2017 saw a rise in the number and scope of ransomware attacks, with the highest profile attack, WannaCry, affecting over 230,000 organisations worldwide and causing the NHS to cancel appointments and operations. VinciWorks’ new interactive micro course on ransomware helps users understand exactly what ransomware is and how to avoid being the next victim of such an attack. Ransomware is part of VinciWorks’ cyber security suite that has recently been updated to include six new interactive apps and Phishing Challenge 2.0.
The course covers:
- Understanding what ransomware is and the dangers such attacks present
- Key definitions related to ransomware, such as “phishing”, “spear phishing”, “malware” and “Bitcoin”
- 2017 ransomware attacks and how they happened
- Visual examples of how attacks happen
- Guidance on how to avoid being the target of ransomware attacks
- What to do in case of an attack
- Assessment to review what has been learnt
Demo ransomware micro course
Employees are the weakest link in most cyber security attacks. The VinciWorks Phishing Challenge and Phishing Challenge 2.0 address this weakness by training employees to spot phishing emails.
This five-minute, mobile-friendly challenges:
- Educate users on how to spot suspicious emails
- Produce a report with each employee’s phishing risk score
- Enable you to identify high-risk employees
- Challenge users to spot red-flags in real phishing emails
Demo Phishing Challenge 1.0
Demo Phishing Challenge 2.0
The Phishing Challenges are designed as “knowledge checks”, a five-minute, SCORM compliant e-learning course that can be used in any learning management system to track user completions and risk score.
It is available for free, whether or not you are a VinciWorks client.
Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?
It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.
Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m
However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.
Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.
The number of cyber attacks hit an all-time high last year, with the threat expected to increase in 2018. The highest profile attack, WannaCry, affected over 230,000 organisations worldwide and caused the NHS to cancel appointments and operations. Human error remains the most likely cause of cyber breaches, with phishing emails the no. 1 tactic used by attackers. In more sophisticated attacks, such as spear phishing attacks, phishing emails will target individuals or organisations, being more personalised to include the victim or company’s name. The results of such an attack can be devastating, often resulting in sensitive information being compromised and financial repercussions.
Two new courses added to cyber security suite
VinciWorks’ cyber security suite has now been updated to help protect staff from the latest threats. We have added two new short courses, allowing users to learn how to protect themselves and their organisation in just five minutes.
What is your organisation doing to embrace social responsibility? Social responsibility initiatives are not only good for the community, they build brand equity and reputation, and enhance client satisfaction. VinciWorks has created a free corporate social responsibility (CSR) policy template that can be used to clearly communicate CSR initiatives to clients and align employee behaviour.
Download policy template
What should be included in a CSR policy?
Here is some guidance on what to include in your corporate social responsibility policy:
Begin the policy by acknowledging that the way your business is run affects society. While organisations have a responsibility towards their staff, clients and contractors, they must also consider the wider community in which they operate. The introduction should also state your organisation’s commitments to CSR.
After a successful 2017 that saw over 170,000 course completions, we are excited to present our tentative plan for our new course releases and updates planned for 2018. Every year, Vinciworks plans its course schedule based on a combination of client feedback and prevalent compliance issues.
Updated cyber security training suite with two new courses
After several high profile cyber attacks exposed millions of systems in 2017, VinciWorks is set to release two mini courses to help staff protect themselves and their organisation from the latest threats. Each course can be completed in just five minutes. The two new courses are:
On Tuesday 21 February at 12pm, Director of Best Practice Gary Yantin will be joined by Director of Course Development Nick Henderson to explore the challenges facing organisations in preparing for GDPR and give guidance on what still needs to be done.
The webinar will cover:
- Is your organisation ready for the changes?
- What are your biggest challenges?
- Conducting Data Protection Impact Assessments (DPIA) and making the most out of them?
- Dealing with sensitive categories of data
- What to consider when appointing a Data Protection Officer
- The Data Protection Bill 2018 There will be an opportunity for answering your questions.
The webinar will end with the opportunity to have any questions on the topic answered. You can register for the webinar by clicking on the button below.
The General Data Protection Regulation will come into full force on 25 May
The General Data Protection Regulation (GDPR) will officially come into force on 25 May 2018. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU will be required to comply.
If you haven’t started to comply, or are not sure what to do next, following these steps will help ensure you are ready for GDPR day.
1. Undertake a data audit
Organising an in-depth data audit across your organisation and all parts of the business is crucial to understanding where data exists, how it is used, and what should be done next. Think of data like oil running through an engine; it powers your organisation and makes it function, but it can also leak if the various conduits are not working properly. After an audit, you should be better able to identify risks, weak spots and priority areas to address.
Are your staff able to spot suspicious transactions when it comes to money laundering?
There are many ways that someone will try to launder money, meaning that spotting the crime before it’s too late can sometimes be challenging. Here is some guidance on how to spot suspicious transactions and best practice on how to deal with such suspicions.
Seven ways people may launder money
The guidance below is taken from our interactive e-learning course, Anti-Money Laundering: Know Your Risk. You can demo the course for free here.
Definition: payment for a service or product online through a credit card and other electronic payment systems.
The risk: e-commerce payments create ample opportunity for money laundering and terrorist financing. Selling counterfeit goods online or no goods at all or making payments and transfers where the credit card or the user does not need to be verified are often a blind spot in AML prevention measures.
Tip: have strong identity verification measures and transaction monitoring in place. Using technology to uncover suspicious activity can help reduce the money laundering risk of online payments.
The beginning of a new year is a good opportunity to formalise learning objectives and prepare training schedules. With many new regulations implemented in 2017, and more to come in 2018, VinciWorks has prepared guidance to help you focus on the important compliance topics for the coming year.
General Data Protection Regulation
GDPR will be coming into full force on 25 May. Companies will need to implement staff training, rewrite their privacy policies, review the ways they currently obtain consent from data subjects and assess whether their processes will be valid under GDPR. You can learn more about preparing for GDPR here. We have also published a free data protection policy template and have released a GDPR training course.