Hey everyone, A quick post about cybersecurity and some basic steps you can take to improve online security for yourself or your business. Nothing is completely safe, but you can help mitigate the risk. Password Managers Keeping track of passwords is hard, and reusing the same password (or slight variations of it) is asking for trouble. If a site you use gets hacked and the company hasn’t stored your password securely, hackers will often try that password—or variations of it—on other major sites like Amazon, LinkedIn, or Facebook. A password manager helps reduce this risk by storing all your passwords securely. You only need to remember one very strong master password, and the manager will generate and store unique passwords for every site you use. The big advantage here is that if one site gets hacked, your other accounts stay safe. I personally recommend 1Password (https://1password.com/), but there are other good options too. 1password has a great sharing tool to share passwords between employees, family and when someone needs temporary access e.g. via email to share confidential documents. Two-Factor Authentication (2FA) The next step is to turn on two-factor authentication whenever possible. With 2FA enabled, even if your password is stolen, an attacker would still need your second factor (like the app code) to log in. If someone tries to break in, you’ll see the attempt and can deny it—giving you time to change your password before damage is done. Ideally, use an authenticator app (such as Microsoft Authenticator or Google Authenticator), or an Yubico key (https://www.yubico.com/), instead of SMS, since text messages can technically be hijacked through SIM-swapping (though it’s less common). Business Domain If you own a business, make sure you know who controls your domain name and that it’s secured with a strong, unique password and 2FA. Wi-Fi Avoid connecting to public Wi-Fi whenever possible. A personal hotspot is safer. If you do need to use public Wi-Fi, consider a VPN service such as ProtonVPN https://protonvpn.com/

AI notetakers - are they a productive assistant or unwelcome guest? As a group, I wonder if we could collaborate on the creation of a set of social rules that we, as business professionals, could start to include in our meeting invites to ensure our colleagues/clients etc understand what is acceptable use of AI notetakers and what isn't. It comes after learning about a law case filed in the US last month, Brewer v. Otter.ai that alleges Otter's “Otter Notetaker” and “OtterPilot” services recorded, accessed and used the contents of private conversations without obtaining proper consent. How do you feel about AI notetakers attending meetings without being invited? What control do we have on the data recorded in such meetings? I would like to suggest an Collaborative Coffee Meetup where can discuss this matter in more detail and draft some guidelines that we can use moving forward? How does that sound? If you think this is a great idea, vote below and if I get more than 5 people saying Yay, I'll go ahead and arrange a time.