Half of Australian businesses have seen an increase in internal threats or data leaks in the last 12 months, according to new research by email security and cyber resilience firm Mimecast. Coinciding with the National Privacy Awareness Week, (2–8 May), Mimecast revealed that 47% of Aussie firms are concerned about the risk naïve employees pose to their businesses.
Given that the theme of the week is “Privacy: The Foundation of Trust”, Garrett O’Hara, Field Chief Technologist, Mimecast said that it is a timely reminder of how people are being bombarded more than ever, with news and information across various sources.
When this is combined with working from different locations, it is easy for individuals to fall victim to malicious activity that can cause all manner of security nightmares for a company.
What were the findings of Mimecast’s survey?
“In research conducted in 2021, we found that over one in five of Aussies had experienced a privacy incident at work and we expect this pattern to continue through 2022,” said O’Hara.
“While there is a lot more work to be done, we’re seeing Australian companies start to understand they need to be constantly training and educating staff on how to keep their privacy – and the privacy of their employee’s data and that of their customers – safe.”
Mimecast’s recent survey showed that only 23% of Australian employers provide ongoing cyber awareness training for their employees, but it is gradually becoming more of a focus in many organisations with 85% of businesses offering training at least once a quarter.
At a time when cyber threats are becoming more complex, O’Hara commented that all businesses – from SMBs to large corporations – need to make sure the foundations of their cybersecurity are sound, including regular, engaging training alongside the right technology.
“Businesses need to heed the wakeup call – Australian workers are distracted, remote-working sitting ducks, which leads 8 out of 10 organisations to believe their company is at risk due to inadvertent data leaks by careless or negligent employees,” said O’Hara.
How can employees and businesses manage data leaks?
O’Hara offered a few tips for businesses and staff to follow this Privacy Awareness Week;
Individuals
- Balance trust with a healthy dose of caution – if an email or message through other communication looks off, don’t’ open it! Report it to your IT team straight away.
- No one ever died of embarrassment – if you open a dodgy link or send information to the wrong person, report it! Any firm worth its salt will encourage such reporting. Remember, every minute counts when it comes to minimising the fallout of a privacy slip-up
- Think before you share anything online – be it an email, too much information on social media or your credentials on a website. Sharing isn’t always caring!
Businesses
- Training; don’t make it a snooze-fest! Especially with much training now happening remotely, it needs to be engaging so people take it in. Balance regularity with light humour
- Encourage people to speak up; nearly a quarter of Australians who don’t report a privacy incident stay silent because of embarrassment they anticipate from their bosses. Create a culture where people feel they will be supported if they report an incident.
- Refresh – cyberthreats are constantly evolving, so even when policies, technology and training are in place, they need constant updating to stay ahead of the game.
