Cracking simple and common passwords, such as ‘123456’ or ‘password’ literally takes less than a second. With the prevalence of such passwords, it is no surprise that this has become one of the most common ways for hackers to gain access to your digital assets.
This is important for you, as a business leader or a remote worker, because such methods easily pave the way for identity theft, financial fraud and data breaches. This is especially true, if you are working with a geographically dispersed team or network of clients. That’s why the basic requirements for password security have become so widespread:
While important, this traditional sequence of advice tends to be counterproductive in achieving sustainable password security and effective behavioural change.
Why? Consider this: Almost every large organisation routinely requires their employees to change their passwords. Employees, whose main tasks and competence may be connected to human resources, marketing, project management etc. Naturally, what these employees do not focus on among their daily responsibilities is cybersecurity. When this time of the updating cycle comes around, they are presented with the same requirements.
Without effective training, these employees are therefore also likely to be lacking the acknowledgement of the actual impact of password security. This means that due to the inconvenience that yet another routine password change creates:
So when it comes down to the statement, “humans are the weakest link in cybersecurity” - password management is one of the most relevant examples of its application, especially when it comes to remote work. Our online accounts hold more critical data about us than ever before. And if the keys to this data are weak or easily hacked - so is your identity, financial details and much more.
Advice that works
As a business leader, you may therefore ask - if the traditional guidelines for password security do not work, what does? Perhaps we should reorder this advice. Instead of making your team reset their password every 3 months, let’s make the overarching goal: creating a sustainable password management system.
By today, we have a great selection of password management software to choose from. This software enables encrypted and secure password storage, effective methods for access sharing as well as helps you generate secure passwords in accordance to proven requirements. An effective system benefits you and your business by:
For practical password management tools and a list of trusted online providers, check here what suits your needs best:
Risks to acknowledge and dodge
As awareness around password security increases, it is logical that browsers and other online tools are trying to catch up, integrating and simplifying user experience. You may have noticed that many browsers are now suggesting secure passwords and their storage upon a new password setup.
This seems like a modern and definitely comfortable solution. But browser-based password storage comes with its risks and we would not recommend this approach.
The reason behind this is the following: If you opt in for browser-based password storage, your browser will store a database of your login information. This database is often unencrypted. If a hacker were to gain access to your computer or your browser - which is easier than you may think - they have access to ALL your logins at once.
If you opt for the option of encrypted password storage on your computer, your passwords would be encrypted and protected by your chosen master password and inaccessible by your browser.
For step-by-step guidelines on how to remove passwords from your browser, check out this resource by University of Iowa.
Make it a team effort
When it comes to business security, password management has to be a team-wide effort - even, and perhaps especially, if your team is working remotely. A personal password management system is easy to achieve - it only requires your own will and subsequent behavioural change. But if only a few members of a team follow effective guidelines, the security of your business is still at risk.
Cybersecurity is often seen as a luxury topic. Commonly, it tends to become a priority when an attack or “close call” has already taken place. All we can say to that, is we suggest you make it a priority ASAP. After the initial time investment, you will be left with an effective password management system that will also help you save time in the future.
As much as possible, especially in SMEs and other small teams, this system setup should include the whole team. We recommend setting up an hour-long meeting time with your team in the near future to go through the initial setup process - from acquiring the software to agreeing on basic principles and a personalised password update process.
No doubt this requires behavioural changes and therefore a little bit of commitment, but the resulting security is worth it. If you’re looking for more actionable advice on creating a sustainable password management system and perhaps a step-by-step guide, check out Day 2 of the free Cyberpower Challenge here for more information.
Once you’re ready to take the next steps to upgrade your cybersecurity, check out our other offerings on the Cyberpower Academy and stay tuned for our upcoming course on Assembling Your Cybersecurity Toolbox.
As cloud computing is now the new norm for enterprise IT, SME owners and their networked teams have to strategise in order to win their journey to the cloud. As Gregor Petri, Vice President Analyst at Gartner has noted, CIOs must develop a formal strategy to assist placing individual cloud decisions in the context of the company’s strategic goals.
But often, the benefits and costs combined with the immense pressure to jump on the cloud bandwagon are outweighed by the security challenges involved in migrating customer's private data to the cloud. With the global shifts we are seeing now, moving to the cloud is however becoming increasingly vital.
Another less-talked about but much greater challenge exists however, in mindset. Organisations migrating to the cloud have a tendency to focus on the technical with complete disregard for the culture of the organisation.
The Dark Side of the Cloud
Let's take a step back and review the traditional advantages of migration to the cloud: easy access to updates, scalability, significant reduction in time and cost, automatic downloads, and process optimisation. Not to mention the consequences involved if enterprises choose to remain 'on premise': higher cost, lack of agility, and being perceived as lacking innovation.
Then there’s the double-edged sword: there are many customers, who don’t trust organisations which move their data to the cloud. At the same time, agile customers demand fast and innovative services and don’t care if their data sits in the cloud or not.
How can the Migration to the Cloud be Both Smooth for SME Leaders and Satisfy Customers?
To answer this question, I would first pose the question: What do we mean when we talk about the importance of culture of an organisation? From my experience working with enterprises and startups, I would describe it as the human factor, a dynamic process created and recreated by interactions amongst and between leaders and their networked teams, including employees and freelancers and, specifically the trust between the different parties. Migrating to the cloud involves trust not only in interfacing data and networked teams but also trust between all of the employees within an organisation.
The challenges related to trust in the journey to the cloud might include:
Beyond the listed challenges, neglecting the necessary organisational transformation by not taking into consideration the mindset of the employees and management can cause massive delays, which in turn, result in an increase in cost and a huge risk to the reputation of the decision-makers.
Ensuring a Successful Journey with Change Enablement
So, how do you ensure your organisation's successful journey to the cloud? The answer lies in change enablement, which essentially, is enabling your enterprise, its networked team and management, to adapt their work behaviour in order to adopt new ways of working.
Many have privately lamented to me: “migrating to the cloud is so complex and daunting for us and the team, we would not even know where to begin." The reason for this is a lack of change enablement within the organisation which starts well before adopting new technology to your enterprise. Change enablement continuously assists your organisation by constantly defining more efficient ways of working and in proving the value the migration will bring to your team.
For instance, if an organisation wanted to encourage the adoption of a new cloud service, it might first communicate the purpose and benefits of the cloud service to its networked teams and management through internal project marketing. It might then pursue training and further education with the people development team and only then develop an external communication strategy with the assistance of its marketing team. On the technical side, it would develop a Proof of Concept (PoC), which would outline the advantages of the migration to the technical team and gain buy-in from decision-makers.
To ensure success in adoption of any new cloud project, decision-makers must be organised and communicate their needs effectively with their team. Here is a quick preparation list for decision-makers to keep in mind when collaborating with the change specialist:
Understanding the Impact of Cloudification on Processes
Remember that at the end of the day, the technical IT project is merely the vehicle of your digitalisation journey. Before delving into the technical details needed to pursue the migration, you should develop a Proof of Concept (PoC). PoCs are typically implemented in one business unit or in one geographic region to illustrate the advantages of the journey in a low-risk way, to learn from the experience, and to gain the necessary buy-in from decision-makers as well as disseminate the message across the organisation.
Think of it as a way to harvest low-hanging fruits after the implementation of the project.
The PoC should include documentation on the impact of current processes and tools, describe the interfaces between IT functions, the impact on operations, governance and sourcing, and define the billing and cost distribution model. Providers must also present documentation that meets the industry standards. In contrast, most providers' platform-driven business models only offer high-level hyperlinked pieces of information on compliance required by the decision-makers in the legal departments of enterprises for a thumb-up to migrate to the cloud. In the highly regulated financial services industry FSI, for example, the fragmented style of presentation of much needed legal details is insufficient.
Cybersecurity + Privacy = Cybercapacity
Change enablement also requires tackling some underlying obstacles of many organisations - a smaller cybercapacity. Chief Information Security Officers, or CISOs, have often disclosed to me that many employees are even unaware if the software they use is hosted in the cloud or on premise. That’s a concern that spans issues involved in cybersecurity and privacy.
Migrating to the cloud requires that enterprises build capabilities to mitigate cyberrisk caused by human behaviour, as well as reducing opportunities for cybercriminals to exploit human weaknesses. Raised awareness of our own behaviours as well as our own superior cybersecurity and privacy should be an integral element of the workplace culture.
This includes a change in mindset on cybersecurity and on privacy – in essence the development of your organisation’s cybercapacity. You’ll need to analyse the skill gap, develop an employee training plan to meet this gap, and identify relevant skills for becoming cybercapable.
Transforming into a Cybercapable Organisation
Transformation of the workplace culture is vital for a successful journey to the cloud. It all starts with change enablement and empowering your networked team employees to adopt new ways of working. Gaining buy-in from decision-makers through internal communications and a PoC is key. When your organisation is successful in empowering change in the culture, you’ll be able to enjoy the many benefits of cloud migration while minimising – if not fully eliminating – its dark side and thereby maximising the bright side.
Looking for personalised guidance on increasing your company’s cybercapacity or aligning your communication with your company’s brand identity?
or check out the
to get ahead!
One of the biggest advantages of working remotely is the unprecedented amount of freedom. You can work from almost anywhere that you are able to take a laptop or digital device. The world is truly your workplace. But with this freedom comes greater responsibility for the cybersecurity of your business and the privacy of your customers.
In the post-digital age, with more than 1 billion data breaches in 2018, we’ve seen that the technology-only cybersecurity solution provider has clearly failed.
So then how can remote workers ensure that their business is protected at all times against data breaches and guard the privacy of their customers? And how can team leaders ensure that their remotely working team has the necessary capabilities for a secure workflow?
Human Behaviour as the Weakest Link
At the end of the day, it’s not technology that can be blamed; it’s human behaviour. We are the weakest link in this game. The upside to this is that as an individual, there are data and privacy strategies that include daily actions and behaviour entirely within your control. These will allow you to reclaim your cyberstrength and boost your cyberpower while ensuring your customers and team that they can trust you with their data and information.
Here are a few of these behaviours you can easily implement for your business:
Staying Safe and Secure while Going Remote
For remote workers and solopreneurs, digital safety and security on-the-go is of utmost importance. Here are a few tips for ensuring safety whenever you are on-the-go:
Reclaim Your Cyberstrength and Boost Your Cyberpower
Combining tech solutions with adjustments in human behaviour are the most effective ways to safeguard your business. Ultimately, the data and privacy strategies you choose as the head of cybersecurity of your business are your choice and your sole responsibility. Develop the cyber self-awareness you need to become resilient to attacks or data breaches, and you’ll have greater trust from your customers that their data is safe wherever you are in the world and no matter what the circumstance.
To support these choices and the required behavioural change, our Cyberpower Academy invites you to accept the free Cyberpower Challenge! Six days, six cyber behavioural changes, all for less than a 30-minute time commitment per day.
Growing your business in the modern digital economy is an exciting task. You have a lot of freedom to select from a vast pool of talent offering their expertise on remote work platforms or through your network.
With effective and established onboard and offboarding best practices, these freelancers make a significant contribution to the success of your business. Onboarding is not solely about getting a freelancer started on a project. It’s also about connecting freelancers with your brand, culture, and connecting them with the team which helps them feel valued from the beginning.
Freelancers face a challenging balance of delivering a valuable work product, while working independently as an outsider. When they get out of sync, errors may increase and project results may suffer. A strong onboarding process, an understanding of your company values, and clear guidelines helps keep them in sync from day one.
Making the collaboration a success requires you to have an understanding of the components that make up your interaction with the freelancer. On a general level, these could be categorised under: your business, your project and your cybercapacity.
This category entails providing a comprehensive introduction to your brand and company culture. Taking the time to connect the freelancer with the team ensures that they are prepared to work in sync and feel like they are providing value within a larger collective, despite the physical distance.
Ensure that the freelancers you hire do not put your valuable client data at risk. Especially as you have worked hard to build and radiate digital trust - to win clients and develop a competitive advantage. One way to do that is through the establishment of a privacy-first culture, which we go more in depth with in our previous article.
Help the freelancer get up to speed faster and understand expectations by providing project documentation that shows the scope, research, and other relevant information. This aligns your visions and helps the freelancer ask clarifying questions before diving in. In addition to project background documentation, you may consider including:
You may want to give the freelancer a list of programmes and applications, so they can make time to familiarise themselves. While considering access, ask yourself:
Whilst independent professionals provide and use their own tools to do their work, they may need access to company systems for situations like delivering assignments or receiving project-related information. Ensure that you have checklists of any systems, applications, and programmes they may need to access like VPN or a company file sharing system. Use these to check how familiar the freelancer is with a programme and the connected compliance, also for applications used widely across industries.
In addition, it is important to explain the offboarding process and connected responsibilities already in the onboarding process.
Cybercapacity can be viewed as the umbrella covering all the components you need to safeguard your business in cyberspace. The capacity-building components underneath this umbrella can be divided into two: cybersecurity and privacy (which we go into greater depth here).
For now, when it comes specifically to your onboarding practices, ensure that you have the necessary Data Processing Agreements (DPAs) in place, updated, and signed.
A data processing agreement is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data. DPAs are required for GDPR compliance, but they also give you the assurance that the data processor is qualified and capable, platforms and freelancers alike.
A data processor is another company you use to help you store, analyse, or communicate personal information. For example, if you are a health insurance company and you share information about clients via encrypted email, then that encrypted email service is a data processor. Or if you use a platform, e.g. Upwork, Fiverr to hire talent, this platform would also be a data processor.
But what should be included in a data processing agreement? In summary, here’s what you need. For details see GDPR Article 28, Section 3.
These important points take us straight to the offboarding process.
A standardised offboarding process helps you leave a professional impression and creates a sense of completion once your collaboration with a freelancer is finished. The offboarding process is closely linked to onboarding and thereby also touches upon the three collaboration components outlined above: your business, your project and your cybercapacity.
A well-organised approach helps your business as a whole in several ways:
In the hyperconnected world of today, the points above eventually impact any future collaboration you may have. Leaving a lasting impression to your freelancer means you are encouraging positive word to spread about your business. In order to achieve this, during the offboarding process, begin by focusing on the primary framework of interaction with the freelancer - your project.
As we outlined above, the onboarding process is closely related to offboarding. It is therefore useful to revisit the onboarding activities and the initially provided project documentation. Did you meet the goals you established at the beginning of the project? What were the lessons learned? And what was the value produced? Listen attentively to the freelancer’s point of view, to understand what impressions they are walking away with.
In order to leave a lasting impression and effectively wrap up the project from beginning to end, it is important to approach the freelancer as a valued part of your core team at all stages of the collaboration.
Lastly, to finalise your collaboration from a technical point of view, revisit the checklist of systems, applications and third-party providers that you worked with in the beginning, in order to ensure that:
Furthermore, make sure that your offboarding process includes compliance steps in line with your country and industry. In case of COBRA non-compliance in the US, for example, the company and the employee/ independent contractor participating in the group health plan/ COBRA Administrator personally could be otherwise facing a cost up to $500,000.
We went into greater detail with the technical elements of the onboarding and offboarding process in our recent webinar and Q&A on June 18. If you want to learn more, listen to the recording by clicking the button below.
The world of work is changing alongside the modes and formats of collaboration. In order to stay on top of these changes and effectively tap into the vast and increasingly more mobile pool of talent, invest time into establishing well-structured onboard and offboarding practices that make sense for your business.
The C19 lockdown has underscored the struggle many business leaders have with their cybercapacity. The pandemic impacted everyone’s life and businesses faced abrupt transition to cyberspace only, to which only a few were prepared properly. This is the perfect time for you as a business leader and your networked teams to align your digital identity management consisting of measures and behaviours.
Whilst the technical capabilities do reduce your business risk, they still require your leadership skills for the investment to turn into a competitive advantage.
Your teams’ displayed identity behaviours will finally help you turn around potential risks to become business benefits. This mindset must become the guiding principle across the value chain of your business. Let us deconstruct what we mean by your team’s identity behaviours. If your networked team has been working remotely or is starting only now, how does identity come through in digital collaboration? If your business is more or less mobile, what then, is your digital identity based on? Most importantly, how can you leverage your digital identity in the future of work?
Evolving from a Personality-based to an Identity-based Approach
Many organisations use personality assessments to recognise, hire and motivate their workforce. Developed in the latter half of the 20th century, this personality-based approach is believed to be closely linked to an individual’s expected professional performance. Personalities are based on psychological and cognitive factors and regarded as permanent.
But what if, as we believe, identity not only describes who we are, but is constantly in motion. As a construct, it is made up of both non-changeable aspects as well as elements that develop as time goes on. Developed at the beginning of the digital era, an identity-based approach stems from the idea that people shape an organisation, and an individual’s identity is developed through social interaction and interpersonal relationships among other members of the organisation.
Key differences in the concepts of personality tools and identity creation:
Building Your Privacy First Culture on an Identity-based Approach
Leading a business, you are ultimately responsible for proactively defining your identity and brand.
Unconstrained by management or the personality-based assessments of the human resources department idiosyncratic for larger organisations, you shape your privacy first culture based on digital identity. How then, can you shape and influence it to work in your favour?
Your behaviour-centric digital identity is dependent on a number of factors:
Your multi-faceted identity is also context-dependent. Individuals tend to emphasise different parts of their identity for example at home, surrounded by family, in comparison to work, where they are surrounded by their team. This therefore also extends to the way you exhibit yourself to your prospective clients, which will subsequently have an effect on your portfolio in the near future.
A significant advantage of this identity-based approach is its ability to recognise the individual’s entire self. As the highest level of Maslow’s hierarchy of needs, this type of self-actualisation would stimulate higher motivation in any remote worker and lead to greater productivity.
Integrating identity with privacy measures and capabilities
Three years ago, it was predicted that remote work will become the standard operating mode for at least 50% of the U.S. population by 2020. By now, it is clear that these numbers are likely to be much higher with the behavioural shifts that are taking place as a result of Covid-19. The world we are now entering, with even greater connectivity than first anticipated, requires the integration of your technical capabilities with your core identity. This combination establishes the foundation for a privacy-first culture.
Establishing a privacy-first culture is a reciprocal process among leaders and teams. Culture is not automatically built - it is enacted through people’s identity, specifically, when it comes to remote teams. So what can leaders do to create and sustain a privacy-first culture from afar? It starts with digital trust. It takes an intentional and continuous effort to role-model and foster cybersavvy behaviours to build and maintain digital trust among the team and with clients.
With the increase in remote work and shifting working habits, now is a favourable time to learn and experiment how we can maximise productivity under new circumstances. An analysis of 225 million hours of work time showed that participants ranging from students to software developers and larger organisations who work with information (i.e. writer, developer, designer or manager) had an actual productivity of 12.5 hours a week. That’s almost 28 hours of non-productive time! Unfortunately, there exists a huge gap between the number of hours workers believe that they are productive versus the actual hours that they are productive.
What are the challenges we face when we try to maximise work productivity remotely, and more importantly, what are some best practices we can employ to make the most out of our workday? This post will offer a few suggestions.
Overcoming the Optimism Bias
Most people are overly optimistic when deciding how many tasks they can complete in a day. They neglect to take into consideration the amount of planning, communication and distractions that are part and parcel of any task. Psychologists have actually coined this thinking, the Planning Fallacy, which affects every type of planning from vacations to real estate projects. Programmers in particular have a similar law, Hofstadter’s law, which states that people have great difficulty accurately measuring the amount of time it takes to finish complex tasks.
There are a few ways to overcome this optimism bias. First, tasks must be broken down into smaller chunks, estimating how much time each smaller task will take. For example, if your goal for the week is to finish writing an ebook of 5,000 words, you should consider first how long research and the completion of an outline will take. To make your work even more productive, have a plan in place for when there is a distraction or a setback. For instance, if the research for your ebook takes twice as long as you thought, you’ll need to eliminate a meeting discussing the project. Researchers have found that having a plan in place for completing projects ahead of time discourages procrastination and inspires them to get started as soon as possible
Eliminate Distractions and Put a System in Place
Beyond being too optimistic, many workers don’t maximise their work hours. Emails, phone calls, text messages, and chats with co-workers are only a few of the many distractions remote workers, digital nomads and solopreneurs will face on any given day. It can take a lot of concentration and willpower to fully eliminate these distractions and focus on the task at hand.
In response to this dilemma many workers face, the Pomodoro Technique was developed as a time management method, which has workers focus for a full, uninterrupted 25 minutes on any given task. Any thoughts of future or additional tasks should be written down quickly on a piece of paper, allowing the worker to continue on the task at hand. After the Pomodoro session is completed, the worker takes a break; after 4 sessions a longer break is encouraged. The exercise can increase the time spent focused on tasks, allowing you to complete more during a Pomodoro and a more accurate estimate of how long future tasks will take.
Here are a few additional tips for maximising productivity:
Measuring Productivity to Achieve and Surpass Your Goal
If you want to increase your work productivity, start tracking how you organise your week digitally or on paper. Do this for 3-4 weeks; the result will be a real eye-opener. From the time that you have tracked, decide what tasks you would need to accomplish in order to be productive in those 12.5 hours of actual productive work hours. Make sure you are realistic about what you can achieve in that timeframe, scheduling time for tasks such as networking, travel time, administrative duties, and of course taking care of your overall well-being.
Once you review your goals, start tracking again and do you best to achieve those goals. And when you do, be sure to celebrate your success!
Ensuring Safe Remote Work: Online Tools for the Current Circumstances of Higher Cybersecurity and Privacy Risks
Within the course of a week, COVID-19 has driven most of the world to self-isolation and triggered a massive shift to remote work. With the C-19 virus spreading, more companies, SMEs and solopreneurs are faced with the unprecedented challenge of rapidly reorganising their work to protect the well-being of their staff, while remaining as operational as possible.
Changes have been abrupt, and the air is thick with uncertainty. Yet impressive communal perseverance and cooperation has allowed the public and private sector to keep functioning to the best of their abilities while adhering to official guidelines. This wave of online reorganisation equally encompasses schools, governments, local voluntary groups, sport teams, artists and conferences due to happen in the next couple of months.
The vast choice of online tools is indeed allowing us to prevent a defeated halt to daily progress and keep connected during the ongoing crisis. Fostering remote work is certainly a necessary measure to stop the spread of C-19. Nonetheless, it is also now more important than ever to pay attention to the heightened cybersecurity and privacy risk we might miss while our full attention is channelled to our physical health.
Don’t compromise your privacy for productivity
The decision on provider selection for remote working needs to be made wisely. Many providers harvest your data to keep an eye on user behaviour and monetise the results for their gain. Unfortunately, some culprits include the tools that most gravitate towards: WhatsApp and Zoom.
The popular messaging app grabs mobile numbers, sources your contacts, shares user data with Facebook, harvests metadata and uses it in a massive ad ecosystem. Zoom, the go-to video conferencing tool, raises some questions with regard to workers’ privacy such as the recording and storage of meetings and the platform’s exact utilisation of users’ personal data.
We fully understand that is not easy to switch to a different provider. All we can do is encourage to role-model good cybersavvy behaviour and make this important step a priority. To make it easier, we have provided a list of better solutions for your consideration.
Better alternative solutions
Private search engines do not track your searches nor store your queries and they give you the freedom to control your personal data. All of this is especially important at a time when our online activity and information searching is bound to rise. A few trusted options we would encourage to explore:
How to keep two feet on the ground, remain calm and make informed decisions?
Stay safe – in both the physical and virtual sense of the term!
In the first six months of 2019 alone, 4.1 billion records were exposed due to data breaches. SME leaders and solopreneurs often find comfort in the false assumption that they are too small to be on the radar of the hackers behind these numbers. The reality, however, is that it is not about the size of your business. What makes one a potential target, is the likelihood of a weaker cybercapacity that results precisely from the assumption that company size determines your significance as a potential target.
Hackers attack approximately every 39 seconds
and on average 2,244 times a day
According to the University of Maryland, hackers attack approximately every 39 seconds and on average 2,244 times a day. As data breaches are on the rise, so is the likelihood of more companies and more users being affected. While the constant news coverage has by now led to a seeming point of desensitisation, it is crucial to understand the consequences that cyberweakness and compromised data can have.
For suffering a hack or a data breach, companies could face fines up to 4% of their annual turnover or max. EUR 20 million, whichever is higher, according to the GDPR, whilst users’ personal data can bring profit to hackers in various ways. From the duplication of credit cards to using personal information for identity theft or blackmail, being a victim can have devastating financial, reputational, and personal repercussions. It is therefore more important than ever to increase your cybercapacity by combining best practices from cyberbehaviour and technology.
With the freedom of being able to work from anywhere in the world comes the responsibility to build a digital, on-the-go workspace that is conducive to cybersecurity and privacy. But with enough daily to-dos arising from simply running your business, obstacles may arise from the simple departing point of any change in human behaviour: where to begin?
Cybercapacity as the foundation of trust
As with any task, we can start by taking it apart to create actionable steps forward. Cybercapacity can be viewed as the umbrella covering all the components you need to safeguard your business in cyberspace. The capacity-building components underneath this umbrella can be divided into two: cybersecurity and privacy. Although often conflated, these two concepts are fundamentally different. We’ve found the following parallel useful to understand the distinction: installing iron bars across your window will increase security but not your privacy; adding curtains will also take care of the latter.
Solopreneurs and SME leaders have the privilege and responsibility to establish a digital workplace culture that encompasses key principles of cybersecurity and privacy. The commitment to building your cybercapacity is not solely about protecting your business. By instilling these practices, you are also building a trustworthy brand, which can secure a long-lasting competitive advantage. Consistency in displaying safe cyberbehaviour will additionally make you a role model for your partners and clients. The established truth that a network is only as secure as its components also applies to remote teams and business interactions. Setting an example to your business network is therefore vital on the pursuit of reaching greater cyberpower.
First steps towards best practice in cybersecurity
Cybersecurity is defined as the protection of data from any unauthorised online access. Information security further expands this definition to include the protection of data from any kind of unauthorised access. Securing your data and the data of your customers ensures the protection, durability and resilience of your business from any external interference that could have devastating consequences. Some examples from best practice in cybersecurity include:
It often escapes us that cybersecurity extends from the digital realm to the physical world. Serious incidents, such as theft or losing your devices during travel, are the things you think will never happen to you… until they do. Awareness combined with preparation can go a long way in ensuring the fastest possible recovery with the smallest amount of damage in the wake of such events. Some practical ideas to keep in mind:
Establishing a reliable privacy culture
The idea that data has become the new currency is consolidating itself alongside all the threats it entails. Data protection involves an understanding of the data you are responsible for and the legal requirements you should follow to ensure its safe handling. The General Data Protection Regulation (GDPR) provides a useful framework to consolidate a culture of privacy that places data protection at its heart.
Data mapping comes first
Two years since the implementation of the GDPR, we are becoming used to seeing privacy and cookie policies on most sites we visit. Nonetheless, privacy compliance extends deeper than that. We can think of it as an iceberg – there are things below the surface that we don’t see but that determine the nature of the mass as a whole.
The visible surface is an indication of being trustworthy and what lies underneath determines that the reality lives up to the façade. Following these guidelines is not only a requirement of compliance. It should not be viewed as a mere legal nuisance but as an opportunity for consolidating your brand around principles of digital trust, adding to the long-term durability of your business.
Cybersavviness as an evolving skill
The more digital our work, societies and interactions become, the more important it is to incorporate secure practices into our daily habits and workflow. Cybersavviness is a constantly evolving skill. It starts with nailing down the basics and continues by building on this foundation. As general cyberawareness keeps growing, it has also become a genuine chance to ensure a long-lasting competitive advantage through establishing digital trust. Improving your cyber capabilities and involving your clients, partners and contractors in the process is an essential investment in yourself and the resilience of your business network.
The great news is that you are not left in the dark!
You can sign up for the free ‘Quick-start Your Cyberpower’ online course to guide you in making the first steps or grab a copy of the Cyberpower eBook, which provides concrete and comprehensive guidance on safeguarding your digital workspace with ease.
One of the biggest advantages of working as a digital nomad or solopreneur is the unprecedented amount of freedom. You can work from almost anywhere that you are able to take a laptop or digital device. The world is truly your workplace. But with this freedom comes greater responsibility for the cybersecurity of your business and the privacy of your customers.
In the post-digital age, with more than 1 billion data breaches in 2018, we’ve seen that the technology-only cybersecurity solution provider has clearly failed.
So then how can remote workers ensure that their business is protected at all times against data breaches and guard the privacy of their customers?
Human Behaviour as the Weakest Link
At the end of the day, it’s not technology that can be blamed; it’s human behaviour. We are the weakest link in this game. The upside to this is that as a brand of one, there are data and privacy strategies that include daily actions and behaviour entirely within your control. These will allow you to reclaim your cyberstrength and boost your cyberpower while ensuring your customers that they can trust you with their data and information.
Here are a few of these behaviours you can easily implement for your business:
Staying Safe and Secure on the Road
For digital nomads and solopreneurs, digital safety and security on the road is of utmost importance.
Here are a few tips for ensuring safety wherever you travel:
Reclaim Your Cyberstrength and Boost Your Cyberpower
As we’ve shown in the tips in this post, you can combine tech solutions with adjustments in human behaviour to safeguard your business and protect your brand. Ultimately, the data and privacy strategies you choose as the head of cybersecurity of your business are your choice and your sole responsibility. Develop the cyber self-awareness you need to become resilient to attacks or data breaches, and you’ll have greater trust from your customers that their data is safe wherever you are in the world and no matter what the circumstance.
In 2018, there were more than 1 billion people who had their data exposed, including ones from some of the best-known consumer brands such as the Marriott Hotel, Twitter and Firebase (a Google-owned development platform used by mobile developers). Over the past few years, we have learned the hard way that the question is not if, but when your business and customers will be attacked.
It makes sense then that one of the best ways to ensure your business continuity is to have a good backup and recovery plan in place. This should include every part of your business – from business processes and assets to human resources and business partners.
Taking Preventative Steps and Mitigating Damage
As far as your digital offering is concerned, it’s your responsibility to ensure safety and do the best you can to prevent privacy and security breaches to your users. Though the future might seem grim with regards to data breaches, there are still steps you can take to prevent damage – that as a small business can be easier to implement and maintain in contrast with larger organisations, like the ones you read about in the news.
Here are a few ways to mitigate the damage from an eventual attack:
Having a Recovery Plan in Place
Beyond your own device security, you’ll need to have a recovery plan prepared ahead of time.
Having a recovery plan should include several details:
Want to start implementing the necessary steps to ensure business continuity? Join the Cyberpower Academy for free!
Digital transformation strategist | Privacy advisor | Cyber anthropologist | Author