Are your employees equipped to use the Internet and email securely?

How certain are you that your employees understand the risks posed by their use of the Internet? And do you trust that your employees know how to minimise risks – and what to do when they discover a threat?

We all rely on the Internet and email for marketing, communications and essential business operations – but how often do we step back and assess the risks?

Evolving risks

Hackers and fraudsters are constantly looking for vulnerabilities. Businesses are regularly assailed by financially-motivated agents, as well as state-funded hackers in search of intellectual property and the disruption of commercial activity.

The threat from within

In recent years, organisations have discovered that digital security and processes are not enough to prevent hacks, malware and data loss, because even the most robust systems can be swiftly neutered by an untrained (or disgruntled) employee. This has brought a renewed focus on employee training and the need to defend against internal threats. So, what can your organisation do to help employees use the Internet and email securely?

Assess your technology risks

Before you consider what kind of training your employees require, you must evaluate the potential threats to your business. For example, you might have a database of customer data, precious intellectual property or product designs, vital systems, online resources or costly digital infrastructure. Does your business have any compliance requirements? Are these being met – and protected? Once you have identified the threats, you can devise a strategy for mitigating and managing risks.

Security policy

Does your organisation have an up-to-date security policy? It’s important that your employees read the policy and understand everything it covers, such as:

  • Safe IT usage
  • Acceptable software
  • BYOD – can employees use their own devices?
  • Data protection and sharing
  • Removable media – can employees use USB drives and other media?
  • Password practices
  • Dealing with suspicious emails and content
  • Keeping back ups
  • Digital vigilance and reporting

Training is clearly a core component of modern digital security. Your employees represent a significant risk – whether intentional or accidental – and regular training is the best way to ensure that every individual recognises the threats and their role in preventing a security breach. Training should be mandatory and regularly refreshed to cope with the changing nature of digital security. Employee training programmes should form the core of a comprehensive security setup.

Take the GDPR data protection challenge

How well do you really know data protection rules?

With the new General Data Protection Regulation (GDPR) coming into force in 2018, organisations are working hard to ensure they meet the new regulations. Companies processing over 5000 personal records per year or employing over 250 staff are now required to appoint a data protection officer, or DPO. Marketing teams will need to ensure they have consent from those they are marketing to and genetic and biometric information is now also considered sensitive data and GDPR.

Play the GDPR data protection game

Data protection challenge screenshot
Our game puts you in the manager’s seat of a company and provides feedback on the decisions you make

Continue reading

Risk assessment: exposure to the new corporate criminal offence for failure to prevent tax evasion

Tax evasion

HMRC has secured more than £2.5bn from offshore tax evaders since 2010

Does the Criminal Finances Bill put you at risk?

VinciWorks has created a five minute tax evasion assessment to help you evaluate your exposure to the new corporate criminal offence for failure to prevent tax evasion.

About Tax Evasion Risk Assessment

Described as “the largest expansion of UK corporate criminal liability since the Bribery Act”, the Criminal Finances Bill creates a new corporate criminal offence for failing to prevent tax evasion. HMRC has committed to naming and shaming tax evasion ‘enablers’, those who assist individuals in evading tax. New rules mean that organisations can be held liable for assisting in tax evasion even if they were not aware that it is taking place.

Continue reading

Deutsche Bank learns anti-money laundering lessons the hard way

Deutsche Bank

Europe’s largest investment bank hit with £500m fine

Most companies, particularly financial institutions, understand that a small investment into proper anti-money laundering training for their staff is not only a necessary expense, but a long term money saver. But Deutsche Bank is not most companies. Europe’s largest investment bank was hit with a stunning £500m fine in January from multiple regulators because “the bank missed numerous opportunities to detect, investigate and stop the [money laundering] scheme due to extensive compliance failures, allowing the scheme to continue for years.”

Deutsche Bank ran a $10bn money laundering scheme that involved the Moscow, New York and London branches shifting roubles between Cyprus, Estonia and Latvia in a manner that was “highly suggestive of financial crime.” This follows a bad few months for the German bank which has seen it pay $7.2 bn to the US Department of Justice over toxic mortgage assets and another $2.5bn over interest rate manipulation.
Continue reading