In the era of rapid development of information and communication technologies, it is mandatory to implement in all organizations a cyber hygiene strategy. This will minimize the risks of becoming a victim of a cyber-attack or spreading the impact of a cyber-attack to other organizations.
In this context, when cyber hygiene is properly integrated into an organization, the implementation of daily routines, good behaviors, and regular checks will be sufficient to ensure that the online health of organizations is at its best (ENISA, 2016: 6).
Cyber hygiene is a fundamental principle related to information security and is the equivalent of taking simple routine measures to minimize risks from cyber threats, similar to personal hygiene. The underlying assumption is that good digital hygiene practices can lead to increased immunity among organizations, reducing the risk of a vulnerable organization being exposed to attacks (ENISA, 2016: 14).
The concept of digital hygiene encompasses cyber security activities implemented to protect information technology systems and devices. Although digital hygiene is very important in protecting cyber security, it should not be seen as synonymous with cyber security. Digital hygiene involves creating and maintaining healthy cyber behaviors (Vishwanath et al. 2020).
Thus, this report which is developed as one of the tasks of the Erasmus + KA2 Project named “ Good Digital Hygiene for Startups” presents the current situation in 6 partner countries (Latvia, Greece, Netherlands, Poland, Romania, and Turkey).
This analysis provides insights into how startups implement digital hygiene practices in their organizations that differ among these countries. With the comparative analysis, specific needs to achieve digital hygiene targets and to develop comprehensive training materials for each partner will be determined.
To analyze the general view on digital hygiene in each partner country, the partnership analyzed 7 aspects that directly or indirectly point to the implications of digital hygiene practices of their countries – Latvia, Greece, The Netherlands, Poland, Romania, and Turkey:
- Key Drivers of Digital Transformation
- Digital Skills Landscape From The Government Viewpoint
- Governments’ Digital Skills Gap Reduction
- Digital Transformation of Businesses in Partner Countries
- Cybersecurity Workforce
- Digital Hygiene Practices
- Regulations in partner countries for improving digital hygiene practices
The analysis performed by the partners resulted in the determination of various conclusions that had an impact on the outcomes of the countries’ digital hygiene practices.
In partner nations, public institutions are the driving force behind the digital transformation. Latvian Ministry of Environmental Protection and Regional Development supports the development of e-Governance services as well as its work with the vision of digital transformation. However, small, and medium-sized enterprises (SMEs) in Latvia are relatively weak compared to the EU average in the use of new technologies. Similarly in Greece, the population has low average digital skills, and a small proportion of citizens aged 55 and over have adequate digital skills but the digital transformation process is tried to be accelerated by the public authority. In the transition to digital transformation, it is important that the Dutch government adopts the Digital Law “Wet digitale overheid” in 2018, which enables them to implement the Digital Government Agenda as part of the broader Dutch Digitization Strategy. In Poland, the Committee of the Council of Ministers for Digitization is working to increase the digitization level of the country. Similarly, The Ministry of Research, Innovation, and Digitalization and The National Authority for Digitalization plays an important role in the transition to digitalization in Romania. However, it is seen that digitalization is developing slowly in the country and there is a big gap when compared to other European countries. In Turkey, in line with the developing technologies, social demands, and reform trends in the public sector, the Digital Transformation Office was established within the scope of the Presidential Decree and takes steps towards digital transformation.
Some of partner nations have released a number of digitalization guidelines on the digitalization of public institutions. The procedures for implementing digitalization in business processes and corporate applications are laid out in these guidelines. Latvia’s “Digital Transformation Guidelines for 2021-2027” describes the strategic actions necessary to ensure the use and development of the digital environment in society and State Administration in the country. Greece, on the other hand, has set the country’s digital transformation goals with the “Greece National Coalition for Digital Skills and Jobs 2020-2025 Digital Transformation Strategy and National Recovery and Resilience Plan: Greece 2.0”. In the Netherlands, the ‘Dutch Digitalization Strategy 2.0’ document has defined the priority steps determined for digitalization. In this context, digital skills for citizens, digital skills for the workforce, digital skills for ICT professionals, and basic digital skills were examined. Through the National Digital Transformation Council of Romania, it is developing solutions to the problems of low digitization levels and relatively slow progress. Turkey, on the other hand, provides digital literacy training through the Ministry of National Education, in addition to popularizing the e-government application in public services.
There are various activities and guidelines for closing the digital skills gap in Partner countries. Some of these are briefly summarized later in the paragraph, but such activities are not available in all countries and it would be useful to identify and disseminate more comprehensive activities. Digital Week is a yearly nationwide education and awareness campaign promoting digital skills and digital transformation in Latvia, organized by the Ministry for Reducing the Digital Skills Gap. The major goals of the Latvian Digital Week are to increase public awareness of the value of having strong digital literacy among all segments of society and to offer real-world assistance to those who want to learn new skills in this area. In order to provide the circumstances for an active and healthy life, policymakers in Greece start certain projects like “Greece 2.0: A National Recovery and Resilience Plan” involving digital literacy and engagement of the populace. A promise has been made by the Dutch government to close the nation’s digital skills gap. The “Digital Agenda,” unveiled in 2013, is one of the primary projects. This is a nationwide initiative to strengthen the Netherlands’ digital infrastructure while also enhancing the digital literacy of its people and enterprises.
Some of the guidelines and actions implemented for the digital transformation of businesses are as follows: The National Recovery and Resilience Plan for Romania was implemented by the Romanian government to close the digital skills gap. The distribution of resources to close the digital gaps is laid out in this plan. With interventions in network deployment, e-services in the public sector, education, digital skills, and cybersecurity, component C on digital transition clearly stands out as the key contributor to the digital aim in Poland’s Recovery and Resilience Plan (RRP), which has six components. The Latvian Digital Transformation Guidelines highlight the new approach for digital transactions of business: The commercial sector will also be given access to national digital channels, such as official electronic addresses, digital services platforms, international identification, etc. Initiatives like “Greece 2.0” attempt to assist the Greek people in being ready for the next era of digitalization. The second pillar of the Greece 2.0 plan’s four pillars, or the bundles of reforms and investments, is Digital Transformation. With the two major initiatives “Digital First” and “Digital Netherlands,” which seek to make digital technologies and services the primary means of interaction between citizens, businesses, and the government and support the digital transformation of Dutch businesses, the Netherlands has been a leader in the digital transformation of businesses. The main obstacles to SME digital transformation in Romania are structural, such as low development of digital public services and insufficient supply of services and tools. SMEs should invest in services and tools to optimize processes and train staff and management to increase demand.
The National Cybersecurity Authority of Greece’s research on the cybersecurity workforce skills gap reveals that to close the skills gap in the nation, it is critical to determine the profiles, abilities, and competencies of cybersecurity jobs. As concerns about cyber threats and the need to guard against them rise, the cybersecurity workforce in The Netherlands is expanding too. The Dutch government has taken several steps to improve the nation’s cybersecurity capabilities because it understands how important it is. The “Cybersecurity Strategy of Poland for 2019-2024” aims to increase the country’s resilience to cyber-attacks and improve data protection in the public, military, and private sectors. NASK plays a key role in implementing the strategy from a research and educational perspective. The need for a larger cybersecurity workforce in Romania is increasing, with salaries in the upper echelon, but there is a lack of data on the evolution of the job offers and workforce. The Protocol on the Opening of Cyber Security Vocational Schools in Turkey aims to build a competent and qualified workforce, develop cyber security education programs, increase skills and competencies, enrich existing cyber security education content, disseminate programs, and increase employment in the field.
In general, digital hygiene applications that are widely used in all partner countries are updates, passport enhancements, software and hardware improvement, anti-virus applications, and anti-malware programs. Even though different guidelines are being attempted to be implemented in some nations, there is no overall complete application unity. A few partner nations have enacted laws governing digital hygiene (such as Latvia’s “Personal Data Processing Law” and “The Digital Transformation Guidelines 2021-2027”). So far, there is typically a propensity to adhere to the General Data Protection Regulation of the European Union (GDPR). But still, there is no application unity for most countries.
ENISA (2016), European Union Agency For Network And Information Security, “ENISA Threat Landscape Report 2016: 15 Top Cyber-Threats And Trends”
Vishwanath et al. (2020), “Cyber hygiene: The concept, its measure, and its initial tests”, Decision Support Systems, Volume 128, January 2020, 113160