Cyber security to many is someone sitting in a dark room hacking into a “mainframe”, or adding software to a computer to protect devices from viruses. More recently, people often associate cyber security with workplace security awareness training, and don’t always consider how it translates into their personal lives.
A recent Harvard Business Review report, sponsored by DXC, stated that 68% of executives surveyed identified phishing attacks, other email scams, malware and viruses as high or very high security risks. Additionally, only 34% of respondents indicated their organisation assess risk and build in new security measures every time or most of the time when they undertake initiatives to expand collection and use of data.
Government legislation and regulatory requirements that relate to data privacy breaches, have driven an increased focus on cyber security for board members and senior executives. An example of this is the Australian Prudential Regulation Authority Standard CPS 234 for banking, insurance, and superannuation industries in Australia. This increased focus has driven organisations to educate employees about security and help prevention, particularly with the shift from working in the office to working from home.
However, the question remains, how effective is annual security awareness training without further awareness or follow-up for employees? COVID-19 has changed the way we work, where working from home has become the “new normal”. Individuals now share the same network for professional and personal use, the line has blurred personal and company network security. It is important for organisations to continue to raise the importance of cyber security with employees and help foster an environment that enables employees to identify common threat attacks and encourages them to report when they have accidently clicked on malicious links.
What is the Solution?
Traditionally, cyber security has been an organisation’s responsibility to protect its data and its customers data. Last year, the Australian Federal Government released “Cyber Security Strategy 2020” where a $1.67 Billion (AUD) investment was announced for strengthening Australia’s cyber security capability and protections.
This national approach is a big step for Australia. In the financial year 2020-2021, self-reported incidents (including businesses) equated to more than $33 Billion (AUD) stolen - $851 Million (AUD) to phishing emails. It was also reported that there were over 1,500 COVID-19 related phishing emails reported in which 75% of people who clicked on the email lost money or Personal Identifiable Information (PII).
The Cyber Security Strategy 2020 provides a framework to a more national approach to awareness that encourages individuals and organisations to protect their data beyond the workplace. There have been previous government campaigns that raise awareness around Workplace Health and Safety. For example, ‘Look Up and Live’ encourages individuals to look and identify procedures to stay safe around powerlines.
By implementing the same approach as Workplace Health and Safety campaigns, individuals would be encouraged to be aware of their actions at work and translate them to their personal lives. It’s important that cyber security continues to be a priority for individuals to identify threats and respond in a way that allows them to engage safely online while protecting their organisational and personal data.