In the first six months of 2019 alone, 4.1 billion records were exposed due to data breaches. SME leaders and solopreneurs often find comfort in the false assumption that they are too small to be on the radar of the hackers behind these numbers. The reality, however, is that it is not about the size of your business. What makes one a potential target, is the likelihood of a weaker cybercapacity that results precisely from the assumption that company size determines your significance as a potential target.
According to the University of Maryland, hackers attack approximately every 39 seconds and on average 2,244 times a day. As data breaches are on the rise, so is the likelihood of more companies and more users being affected.
While the constant news coverage has by now led to a seeming point of desensitisation, it is crucial to understand the consequences that cyberweakness and compromised data can have.
For suffering a hack or a data breach, companies could face fines up to 4% of their annual turnover or max. EUR 20 million, whichever is higher, according to the GDPR, whilst users’ personal data can bring profit to hackers in various ways.
From the duplication of credit cards to using personal information for identity theft or blackmail, being a victim can have devastating financial, reputational, and personal repercussions. It is therefore more important than ever to increase your cybercapacity by combining best practices from cyberbehaviour and technology.
With the freedom of being able to work from anywhere in the world comes the responsibility to build a digital, on-the-go workspace that is conducive to cybersecurity and privacy. But with enough daily to-dos arising from simply running your business, obstacles may arise from the simple departing point of any change in human behaviour: where to begin?
Cybercapacity as the Foundation of Digital Trust
As with any task, we can start by taking it apart to create actionable steps forward. Cybercapacity can be viewed as the umbrella covering all the components you need to safeguard your business in cyberspace. The capacity-building components underneath this umbrella can be divided into two: cybersecurity and privacy.
Although often conflated, these two concepts are fundamentally different. We’ve found the following parallel useful to understand the distinction: installing iron bars across your window will increase security but not your privacy; adding curtains will also take care of the latter.
Solopreneurs and SMEs
Solopreneurs and SME leaders have the privilege and responsibility to establish a digital workplace culture that encompasses key principles of cybersecurity and privacy. The commitment to building your cybercapacity is not solely about protecting your business.
By instilling these practices, you are also building a trustworthy brand, which can secure a long-lasting competitive advantage. Consistency in displaying safe cyberbehaviour will additionally make you a role model for your partners and clients.
The established truth that a network is only as secure as its components also applies to remote teams and business interactions. Setting an example to your business network is therefore vital on the pursuit of reaching greater cyberpower.
First Steps Towards Cybersecurity Best Practice
Cybersecurity is defined as the protection of data from any unauthorised online access. Information security further expands this definition to include the protection of data from any kind of unauthorised access.
Securing your data and the data of your customers ensures the protection, durability and resilience of your business from any external interference that could have devastating consequences.
Some examples from best practice in cybersecurity include:
- Strong and unique passwords that are regularly updated and safely stored. Every digital user has heard it before, but if there is any moment to start taking this advice… it is now.
- Use a Virtual Private Network (VPN). Although public WiFi should be avoided as much as possible, remote working often leaves us no choice. Using a VPN will allow anonymous and secure web surfing, which keeps your customers’ data private and ensures its safety from cybercriminals and hackers.
- Minimise the amount of data you give to internet service providers (ISPs). In simple terms, if they don’t have it, they can’t leak it. Additional protection can be achieved by using HTTPS and choosing a VPN that does not log your online access.
It often escapes us that cybersecurity extends from the digital realm to the physical world. Serious incidents, such as theft or losing your devices during travel, are the things you think will never happen to you… until they do.
Awareness combined with preparation can go a long way in ensuring the fastest possible recovery with the smallest amount of damage in the wake of such events. Some practical ideas to keep in mind:
- Storing your devices safely at all times. The extra effort to ensure the safety of your devices when you leave your hotel room or go to the bathroom at a cafe, will go a long way in saving yourself from the potential financial and reputational costs in the case of theft.
- Encrypting your disks with access passwords and creating regular backups on either external drives or using cloud-based services. All of this will simultaneously ensure your own access in the case of an attack and decrease the likelihood of any unauthorised access attempts.
- Compiling a business continuity plan. Outlining your recovery action plan in the case of any adverse incident will help mitigate actual damages. It also provides you with a sense of control over the protection of your business.
Establishing a Reliable Privacy Culture for Digital Trust
The idea that data has become the new currency is consolidating itself alongside all the threats it entails. Data protection involves an understanding of the data you are responsible for and the legal requirements you should follow to ensure its safe handling. The General Data Protection Regulation (GDPR) provides a useful framework to consolidate a culture of privacy that places data protection at its heart.
Data mapping comes first
Two years since the implementation of the GDPR, we are becoming used to seeing privacy and cookie policies on most sites we visit. Nonetheless, privacy compliance extends deeper than that. We can think of it as an iceberg – there are things below the surface that we don’t see but that determine the nature of the mass as a whole.
- RoPA can be considered the master document for data processing. It usually takes the form of a spreadsheet and captures significant information such as data categories, the group of data subjects, the purpose of the processing and the data recipients.
- DPAs are legally binding contracts with your sub-processors, e.g. marketing automation providers, social media providers, productivity solution providers. These must be in place to ensure a mutual understanding around data processing.
- The initial data mapping provides clarity as to whether you need to conduct a Data Protection Impact Assessment (DPIA). The DPIA helps you identify where the processing is likely to result in a high risk to the rights and freedoms of the data subjects.
The visible surface is an indication of being trustworthy and what lies underneath determines that the reality lives up to the façade. Following these guidelines is not only a requirement of compliance. It should not be viewed as a mere legal nuisance but as an opportunity for consolidating your brand around principles of digital trust, adding to the long-term durability of your business.
Cybersavviness as an Evolving Skill
The more digital our work, societies and interactions become, the more important it is to incorporate secure practices into our daily habits and workflow. Cybersavviness is a constantly evolving skill. It starts with nailing down the basics and continues by building on this foundation.
As general cyberawareness keeps growing, it has also become a genuine chance to ensure a long-lasting competitive advantage through establishing digital trust. Improving your cyber capabilities and involving your clients, partners and contractors in the process is an essential investment in yourself and the resilience of your business network.
The great news is that you are not left in the dark!
You can sign up for the free ‘Cyberpower Challenge’, check out other Cyberpower Academy offerings or grab a copy of the Cyberpower eBook, which provides concrete and comprehensive guidance on safeguarding your digital workspace with ease.