More than 90 per cent of ASX listed businesses, Government Departments, and large NGOs were exposed to a data breach in 2016, according to research published by Forcepoint. With the Notifiable Data Breaches (NDB) scheme coming in to effect across Australia, breaches like these can no longer be swept under the carpet.
The spotlight is now firmly on data protection in the workplace. But compliance with these laws is only the beginning. At the very least, this scheme should spark a renewed effort around how we seek to prevent breaches in the first place. At best, it could drive a cultural shift in the way we view security in the workplace – moving from a threat-centric approach to a human-centric one. That is, one that protects critical data at the human point - the intersection of employees, data & networks.
Your weakest link
Employees can be an organisations greatest asset. But they can also be its weakest link when it comes to data protection. The threat from inside an organisation today is real and immediate, with major breaches that hit our headlines increasingly resulting from employees accidently, negligently or maliciously leaking personal or business critical data.
Looking at the attitudes and behaviours of Australia’s future workforce towards data security offers both hope and concern. Within three years, millennials will make up almost half (42%) of Australia’s government and private workforces. These digital natives bring with them a shift in online behaviours that could increase risks to their agencies and organisations, who in turn need to adapt to ensure they maintain a strong cybersecurity posture.
Millennial security practices alarming
Forcepoint, Raytheon Intelligence, Information and Services, and the National Cyber Security Alliance (NCSA), recently conducted research with 600 Australian millennials to better understand their attitudes and behaviours when it comes to protecting critical data. The good news on this issue is that most millennials believe that cybersecurity is important. Eighty-nine percent of young Australian adults surveyed think that keeping the internet safe and secure is a responsibility we should all bear. They’re also concerned about the risks presented, with 64 per cent very or extremely concerned that their technology devices will be infected by malware – while 54 per cent very or extremely concerned by identify theft.
The bad news is that this belief has not translated to most young adults using proper cybersecurity practices. Around 70 per cent of young Australian adults have connected to public – no password required – Wi-Fi at coffee shops and airports. The proportion of young Australian adults who share passwords with non-family members in 2017 was 37 percent. Only 44 per cent protect their tablet with a password – compared with 87 per cent who protect their mobile with a password and 85 per cent who protect their desktop with a password. Behaviours young adults admitted to could spell danger for employers if used in the workplace.
Prevention better than cure
As always, prevention is better than cure. But with when it comes to data security this is easier said than done. Carefree attitudes towards protecting data – coupled with the blending of our work and personal information on devices, an actively mobile workforce, and the growing use of cloud services, has seen traditional network perimeters dissolve and data visibility diminish. It has never been more important for organisations to take a security approach that can unpick the normal rhythm of users’ behavior alongside the flow of data in and out of an organisation to aid the identification of and response to risks in real-time. And with the introduction of the Notifiable Data Breaches scheme, there is an even greater incentive to take this issue as seriously as is required.