There has never been a more serious cyber threat environment, and Aussie firms need to act to ensure they’re doing everything they can to mitigate the risks. Australian companies need to garner an environment of trust and not fear within their workforce, encourage employees to come forward if they make a mistake, and ensure training is accessible and engaging.
How can business fight the rising trend?
The Mimecast State of Email Security 2022 (SOES) report found that half of Aussie outfits have seen an increase in data leaks in the last year. Nearly half of Aussie firms are concerned about the risk to security that cybersecurity naive employees pose to their business.
Privacy wake up call for businesses
With Privacy Awareness Week earlier this month focusing on privacy being built on a foundation of trust, it’s a timely reminder that a firm’s cybersecurity starts and ends with trust. Privacy should be a year-long but Privacy Awareness Week serves as a wake-up call for businesses that a simple slip-up can lead to data breaches with massive consequences.
Remote work is also increasing the risk for Aussie companies – while offices are open again, hybrid working is here to stay and so is the increased threat level. We all know that working from home can lead to being easily distracted, whether it’s from responding to emails on mobile devices, while preparing the family dinner or getting a jump on the next day by working after hours, and this can make workers sitting ducks for cybercriminals.
A distracted worker is less likely to be attentive to details and sniff out a scam before it’s too late and more likely to send confidential data to the wrong person or place it in the wrong folder. Remote workers are also away from all the cybersecurity precautions that an office network can provide, such as firewalls and blocked internet addresses. Increased file sharing to maintain team collaboration also provides a new threat avenue for malicious actors.
Employees: an asset and a threat
According to the Office of the Australian Information Commissioner’s Mandatory Data Breach Notification scheme report, 41% of all reported data breaches were the result of human error. 43% were due to personal data being emailed to the wrong person, 21% were the unintended release of data, while 8% were because of the loss of paperwork. Overall, there was a 6% increase in the total number of data breaches reported from July-December 2021.
The Mimecast SOES report found that 8 out of 10 firms believe they are at risk due to inadvertent data leaks by careless employees. The report also found that only 23% of Aussie employers provide cyber awareness training for employees. This simply isn’t good enough.
Reassess training success and delivery
Training needs to be a part of the DNA of all Aussie firms. This can’t be a tick box exercise where one session of cyber training is provided to employees once a year. It should be a regular occurrence, and something that is weaved into other elements of a workplace.
Even training once every few months is not enough to keep employees cyber aware. Cyber threats are adapting and evolving daily, and employee training must keep pace with this. This training also can’t just be a boring PowerPoint presentation where employees zone out and take none of the content in. It must be engaging and interactive in order to bring employees along for the journey and keep them interested in remaining cyber secure and smart.
Cyber training must be concise to be effective. We have all felt that zone out that occurs more than half an hour into a meeting, and this will happen with ineffective cyber training too. Training needs to be a way for all employees to keep up to date with the firm’s latest policies and cyber procedures, with clear outlines and an overview of how to stay cyber safe.
Create a trust environment
An environment of trust must also be nurtured to ensure that employees do not feel embarrassed or scared to come forward if they do happen to click on a dodgy link or send information to the wrong person. Anyone can become a victim of a cyberattack and it’s not something to be embarrassed of. This needs to be conveyed to all employees.
A worker coming forward straight after a mistake or staying silent and hoping it goes away, could be the difference between a cyber breach that is quickly mitigated and a complete disaster for a firm. If a worker accidentally clicks on a bad link or sends information to a malicious actor, they need to be encouraged to come forward. And this starts with keeping cyber awareness top of mind across the workforce and a part of the company culture.
Employees should also never click on or share anything that’s suspicious – a good rule is that if you have to think twice about something, don’t click it. All Australian businesses and workers should use the recent Privacy Awareness Week as a reminder of how important constant vigilance and training is to keep themselves cyber secure throughout the year.
Garrett O’Hara, Field Chief Technologist in Asia Pacific for Mimecast. He is a seasoned leader of technical sales teams in the Asia Pacific region with experience of growing new-to-country businesses.