For instance, a recent survey of dry cleaners found that more than 22,000 universal serial bus (USB) memory sticks and nearly 1,000 mobile phones were found in clothes received during any given year. Vast quantities of data are lost due to the careless actions of individuals. How many laptops, phones and memory sticks do you think are gathered in the lost property collections of coﬀee shops, trains and airports? (That’s assuming the ﬁnders are honest enough to hand them in.) Another recent study found the most common passwords used are “123456” and “password.” The remainder of the top 20 included passwords equally as guessable, which means it wouldn’t take a computer genius to hack into those accounts. The Business Continuity Institute is focusing on cyber end-user vulnerabilities as part of its latest campaign and highlighting steps each of us can take to improve cyber security: Use secure passwords, including a combination of at least 12 upper and lowercase letters, numbers and symbols. Do not use number sequences or names that can be easily guessed, like a birthday or pet’s name, for example. Keep passwords safe. Do not record or store them in a location that is easily accessed, like next to your computer. Lock your computer when you’re not using it. Be cautious when using public Wi-Fi, and do not access sensitive information when using it. Do not plug in untrusted USB devices. Do not click on untrusted links. The essence of the campaign is that cyber security is everyone’s responsibility, and we can all play a part in building resilient organizations. PHYSICAL SECURITY While security in the virtual world seems to be leading the list of concerns, it is similarly important to remember security in the physical world. Incidents like vandalism, theft, fraud and protest all cause disruption to organizations, and a surprising ﬁnding of the Horizon Scan Report was the rise of physical security as a major concern for organizations. It moved from sixth place in 2015 to ﬁfth place in 2016, and ranked in fourth place this year. Acts of terrorism moved from 10th place to fourth and back down to seventh place during the same time period. Organizations don’t have to be targeted directly to be disrupted by a security incident or an act of terror. Any organization in the vicinity of such an event has the potential to be disrupted. For example, the police could decide to lock down the area until it is deemed safe. And while many of these concerns are largely the result of man-made threats, let’s not forget the havoc that nature can wreck on organizations. Already in 2017, impacts were devastating as Cyclone Debbie struck New Zealand and Australia. While some regions are aﬀected more than others, no location is safe from the impact of extreme weather, whether it be the result of wind, rain, snow or drought. Add to this threat the damage wrought by earthquakes, tsunamis and volcanoes, and it is clear that organizations must implement plans to prepare themselves for the consequences of disruption. PREPAREDNESS IS KEY How do you prepare your organization for the various disruptions that it could face? Horizon scanning is a fundamental part of business continuity, and it is important for each organization to assess the relevant threats to have a better understanding of the potential impacts. Protecting digital infrastructure With digital infrastructure, it doesn’t matter if it’s a cyberattack or a power failure — if the IT system is compromised or inoperative, a plan is necessary to manage the lapse.