June 14, 2022 By Andy Saker 2 min read

In a recent podcast from England Rugby Union coach Eddie Jones, he made reference to the adage about trying to be “world-class at things that require zero effort.”

Relating that adage to the work environment, people can become world-class in some ways that require ‘zero effort’:

  • Being on time for online meetings
  • Paying attention during meetings
  • Looking at the person you’re speaking to instead of looking at your phone
  • Being polite
  • Tidying up after yourself when you leave a desk

Most people know about cyber hygiene best practices, but they often ignore them. The question is, how do we make people become world-class at them? That way, they become zero-effort activities people include in work and personal online lives.

Breaking bad cyber hygiene habits

In a Harvard Business Review article, Dante Disparte and Chris Furlow explained how cyber hygiene training can help improve cybersecurity at work. With any cyber threat, “the first and last line of defense is prepared leaders and employees.”

They argue that untrained people are every bit as dangerous as malicious code to the organization. With people being a potential problem for cybersecurity, how do we go about changing that?

Another key to cybersecurity is fixing your employees’ bad habits. In another Harvard Business Review article, Alex Blau writes: “One lament that echos in information security circles is that we’re not doing enough to deal with cybersecurity’s biggest, most persistent threat — human behavior.”

People will delay or push back tasks that may be critical to cyber hygiene. Blau observes that people will delay updating software and use similar passwords with the excuse that they don’t have time to practice cyber hygiene. As a result, the ‘better time’ to update software and take other cyber hygiene steps may never come along.

Learning to make big changes with little effort

Some cyber hygiene best practices include:

The U.K National Cyber Security Centre provides good cyber hygiene advice for individuals and businesses in its 10 Steps to Cyber Security guidance. This advice provides a good understanding of cyber hygiene both at work and at home.

Cyber hygiene as a team

Can we make adhering to cyber hygiene and best practices something that becomes ‘zero effort’ for all of us? Most people now spend their lives online during work and at home. So, protecting ourselves and the organizations we work for should become second nature.

Blau comments that “people have a tendency to look toward other people, especially those who are similar to them, to learn how to act.”

If we demonstrate them to colleagues, friends and family, these zero-effort activities will go a long way toward making the world a safer place. We should all try and become world-class at cyber hygiene.

More from Risk Management

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today