In a recent podcast from England Rugby Union coach Eddie Jones, he made reference to the adage about trying to be “world-class at things that require zero effort.”    

Relating that adage to the work environment, people can become world-class in some ways that require ‘zero effort’:

  • Being on time for online meetings  
  • Paying attention during meetings
  • Looking at the person you’re speaking to instead of looking at your phone
  • Being polite
  • Tidying up after yourself when you leave a desk

Most people know about cyber hygiene best practices, but they often ignore them. The question is, how do we make people become world-class at them? That way, they become zero-effort activities people include in work and personal online lives.

Breaking Bad Cyber Hygiene Habits

In a Harvard Business Review article, Dante Disparte and Chris Furlow explained how cyber hygiene training can help improve cybersecurity at work. With any cyber threat, “the first and last line of defense is prepared leaders and employees.”

They argue that untrained people are every bit as dangerous as malicious code to the organization. With people being a potential problem for cybersecurity, how do we go about changing that? 

Another key to cybersecurity is fixing your employees’ bad habits. In another Harvard Business Review article, Alex Blau writes: “One lament that echos in information security circles is that we’re not doing enough to deal with cybersecurity’s biggest, most persistent threat — human behavior.”

People will delay or push back tasks that may be critical to cyber hygiene. Blau observes that people will delay updating software and use similar passwords with the excuse that they don’t have time to practice cyber hygiene. As a result, the ‘better time’ to update software and take other cyber hygiene steps may never come along.

Learning to Make Big Changes With Little Effort

Some cyber hygiene best practices include:

The U.K National Cyber Security Centre provides good cyber hygiene advice for individuals and businesses in its 10 Steps to Cyber Security guidance. This advice provides a good understanding of cyber hygiene both at work and at home.   

Cyber Hygiene as a Team 

Can we make adhering to cyber hygiene and best practices something that becomes ‘zero effort’ for all of us? Most people now spend their lives online during work and at home. So, protecting ourselves and the organizations we work for should become second nature

Blau comments that “people have a tendency to look toward other people, especially those who are similar to them, to learn how to act.”

If we demonstrate them to colleagues, friends and family, these zero-effort activities will go a long way toward making the world a safer place. We should all try and become world-class at cyber hygiene. 

More from Risk Management

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Why Operational Technology Security Cannot Be Avoided

Operational technology (OT) includes any hardware and software that directly monitors and controls industrial equipment and all its assets, processes and events to detect or initiate a change. Yet despite occupying a critical role in a large number of essential industries, OT security is also uniquely vulnerable to attack. From power grids to nuclear plants, attacks on OT systems have caused devastating work interruptions and physical damage in industries across the globe. In fact, cyberattacks with OT targets have substantially…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…