In the world of information security, we often talk about sophisticated firewalls, complex encryption, and advanced threat detection. However, a recent event involving a French aircraft carrier serves as a stark reminder that even the most high-tech defences can be undermined by the simplest of human habits.
A 35-Minute Run with Global Consequences
Reports recently emerged that a French naval officer, while deployed on the aircraft carrier Charles de Gaulle, recorded a 35-minute run on his smartwatch. He then uploaded the activity to the popular fitness app, Strava. By doing so, he unintentionally created a digital map that broadcasted the precise location of the vessel to the world.
While the ship was operating near Cyprus, the data from this single run allowed observers to pinpoint the carrier’s position and even correlate it with satellite imagery. Despite strict guidelines and regular awareness briefings for sailors, one individual’s choice to use a personal tracking device bypassed the security protocols of an entire military strike group.
The Human Element: The Smallest Link
This incident highlights a fundamental truth in cyber security: your security posture is only as strong as your most distracted employee. You can spend millions on technical infrastructure, but if the people using that technology do not understand or follow best practices, the risk remains high.
In this case, it was not a failure of the ship’s radar or its defensive systems. It was a failure of the human element. This is not limited to the military; it happens in businesses every day. Whether it is an employee using an unauthorised app to share files or a staff member posting a photo of their new office pass on social media, personal habits frequently clash with organisational security.
Why Personal Tech is a Business Risk
Smartwatches, fitness trackers, and mobile phones are data-harvesting machines. While they offer great convenience and health benefits, they are also GPS beacons. For a business, this can lead to several risks:
- Leaking Executive Movements: Tracking apps can reveal the travel patterns or meeting locations of high-level executives.
- Exposing Sensitive Locations: If employees record workouts or commutes near confidential sites or new facilities, they could be revealing locations that are not yet public knowledge.
- Social Engineering: Data from these apps can provide hackers with personal details that make phishing attacks much more convincing.
Building a Culture of Security
The representative from the French Armed Forces noted that the officer’s behaviour did not comply with current guidelines. This suggests that the problem was not a lack of rules, but a lack of adherence to them.
To help mitigate these risks, businesses could consider:
- Regular, Engaging Training: Moving beyond simple “box-ticking” exercises to help staff truly understand the “why” behind security policies.
- Clear Policies on Personal Devices: Establishing clear boundaries for how personal technology should be used in professional or sensitive environments.
- Continuous Awareness: Keeping security at the forefront of employees’ minds through regular updates on current trends and real-world examples.
How Vertex Can Help
At Vertex, we believe that great cyber security is for everyone. Protecting an organisation requires a blend of technical expertise and a deep understanding of human behaviour. We provide tailored services, from penetration testing to employee awareness programs, designed to identify and strengthen the areas where your business might be vulnerable. The Vertex online Cyber Security Employee Awareness program has received feedback from clients that it is the best online cyber awareness training they have used!
If you are concerned about how the habits of your team might be impacting your security, or if you would like to improve your organisation’s resilience against modern threats, contact the expert team at Vertex today.