cent increase in breach notifications. Some 60 per cent of breaches were attributed to malicious or criminal attacks while 35 per cent were attributed to human error.

By aligning workplace training on cyber security to individuals’ personal lives as well as workplaces, the knowledge gained will be more effective and ultimately reduce both the organisation and the individual’s risk exposure.

Being on top of cyber security doesn’t end when someone walks out of the office door each day – it’s personal. Organisations, no matter their size, need to recognise and implement a strategy reflective of the personal bias we all carry.

If organisations want their staff to reduce their cyber risk by simply implementing new mandatory training or cutting off the internet, it will all be in vain. Providing simple and empowering actions to be carried over into an individual’s life is what will make a difference – even if that person has limited and in some cases no technical capabilities.

Gone phishing

A phishing scam is when you receive a hoax email, text or social media post that looks like it's come from a legitimate company like your bank, mobile phone or internet service provider.

The phishing scammer wants to trick you into giving them your personal information such as your password, bank account or credit card number. Be extra diligent if you receive an email that:

asks you to verify details like your Customer Registration Number, username, password or PIN
gets you to fill out your personal details for a survey, in exchange for a prize
claims to alert you to suspicious activity on your bank account and asks you to log in using a link in the email.

Remember your bank will never send an you an email asking for your account, financial or log in details.

Protect yourself

Be aware of what to look out for in suspicious emails. Typical signs include:

misspellings and poor grammar
patchy graphics or design
asking for personal information, usernames or passwords
not addressing you by name at the start of the message
a sense of urgency, claiming that your immediate attention is needed
an email address that doesn’t look quite right
links to click on or attachments to open

Conversation starters

This year, the focus for Safer Internet Day is on starting a conversation about online safety. Only by making it a topic of conversation, bringing it to front of mind can we begin reduce the cyber risk.

In a recent Uber ride, Catherine was asked by the driver what she did for a living. She told him she worked in the cyber securityfield, providing advice and education about topics such as malicious emails, identity theft and fraud.

The driver described a phishing email he received claiming to be from his telecommunications provider, saying he knew it was a scam because he didn’t recognise the sender. He was proud he had identified it but conceded it was one of many more filling his inbox.

So Catherine shared some tips to on how to identify a phishing email – such as a request for internet banking login details - and spoke about sharing these tips with the people he cares about. Sometimes, a simple conversation can help keep others around you safe online, because we’re just one click away from a compromise.

Paul Burrow & Catherine Wise are Senior Cyber Security Behaviour Managers at ANZ

ANZ is working with the eSafety Commissioner, Australia’s national independent regulator for online safety, again in 2020 to make the internet a safer place.

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.