When you join a gym with the goal of improving your fitness, you usually don’t sign up for training that will take up your entire day, every day. Typically you commit to 30-60 minutes a few days a week and recognise that this approach will help you to slowly build strength over time.
In the early days, you may be more likely to be injured as you flex muscles you forgot you even had, but over time your resilience to injury grows, and something that would have caused significant pain at first becomes simply a small twinge. Not only that, but as your strength grows so does your confidence, and pretty soon you find yourself doing all sorts of activities you never thought you would be capable of.
This same approach will work when it comes to building your resilience towards data breaches and other cyber attacks at work.
When your schedule is already full of tasks, you can’t afford to take days out of your month to write policies, change procedures and install new technology tools to help you deal with the risk of falling victim to an attack. And it can’t all be outsourced to IT either, as there are plenty of cyber risks that are related to general business practices, not just technology. The answer instead is to start taking incremental steps to improve each week to build up your cyber fitness and resilience over time — just like with your physical fitness.
Take passwords as an example. You and your colleagues will all have heaps of passwords you are expected to remember for all of the systems you access. You may have systems that require you to share passwords with others. You probably need to access these different systems several times a day, so you need to be able to get in quick and not wait around trying to remember your login details. For all of these reasons and more, the easy solution is to simply use the same, easy-to-remember password across multiple systems and accounts. But this approach has been proven time and time again to be weak and leave you vulnerable.
So how do you strengthen your passwords without killing your productivity while you sort out the mess?
Break it down into simple steps.
Start with the systems you simply cannot do without and that contain sensitive and confidential information.
Your email account would be the perfect starting point. Change that password to a completely new one you’ve never used anywhere else. Make sure it’s long and includes capital letters, symbols and numbers. That’s all you need to do on day one.
Next week look into buying a password manager to store your passwords and help you manage and share different ones on each account securely.
The following week you might turn on two-factor authentication.
By taking small steps each week you are building your cyber fitness without killing your ability to do your job and get on with life.
The most important thing when it comes to building cyber fitness and improving your resilience to threats is to start doing something, anything, to improve. If you approach your cybersecurity like you do your personal fitness, you’ll be able to look back in a years time with pride, knowing your business is stronger than ever, and you are better prepared to embrace the digital world we live in.