Navigating the Ethics, Risks and Opportunities

Today, we are meeting the challenges of the AI revolution head-on with the launch of our new AI Compliance eLearning collection

Amid the wave of AI transformation, businesses grapple with understanding both the potential advantages and risks it presents. A recent poll by VinciWorks revealed that 63% of respondents do not currently have internal AI policies implemented within their organisations. With the International Monetary Fund (IMF) forecasting AI’s impact on nearly 40% of global jobs—either replacing or complementing them—there is a pressing need for companies to adapt proactively to the evolving AI landscape.

Designed to empower professionals across industries with essential insights into AI, the latest collection is a key addition to the Information Security and Data Protection suite, comprising seven comprehensive courses. As AI continues to reshape the way we work, this collection offers a thorough overview, beginning with foundational principles and clarifying the core aspects of AI. The courses delve into best practices for workplace AI usage, ethical challenges, and associated risks. The new courses include:

Understanding AI – Opportunities and Risks

This course addresses the surge in AI’s disruptive impact on the business world, providing insights into opportunities and clarifying misconceptions. It explores optimal uses of AI tools for office productivity and examines the legal and moral challenges and the risks associated with AI on a global scale.

AI and Data Privacy

This course focuses on businesses’ challenges in reconciling technological innovation with preserving personal privacy rights. It objectively explores fundamental concepts related to data privacy laws and AI technologies, offering insights into effectively managing associated complexities.

AI and Intellectual Property

This course covers fundamental AI concepts and legal considerations for intellectual property rights, challenging users to navigate grey areas in IP ownership. It addresses legal and ethical dilemmas surrounding AI-generated works and guides organisations to mitigate intellectual property compliance risks.

AI and Discrimination

This course tackles the rising dependence on AI models for crucial decisions affecting various aspects of life. It examines the potential consequences of poorly designed AI models, uncovering inherent biases that may result in unfair treatment. It focuses on recognising biases and discusses strategies for rectification, ensuring accuracy and fairness.

AI and Conducting an Effective Risk Assessment

This course addresses the rapid disruption caused by AI and emerging technologies, emphasising the critical need for companies to adapt swiftly. It focuses on AI-related risks, guiding users in crafting thorough risk assessments and exploring ways to leverage AI tools for enhanced risk-control strategies.

AI and Cybersecurity

This course guides users through the changing landscape of AI and cybersecurity, providing a vision for what to expect as attacks get more complex and how to stay a step ahead. This video-based course provides insights from subject matter expert Richard Merrygold, Director and Infosec Lead Consultant at iStorm, on understanding and navigating this environment. 

Plagiarism in the Age of AI

In academia, plagiarism concerns grow with AI usage. This course delves into higher education foundations, stressing the severe consequences of plagiarism. It explores how AI exacerbates this issue, navigating potential risks students face when resorting to copied content.

The new AI eLearning collection is available in various learning formats, including case studies, videos, and full and short courses, targeting a global audience. The VinciWorks in-browser editing tool enables HR and learning and development teams to tailor courses in real-time, with visible edits and easy sharing capabilities via a unique link.

Nick Henderson-Mayo, Director of Learning and Content at VinciWorks, commented, “Embracing the transformative power of AI in the workplace demands not only awareness but proactive education. Our AI Compliance eLearning Collection is not just about understanding the intricacies of artificial intelligence; it’s a navigational guide through the ethical considerations, potential risks, and untapped opportunities. In a landscape where adaptability is paramount, this new collection of AI compliance training courses empowers professionals to harness the full potential of AI responsibly.”

To support compliance professionals’ comprehension of AI, VinciWorks is offering a complimentary AI and Compliance guide. For more information on VinciWorks’ AI training collection, click here

Social engineering is another technique used by hackers to gain personal data from individuals through unauthorised access. This happens by hackers either contacting you directly and conning you into handing over your details, or through getting you to open a link/attachment that installs malware onto your device. If you have ever received an email asking for personal information or telling you that your account is at risk unless you provide login details, or attempted to open something that caused you see a security flag from your anti-virus software, then you have encountered social engineering.

The Strains of Social Engineering:

There are different techniques of social engineering used by hackers depending on their own personal knowledge and skills. It doesn’t tend to be the most challenging form of cybercrime, but it is for this exact reason that is the fast-growing type of crime hackers are committing. The accessibility of the resources mean that the attacks can potentially result in big prizes with limited effort needed to get them.

Baiting

Working in disguise, baiting is when malware is hidden, and you don’t know it’s there until you have installed it onto your device. It can be physical, in the form of an infected USB stick lying around that once plugged in exposes the device to malware. Most commonly though, it comes electronically. This comes when you are sent a link that, despite appearing to be harmless, creates an entry point for malware as soon as you click on it, highlighting how fast you can have problems through the most unexpected areas.

Phishing

Falling victim to phishing is when you are targeted through a fraudulent message by a hacker pretending to be a legitimate source. Their aim is to either get you to hand over personal information directly or providing you with a malicious link to spread malware, in both cases though, phishing is the most personal type of attack.

Hackers are getting better at it too, through using professional marketing techniques, they are able to create an incredibly legitimate looking email, causing recipients to do as it says because they don’t question the source at all. It is because of this growing sophistication in the preparation of phishing, that hackers are achieving success 50% of the time. Stressing how too many people are falling victim to hackers through an avoidable case of human error.

Attackers pose as legitimate sources such as well-known high-street names in order to gain the trust of the recipient. This could be sent to a group of people, for example a group of customers that use a certain bank or sent to one specific person that is targeted through a highly tailored message, this is known as spear phishing.

Pretexting

This technique became much more mainstream topic when Barclays produced a number of adverts on the dangers of cybercrime in 2017, one of which was a perfect example of pretexting. This is when someone lies to gain privileged information over the phone. This specific example showed a profession dressed “bank worker” asking for the security PIN of a customer over the phone, by handing this over, the hackers gain access to you accounts and from there they have the power to cause significant financial damage. It doesn’t take many pieces of information for criminals to be able to access your accounts and take everything.

Scareware

Presenting itself as a ‘knight in shining armour’ is how scareware infects your device with a virus. An example of this could be a pop-up advertised as a ‘fix’ against a supposed viral threat to your device. By agreeing to this fix, malware is installed. The technique scares you into thinking you’re in trouble and causes you to make a panicked decision, and as a result you actively download the virus instead, rather than avoiding it.

Social Engineering Trends

The development of the internet means that as we become more and more dependent on it, the number of vulnerabilities increase too. This has caused a species of hackers to grow in skills and sophistication to keep finding new ways to catch people out.

Not matter the size of the company, hackers will try and make a profit from it. This is displayed by, ironically, the security company, RSA. The attack started with two phishing emails being sent out to a number of employees titled ‘Recruitment Plan’ and included an excel spreadsheet attachment supposedly containing further information on the plans. What it really contained was a malicious form of malware that was then let lose into the systems, compromising all of the company’s network and data. The result was a $66 million (£49m) loss, alongside a dangerous knock to their reputation.

This case points out how quickly a danger can spread through a company due to human error from employees. By failing to educate and train them on the threats of cybercrime, you are creating nothing but a weak line of defence, and consequently leaving your organisation at risk.

Steps to Protect Yourself from Social Engineering

Cyber security training means that the level of understanding within a business is increased and results in a consistent workforce in their attitudes around the topic. At the end of the day, employees are the ones that are on the lookout for suspicious activity, so training in email/social media/password/anti-virus software use can allow them to be prepared in detecting and responding to problems effectively. Social engineering is the human interaction and tailoring that comes with cyber attacks, so dealing with that effectively requires a prepared workforce. At the end of the day, the software can only benefit an organisation when it is in the hands of people with the right skills.

As a support to human training, the use of email gateways add further security by controlling and monitoring what gets in and out of your networks. This can prevent the majority of harmful messages from even getting close to the inbox, and as a result the organisation can remain in a protected bubble, keeping out the hackers to avoid financial and reputational ruin.

Nothing you download can give you 100% protection guarantee but teaming it with strong levels of human competency through training means that the chance of hackers getting in is reduced significantly.

The concept of phishing is simple, pretend to be someone you’re not to get money/personal details out of someone through an element of trust. What is worrying is that nearly 100,000 people reported receiving phishing emails in 2015, and with this style of attack being successful (for the hackers) 50% of the time, too many people are falling victim to phishing through an avoidable case of human error.

Attackers pose as a legitimate source such as well-known high-street names in order to gain the trust of a victim. From there, they can distribute malicious links and attachments in the form of malware, all in the hope that the unsuspecting user will click on the link, open the attachment, or even hand over sensitive information voluntarily such as bank details or login information, all because they think the sender is legitimate.

How Phishing Works

Phishing works through careful preparation in order to create a convincing email that has a strong chance of being delivered successfully. This is why social networking is a prominent technique in phishing through any kind of electronic communication methods such as email or direct messages on social media.

The hackers work by gathering information on their target to make the message as tailored as possible, resulting in something that seems more legitimate. By knowing details like your name, address and work history, they can personalise their attack so that you are less likely to see it as a con, and as a result, you will innocently follow the instructions they send you, causing you to fall into their trap.

The prime time for phishing is around major current events such as the coronavirus pandemic to keep the scam current and therefore seem more ‘real’ for the recipient. For example, during the coronavirus pandemic, security experts have reported a substantial rise in phishing email scams related to the coronavirus – the worst they have seen in years. The BBC followed up on reports of individuals and businesses being targeted with phishing emails and came across a variety of campaigns including tax refunds from the HMRC, email attachments from the World Health Organisation (WHO), bitcoin donations to help fight the coronavirus and scare tactics aimed at giving up work or personal email details.

Whatever the subject, the objective is to gain an entry point for malware to infect the device.

The Ever-Growing Field of Cybercrime

The sophistication of hacking groups is growing due to the increased research and skill they have in their techniques of attack. So whilst phishing emails used to frequently be poorly written with fuzzy graphics that gave the game away, they are now using the same techniques as professional marketers to compose the most effective messages.

The first waves of cybercrime came when emails and social media became popular because it was an accessible way for hackers to target a large audience with minimal effort and skill needed. Criminals are able to target users directly by sending infected emails straight to someone’s inbox, all ready for the unsuspecting recipients to open and consequently spread malware into the network.

The cost of phishing scams can be catastrophic for companies, no matter what size or industry you’re in, you can become a target for hackers if there is a profit to be made. Waltar Stephan is a perfect example of how anyone can be caught out and how having the ‘I wouldn’t fall for it’ attitude isn’t something you should try relying on.

Stephan was the CEO of a plane company called FACC for 17 years, so he was far from being a newbie in the industry. After receiving an email from what he thought was someone superior within the company, he fell for the lie around a secret transaction needing to be carried out. The result was that a whopping $56.79 million (around £39m) was taken, and he lost his job immediately.

This example not only highlights how any business can be targeted with phishing emails, but also the creativity that hackers use to achieve their desired result – a profit. As well as the direct effect on the company, the knock-on reputation cannot be ignored either. Only 17% of customers said they trust companies now, compared to a decade ago, highlighting how the growing number of online crimes is something customers are more than aware of. If customers cannot trust you to look after their sensitive data, there is little chance of prosperity in the future. An increasingly digitally-aware public means that reputation is everything.

Combating Phishing Threats:

Defending your organisation from phishing comes from knowing what to look out for, this can only come from a strong email gateway and having the human understanding around the topic achieved through training so they know what to look out for.

Training and Education in the Workplace

By downloading infected programs, links, or documents through what seems like a harmless email, the hacker can get into your whole system to do whatever they want with the data they find.

Remaining vigilant over cybersecurity is exactly how you can protect your organisation because breaches are often caused by employees inadvertently creating an entry-point into the systems and networks, a factor that email awareness training can prevent from happening. Computer literacy can sometimes be snubbed off as ‘common sense’, but the increased sophistication of the phishing emails being produced means that anyone can be a target, meaning that everyone should be able to understand the threats and reduce the success rate of the criminals. Regular training should never be neglected, as the damage it could prevent could make or break for the future of a business.

Email Gateways

As a backup for the human training that comes in reducing the risks of phishing, having a strong email gateway is something that all organisations should also look at as a priority.

Acting as the controller of what gets in and out of a network by using different filters and checks, an email gateway can prevent the majority of harmful messages getting to you in the first place. Finding the right gateway for your organisation is very important. By having one with advanced features that challenge the basic antivirus/antiphishing/antispam settings and include the newest technologies to keep up with the threats out there. Also, look out for something that is customisable to you and maintains a reliable reputation through a low level of false-positive/negative cases.

Remember that no solution provides 100% protection, which is why the training as well as having a gateway is so important.

Passwords are possibly the first thing that come to mind when we think of maintaining privacy whilst online. Whether it’s our social media profiles, online bank accounts, or our internet devices themselves – everything seems to have the same first line of defence.

The number of password-protected accounts and devices we use means that the majority of people reuse passwords rather than trying to remember several different ones. However reusing passwords, even if they are strong, is unadvisable. It means that if one of your accounts is compromised by hackers, suddenly all your accounts – and all the information they hold – become very easily accessible.

Weak Vs Strong Passwords

Despite the amount of information available about password protection (not to mention the number of high-profile data breaches in the news recently), the two most common passwords are ‘123456’ and ‘password’. This makes it very apparent that awareness training around how to set a secure password has not reached the majority of individuals/employees.

Simplistic passwords are easy for hacking software to crack as they follow easily-identifiable sequences, e.g. words and numbers. In other words, once one or two of the characters are cracked, it’s easy to guess the following characters and gain unauthorised access to valuable information.

 

It would be a mistake for employers to assume that setting a secure password is just common sense – something everyone already knows. Either through lack of awareness or ‘it won’t happen to me’ mentality, many individuals still choose weak passwords and/or reuse passwords across multiple devices and accounts. The two most commonly-used passwords mentioned above make this fact very clear! Although choosing strong passwords is basic cyber security good practice, it doesn’t mean it should be overlooked when it comes to training, far from it.

As a rule of thumb, a strong password should be at least eleven characters long, containing both upper and lower-case letters, as well as numbers and symbols. Random characters are more secure than sequential or word-like passwords, as they don’t follow patterns that hacking software can easily crack. A strong password that follows these rules would take password-hacking software (which can make 100 billion password attempts per second) 500 years to guess. Compare this to less than 1 second for passwords of a combination of 6 random lower-case letters.

Strong passwords avoid using personal information, e.g. dates of birth or pet names, as these are fairly easy to ascertain or guess – many of us put this information on social media, for instance.

Password Managers

Following best practice for setting a secure password means that, on average, we would have to recall eight strong passwords daily. Using a password manager is a good way to remember your passwords, as well as keep them safe from the hands of hackers.

Password managers are usually software applications (they can also be accessed through websites) that store and encrypt login information for the user. They typically require users to remember one strong master password that is used to access the information stored within, although they might also be fingerprint protected on mobile devices. Once logged-in to a password manager, the application will automatically fill in log-in information for the user whenever it is required and also randomly generate non-sequential, very strong passwords regularly. This means that, no matter how complex your passwords are, you won’t have to spend time trying to remember them all or regularly update your passwords yourself.

Most web browsers have their own password managers allowing users to store passwords for certain accounts for ease of use. Individuals that take advantage of these sorts of free password-management services should double check that their passwords are encrypted when stored, and also abide by best practices for generating their own passwords.

The rise of remote working since the Covid-19 pandemic has seen cybercrime skyrocket, with opportunist criminals targeting employees to access confidential data or else profit from ransomware and other scams.

We designed this guide to raise awareness about cybersecurity – particularly for companies implementing hybrid working – and reduce the risks of human error for employees working between the home and office.

Learning points:

  • Cybersecurity risks for hybrid workers
  • Cybercrime red flags employees can look out for
  • Protective measures to prepare your business for hybrid working
  • Advice for keeping your systems secure
  • Implementing a cybersecurity policy

Related Courses

Technology is becoming more and more important to – and integrated in – our lives, leading to us become increasingly dependent on it. It may make life easier, but it also leaves us vulnerable to risk. Because of this, cyber security is top priority and affects our daily/working lives greatly.
Breaches in cyber security can be catastrophic for organisations and their employees or client base. It can determine the success – even survival – of an organisation due to the increased fines introduced by the GDPR in 2018, not to mention the impact a cyber-breach could have on a business’s reputation. The severity of these implications means that cyber security is something organisation’s really can’t ignore and why education and awareness training for employees is necessary for all organisations.
Common Security Issues:
A lack of awareness about cyber security measures is one of the top reasons why so many organisations suffer data breaches. Lack of knowledge leading to low confidence levels mean that many breaches are caused by seemingly innocuous errors that even basic cyber-security training could help mitigate. We explore some common threats and their impact upon your organisation below:
Using Email and Internet Securely
When it comes to cyber security, it’s worth remembering that there’s no such thing as ‘just common sense’. It may seem obvious to one person what, for example, the rules are for creating a secure password. However, to another, this won’t be so clear or seem all that important.
This is why it’s imperative to maintain regular awareness training on safe internet and email use. Hackers target company emails in the hopes that one employee in possibly hundreds will be distracted enough to download an infected attachment or fall for a Phishing scam.
Other common risks include visiting unsecured websites which may infect your system with Malware like Trojan Horses, or downloading software disguised to look legitimate. Remember, it only takes one employee to click the wrong link for your entire network to become compromised.

Password Security
Today we are inundated with software and platforms requiring passwords; think social media accounts, online banking, mobile phone PINs, and email accounts. It may seem like a hassle to have so much password protection, but these protocols exist as the first line in defence against cyber criminals and hackers.
Shockingly, the most common password is ‘123456’, closely followed (ironically, considering its weakness) by ‘password’. These findings, alongside the fact that 73% of people re-use the same password across all their accounts, means that thousands of people are still leaving themselves worryingly vulnerable to hackers.
Creating a strong password policy is key when it comes to helping users safeguard the critical systems and software they rely on every day. Whilst adding more complexity (e.g. by requiring longer, more secure passwords, or by changing passwords frequently) can seem like an inconvenience, the requirements of and reasons for your organisation’s password policy should be made clear to employees from the outset.
Social Media
Our addiction to technology continues with the ever-rising popularity of social media (there’s research suggesting that some people access eight different social media accounts at any one time!). However, our informal approach to social media means we don’t generally see information we post on our profiles as all that private, or even valuable in some case; instead it’s just a fun way to share experiences and fun-things with friends. However, this relaxed state of mind makes it very easy for cybercriminals to target social media users, as we tend to have our guard down whilst accessing the platforms.
Similarly to malicious links or attachments sent via email, a download disguised as an interesting link or Direct Message on social media could be a way for hackers to infiltrate systems and steal valuable data. Cyber criminals are aware that employees accessing social media, say, in their lunchbreak, are more likely to engage in risky behaviours – that’s why it’s so important to ensure a clear social media policy is in place at work and to train employees on best practice for using social media. Remember, just because social media tends to be for personal use, it’s nonetheless something that can affect the workplace.
A Compliance Culture
One of the biggest effects cyber security has on us is the role it plays inside developing and maintaining a compliance culture. A compliance culture embeds awareness training and risk mitigation (like the examples discussed above) into our everyday work practices, setting the standard for good conduct throughout the entire organisation.
By focusing employee behaviours on best practice and ways to maintain cyber security (rather than viewing training as just a box ticking exercise), organisations will find that meeting regulatory obligations is just the beginning, a foundation that sets the tone for behavioural change.

Related Courses

Organisations must take cyber security seriously in order to avoid becoming victims of the ever-growing cybercrime industry. Following certain steps and training employees to defend the company means that you can stay one step ahead of the hackers looking to gain unauthorised access to your networks and systems.

A cyber breach can be detrimental to the future of an organisation, determining the success, and even the survival of a business, highlighting how the effects of cybercrime can be catastrophic. With the GDPR’s new data protection fines being introduced in 2018 to make sure companies are following the agreed rules and regulations, how you improve your security within the workplace is something that can no longer be ignored.

By having a strategy of giving staff the skills needed to prevent a cyber breach in the first place, and following easy steps through creating a vigilant workforce, the business can remain stable and secure.

Implementing VPN’s For All Connections

In recent years, the mobility of employees within the business world has increased, allowing people to stray away from a routine of a daily commute into the office. This means employees are travelling more, and as a result they face a growing need to safely stay connected to their company networks when they are outside the office environment.

Public networks serve as the perfect hunting ground for hackers to take advantage of. If you are wanting to access sensitive data through them, such as a coffee shop Wi-Fi, accessing the data can put the business at risk.

Through using VPN’s, otherwise known as Virtual Private Networks, users can securely access a private network through public platforms, allowing employees to safely access their work outside of the office without the constant worry of hackers closing in. Just like firewalls controlling what goes in and out of a network, VPN’s protect you when you’re online. Using VPN’s means that the remote user can communicate with the internal company systems over the Internet as if it were inside the local network.

Enforce Password Rules

Strong passwords are one of the first lines of defence against hackers, so having a strong password policy cannot be stressed enough. Worryingly, the top two passwords used by individuals are ‘123456’ and ‘password’, a fact that highlights how too many people are still leaving themselves vulnerable to cybercrime.

Making regular password updates mandatory and teaching users how to create and remember them could be key to help users safeguard critical systems and networks they rely on daily. Whilst equipping yourself with multiple passwords of high complexity can seem like a hassle, it shouldn’t prevent a strong password policy from being implemented within your organisation.

Equip and Update

By using appropriate technology, such as antivirus software and firewalls, users are given an extra layer of protection against the hackers that are trying to break through. Antivirus software detects and removes malware (malicious software), as well as preventing it from getting into the system in the first place. Although no software can promise 100% impenetrability, by regularly scanning your device and systematically removing malware, it makes it much harder for hackers to find access points. To add to this, firewalls serve as a continuous monitor of your device traffic, denying access to malicious content.

Once you have the available software for protection, you need to look after it. Any connections to the internet are potential vulnerabilities for hackers to try and exploit. Keep every connection, operating system, and application up to date when they prompt you. Carrying out these updates limits possible exposure to hackers, but if you choose to ignore the updates, your business is put at risk. It can be tempting to keep clicking the ‘remind me later’ option because it’s quicker at the time, but out of date software slows down your operating system as well as leaving gaps for new threats to infiltrate into your system.

Email Awareness

Basic email awareness training can work wonders in preparing employees for the potential threats out there from hackers. By the user clicking on a download link, email attachment, or by visiting an insecure website, malware can quickly spread into the whole network.

Email vigilance shouldn’t be simply regarded as ‘common sense’ because gaps in employee knowledge can be something that could make or break your business, something that can easily be prevented through some time and effort.

Social Media

The current obsession with social media means that it would be dangerous to believe that the working day goes by without employees checking on one of the popular sites. With this frequency comes a security risk. The informal qualities in sites such as Facebook and Instagram make us believe that the information we post is harmless, far from being seen as confidential.

By letting our guard down in the seemingly fun and innocent way of socialising with friends online, it gives hackers the weakness they need to gain personal data that can then be sold on the cybercrime black market with the intentions of identity fraud as a result.

Education and Training in the Workplace

When it comes to the topic of cyber protection, it is the responsibility of everyone involved to keep the business secure. Indoctrinating this attitude of accountability and shared responsibility around cyber security is known as creating a compliance culture, an environment companies can adopt in order to go the extra mile in cybercrime prevention.

Through regular training and communication with employees to keep them in the loop, a proactive mood is created, something that will influence behaviours to ensures cyber security training goes beyond what is required by the law.

The threat from employees can be greater than you think, as they are frequently the weak link that allows hackers to attack through a mixture of human error and a lack of understanding on the topic. It only takes one unsuspecting employee to let malware into a network by opening an infected email/link. Most malware gains access through this sort of mistake, something that can easily be prevented through training.

Protocol for Breaches

If a data breach occurs, it is the responsibility of the organisation to react quickly and effectively to minimalize the damage to not only themselves, but to their customers as well. The priority should be to notify the Information Commissioner’s Office within 24 hours of becoming aware of the breach, providing as many details of the breach as possible through keeping a continuous record of breaches. If the breach is likely to result in high risk affects, then individuals involved should be informed too, stressing the importance of consistent communication between all parties when a breach does occur

You should have a robust breach detection, investigation and internal reporting procedure in place if the worst should ever happen, which it most likely will at some point. With figures revealed that almost half of all UK firms were hit by a cyber breach between 2016-17, equating to 30% of all crimes recorded within the UK, burying your head in the sand won’t get rid of the problem anytime soon.

A cyber security policy highlights the data you need to protect, the threats that are out there from cybercrime, and the protocol required to protect that data to result in a successfully stable organisation. The policy should create a workforce that not only knows how to reduce the chance of attack from hackers, but also prepares them to deal with a data breach should it happen, and in doing so reduces the impact it has on the company’s reputation and finances.

You should develop, review, and maintain your policy regularly so that you are not only keeping up with required legislation, but also making sure that there is consistency between your employees so that there is a level of understanding across all the business, to make sure no one is missed out and left in the dark over the severity of cyber security.

A Growing Threat of Cyber Breaches

Our reliance on technology is at an all-time high with it being revealed that we spend around 25 hours a week online, and a lot of people admitting that they accessing the internet 50 time every day. We even spend more of our day online than sleeping!

This growing ‘need’ to be online means that people are looking to take advantage and make a profit in the meantime. As technology develops, so does the deep dark world of cybercrime. The result is a sophisticated network of hacker gangs, all using their skills to gain unauthorised access to networks and con people out of money and passwords through phishing emails, all with the same incentive, to gain a profit through exploiting others.

Cybercriminals run their own black market in a highly organised way to create something that is now fetching in greater sums of money than the illegal drugs trade. The skills needed can be taught by the growing number of ‘how-to’ guides popping up online, and this accessibility alongside the money at stake means that the dark web is thriving.

Through people failing to prepare themselves for cybercrime, or simply not being trained on how to deal with it, hackers are exploiting this weakness and having success in doing so. Shockingly, criminals have attacked one in five British businesses between 2016-17, and with the British Chambers of Commerce revealing that only 24% of businesses have a security policy in place, the problem needs to be taken more seriously.

The Impact of a Breach

Cyber attacks can cause catastrophic damage to any business, and hackers aren’t fussy when it comes to picking a target, whatever size and industry, they will attack, leaving it less of a matter of if you’ll be targeted, and more of a question of when.

The most recent example is in the form of Ticketmaster UK, the popular ticket sales sites, that lost the personal and payment details of up to 40,000 customers in June 2018. The breach happened due to a third-party customer support product having malicious software that was then spread to Ticketmaster themselves, highlighting how fast malware can get into a network, and through the most unsuspecting places.

The scale has no limits, with business heavyweights being targeted just as much as SMEs. No one is safe, which is why having a strong policy is so important.

Choosing to ignore the threat could not only lead to financial and information losses, but also hefty fines from the GDPR’s new data protection legislation released in May 2018, as well as seriously damaging your organisation’s reputation and standing within the business community.

Staying Safe

By using the appropriate technology out there, as well as training employees to understand the threats of cybercrime, organisations can successfully stay one step ahead of the hackers.

Antivirus software works by finding the malware in a system and removing it systematically, as well as trying to make sure it doesn’t get in in the first place. Additionally, by equipping yourself with firewalls you are essentially hiring a controller to keep an eye of what gets in and out of a network, keeping the harmful material out.

As well as having the correct software protection installed, you need to look after it through regular updates. If you ignore the update reminders, you are putting your organisation at risk by having out of date software. It can seem like a waste of time to wait for the updates, but old software doesn’t just slow down your whole system, it leaves gaps in protection that hackers can use as entry points to expose.

When it comes to the topic of cyber protection, the responsibility of keeping all devices protected falls on everyone within the organisation. This attitude of shared responsibility and accountability is also known as a compliance culture, an environment that companies can adopt in order to go the extra mile in cybercrime prevention.

By fostering a culture where employees are regularly trained in email use/password settings/social media, the result will be a vigilant working body that is prepared to deal with any cyber threats that head their way. In doing so, it ensures that training goes beyond the legislation requirements to create a stable, safe and compliant business.

Problems created as a result of weak cyber security can make or break a business. For both small and large organisations, hackers can create serious issues by gaining access to networks and systems to retrieve valuable information. As our use of technology increases, so does the frequency of cybercrime, stressing how important it is to maintain secure protection against these threats. Choosing to ignore it could not only lead to financial and information loss, but also serious damage to your organisation’s reputation and its standing within the business community.

Current Security Challenges:

Constantly evolving technology means that security threats develop alongside it. Whilst we try and keep up with technology, so do the hackers in finding new ways to access important data. Businesses are having to deal with these new threats every day.

Mobile devices

Undoubtedly one of the more important security challenges facing us today is the growing realization that mobile devices are systemically vulnerable to interception and monitoring. Seen as the weakest link in a company’s cyber security protection, hackers can take advantage of these flaws and exploit them on a regular basis from anywhere around the world.

Mobile devices serve as a cyber security problem because of one factor: they are mobile. This accessibility has resulted in 30% of online orders being made through mobile devices last year, a popularity that is set to grow, all the while creating a hive of activity for online hackers.

The devices aren’t under the same control as your employee’s desktops or your internal servers. They are liabilities in the hands of your employees. Whilst working is made easier and more portable through their use, it also exposes cyber security weaknesses. All digital media devices are a way in for hackers, not just network PCs and laptops in the office.

Constant changes

Networking technology is changing rapidly, something that means firewalls will have to adapt in order to keep up. Acting as the controlling barrier to decide what goes in and out of a network, they can determine who accesses important information.

As well as changing firewalls, your software needs to remain up-to-date so that your level of protection remains strong enough to withstand threats. Old software doesn’t just slow down your operating system, but it leaves you exposed to potential new attacks.

The recent trend found in hacking is the use of malicious code and links. The technique targets businesses of all shapes and sizes because it is a quick way to try and gain unauthorised access to information. These attacks have shown us that it’s not just an organisations customer data, trade secrets, or finances that are at stake, but that entire operations have been shut down as a result, having devastating effects not only on the business itself, but the numerous employees and consumers too.

A Need for Education and Awareness:

Many of the breaches seen in the last year were not the result of outside hackers penetrating the business and stealing data from it, but from sources within the organisation. By having access to sensitive data, employees can inadvertently or maliciously create entry-points into systems and networks, leaving valuable information exposed to hackers. Since no malware is involved and no penetration actually happens because it comes from inside the company’s barriers, many of the common security mechanisms, like firewalls and anti-virus software, become blind to the attacks happening.

Cyber security skills are essential to any organisation committed to addressing the increasing and pervasive risks associated with cyber attacks. Chief Information Security Officers (CISOs) have stressed that regular and consistent conversations between leadership teams, board members, and other employees can help strengthen and maintain cyber-security practices. This is all in the aim that, if employees are trained to serve as the first line of defence for organisations, they will no longer be a weak link in the cyber-security chain for hackers to exploit, and instead they are prepared to spot potential threats and deal with them effectively.

Even offering basic awareness training can significantly improve the cyber-security of a company collectively, a small step to help prevent financial and reputational losses that go hand-in-hand with unauthorised access to devices, networks, and databases.

By spreading the message that everyone is accountable and responsible for cyber security, organisations can successfully create a compliant environment alongside regular training that’s both up-to-date and engaging, both features that allow a company to efficiently protect itself against the cybercrime out there.

In addition to this, the GDPR’s new data protection legislation, released in 2018, ushers in a world of change for security teams in business. It will allow professionals to join forces with privacy, risk and compliance officers to maximise data governing policies. The changes will see a push towards a compliant culture within the workplace to ensure data protection policies and regulations are met consistently. By introducing fines of up to 4% of a company’s annual turnover, it is hoped that the increasing threat of cybercrime will finally be taken seriously among all parties involved.

Cyber security is incredibly important for small businesses. Cyber breaches are often caused by employees inadvertently creating an entry-point into systems and networks, leaving confidential information vulnerable to hackers. A cyber-security breach could be detrimental to the future of your organisation due to potentially devastating fines for data protection breaches introduced by the GDPR in 2018, not to mention the knock-on effect that lax cyber-security could have on your organisation’s reputation and its standing within the business community.

Important to remember is that maintaining strong cyber security involves the creation of a compliance culture; where behaviours aligned with your regulatory obligations are not only encouraged, but nurtured and regularly reinforced. Investing in cyber-security awareness training means your staff will be empowered to spot and report suspicious activity, and your organisation can build on its strong reputation as a trustworthy business that invests in its customers’ right to privacy.

Far from just an issue for large corporations (although the media does tend to sensationalise these large scale data breaches), there’s around a 50% chance that a UK SME will experience a cyber-security breach of some kind. In fact, due to the likelihood of start-ups and SMEs not investing enough in cyber security training or top-of-the-range security software, these types of organisations make for easy targets. That’s right, hackers are aware that smaller businesses are less likely to have an up-to-date cyber-security training programme in place and, as the weakest link in the chain, this means that your staff are more vulnerable to common security threats.

Common Security Threats for Small Businesses:

Keeping your systems safe doesn’t need to be confusing or even extensively costly. With a few simple steps, you can increase your cyber-security efforts and help mitigate the risk of your business falling foul to common types of cyber-crime.

Using email and the Internet Securely

It may seem obvious to you, but basic internet/email awareness training shouldn’t be ignored or accepted as ‘common knowledge’ – something everyone automatically already knows prior to employment. Remember, most Malware is introduced to its host computer by the user clicking on a download link, email attachment, or by visiting an insecure website.

Malware may take many forms, e.g. ransomware, viruses, Trojan horses, spyware, and so on, but it almost always finds its way onto business networks due to gaps in employee knowledge when it comes to safe use of email and/or the internet. When it comes to computer literacy and its effect upon cyber-security, regular refresher training should never be underestimated

Social Media

There are reports that, on average, people use eight different social media accounts at any one time! Given this information, it’s highly likely that most of your employees will access at least one form of social media on a daily basis, and that’s why it’s so important for small businesses to define their terms of acceptable social media use early on, and to highlight (and therefore mitigate) cyber-security risks on these platforms.

Social Hackers exploit both the proliferation of social media in recent years, and the ease of access to new victims afforded by these sites (e.g. through users’ friends-lists). Because we don’t generally see the information we post on social media as ‘valuable’, or even as confidential, users tend to let their guard down whilst accessing these platforms, and this makes them easy prey for hackers. You are, e.g., far more likely to click on a Malware download disguised as a fun link, or fall for a Phishing attempt asking for confidential information, whilst using social media.

Remember, it only takes one unsuspecting employee to unwittingly click on a Malware download for your entire network to be infected. Social media awareness training has never been so important.

Software Updates:

Ignoring software updates puts your business at risk. Although it seems convenient to keep clicking the ‘remind me later’ option, out of date or unpatched software doesn’t just slow down your operating system, it invites known threats to infiltrate your system. As well as removing outdated features and fixing bugs, software updates fill-in any newly-discovered holes in security, blocking hackers’ chances to infiltrate the gaps and plant, for example, Spyware, onto your machine.

Remember, updates are important for all digital media devices, not just network PCs and laptops in the office. So, if your team uses or shares mobile internet devices, e.g. tablets and mobile phones, it is the responsibility of everyone to ensure updates are installed. This kind of accountability and responsibility for cyber-security is known as:

A Compliance Culture

If you expect your employees to take cyber-security seriously, it’s important for small businesses to embed compliance firmly within the organisation’s culture, as part of its core business model, and led firmly (and positively) from the top.

By fostering a culture wherein employees are regularly trained, updated, and reminded about compliance procedures in an empowering, uplifting way (i.e. not just as a box-ticking exercise), small business owners can set foundations, lay out their expectations, and even influence employee behaviours in ways that ensures their cyber security training goes way beyond what is simply mandated by law.