Prioritising privacy in the workplace
Digitisation is no longer a concept of the future, in today's world it is a reality for every worker no matter the industry and we encounter more of this digitisation process daily. With a heavier reliance on cloud computing, e-commerce, remote collaboration tools and countless other technologies there is now a vastly hybrid-based workforce.
Due to the extensive access to digital services consumers and businesses have available to them these days, it has become increasingly simple to lose track of just how much personal data is out there in cyberspace not only for users themselves but also for their respective organisations. These can lead to things such as addresses, dates of birth, banking details, photo ID, interests, preferences and other associates' personal information being shared around and stored more than ever.
Even when considering privacy policies, procedures and awareness campaigns, it can be increasingly difficult to implement these when working in a hybrid environment away from the office with many organisations and individuals remaining uninformed about good computing hygiene and security practices across the ANZ religion, you just need to look at CERT NZ’s annual report from last year to find this.
Even when an employee is aware of the company policies, this does not always mean they follow through with what is expected, especially in cases where they find themselves in the middle of a privacy incident.
Even though 90% of cybersecurity incidents involve human error, it is not to say the blame should fall fully on the employee. It has been regularly documented by several sources that appropriate training needs to be implemented to safeguard all possible sources, circumstances, and users from falling victim to such vulnerabilities and remaining vigilant in not only preventing potential breaches but also what to do should you find yourself in one.
Technology can only do so much to solve issues regarding cybersecurity. This means regular security awareness training needs to be mandatory and appropriate.
Training needs to be engaging – rather than sleep-inducing – to discourage employees from skipping or downplaying it.
Privacy awareness also needs to become part of organisational culture. This is evidenced in a report by ACA research showing that 20% of those who experienced a privacy incident did not report it. What is perhaps more sobering is that 10% of people who didn’t report a privacy incident said it was because they thought it would jeopardise their job, while 24% felt embarrassed.
Despite this report being from an Australian organisation, it is still important to consider what the culture surrounding privacy breaches and cyber security is like in your respective workplace.
For this reason, it is essential to establish a culture of collaboration, rather than punishment following a privacy breach and work actively at encouraging you and your organisation to be more cyber safe.