These are significant numbers for any individual in a world where we are increasingly more connected – blurring the line between personal and professional lives. People manage their work emails through a personal device. We may have photos of a whiteboard brainstorming session stored next to a photo of a child’s first day of school.
"Workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place.”
Where work stops and personal lives begin is almost impossible to measure on the devices, apps and information we all share and use.
Yet workplaces typically focus almost exclusively on the work environment and context, disregarding the personal context of where so much work actually takes place. However, the interconnected nature of our lives, devices and information, means organisations have started recognising the need to help staff and their families keep themselves safe and secure online.
These days it’s not just the individual at risk but the organisation employing them that may have the greatest online exposure when information is shared.
The Office of the Australian Information Commissioner (OAIC) Notifiable Data Breach Scheme shows a growing risk. Since the Notifiable Data Breaches scheme was implemented in February 2018, there has been an alarming 712 per cent increase in breach notifications. Some 60 per cent of breaches were attributed to malicious or criminal attacks while 35 per cent were attributed to human error.
By aligning workplace training on cyber security to individuals’ personal lives as well as workplaces, the knowledge gained will be more effective and ultimately reduce both the organisation and the individual’s risk exposure.
Being on top of cyber security doesn’t end when someone walks out of the office door each day – it’s personal. Organisations, no matter their size, need to recognise and implement a strategy reflective of the personal bias we all carry.
If organisations want their staff to reduce their cyber risk by simply implementing new mandatory training or cutting off the internet, it will all be in vain. Providing simple and empowering actions to be carried over into an individual’s life is what will make a difference – even if that person has limited and in some cases no technical capabilities.