A sailor on the French aircraft carrier Charles de Gaulle went for a morning jog on deck and synced his smartwatch to Strava when he was done. Within days, Le Monde had matched the GPS data to satellite imagery and published the carrier’s exact position — 100 kilometers off the coast of Turkey, heading toward the Middle East with its full strike group.

He wasn’t leaking classified information. He was doing what millions of people do after a workout.

 

When Routine Becomes Exposure

This wasn’t the first time fitness data revealed military positions. In 2018, Strava’s global heatmap exposed the locations of U.S. military bases in Afghanistan and Syria — because soldiers were tracking their jogs around base perimeters. The Pentagon launched a full review of fitness tracking technology in response.

Eight years later, the same thing happened again. Different country, different ship, same human habit.

The exposure didn’t come from a security failure or a technical breach. It came from a habit so ordinary that no one thought to question it.

 

It’s Not Just Fitness Apps

The Charles de Gaulle story made headlines because it involved an aircraft carrier. But the same dynamic plays out quietly in organizations everywhere, every day.

A child borrows a work laptop for homework and clicks a link from a game site. A team member posts a selfie from the office with a whiteboard visible in the background. Someone forwards a work message to the wrong WhatsApp group.

Our personal and professional lives don’t just overlap — they’re woven together. But most security frameworks still treat them as separate worlds.

 

The Moments That Don’t Feel Like Security

Security training teaches people to be careful at work — use strong passwords, watch for phishing, don’t share sensitive files. But it rarely addresses the moments where work and personal life collide. The sailor syncing his watch wasn’t at work in his mind. He was finishing a run. The parent handing over a laptop wasn’t making a security decision. They were helping their kid with homework.

That’s the blind spot. People know how to be cautious when they feel like they’re “doing security.” But most exposure happens in moments that don’t feel like security at all.

 

Security That Follows People Home

The answer isn’t surveillance, and it isn’t banning personal devices or personal apps. That’s neither realistic nor respectful.

The answer is expanding what people understand security to mean. Right now, most employees think about cybersecurity as something that happens at work — a set of rules to follow between 9 and 5. But the risks don’t stop when the workday ends. They follow people to the hotel WiFi, to the family tablet, to the running path on the deck of a ship.

When security awareness helps people protect their whole lives — not just their work accounts — something shifts. It stops feeling like a corporate obligation and starts feeling like something genuinely useful. People don’t resist protecting their families. They resist compliance checklists.

An aircraft carrier is one of the most protected assets on earth. It took a morning jog to expose it. Your employees have the same apps on their phones.

This article was written by Cywareness, a company specializing in cybersecurity awareness.

As part of its mission, Cywareness continues to monitor emerging trends, analyze real-world attacks, and share practical insights to help organizations stay ahead in today’s evolving threat landscape.