Data Phishing: Everything you Need to Know to Keep Your Business’s Data safe.

The more organisations understand about how to prevent data phishing the better; after all, 4 in 10 businesses (39%) and more than a quarter of charities (26%) report having suffered cyber security breaches or attacks in the last 12 months according to a recent government survey.

Indeed, when we add-up the cost of cyber-crime to UK businesses (which, astoundingly, reached £87 billion 2015-20) and consider the phishing attack increase seen throughout the covid-19 pandemic (as if businesses didn’t have it tough enough during this time!), it’s clear that the phishing threat isn’t going away any time soon. Therefore, business leaders should act accordingly to protect their assets, brand reputation, and data.

Phishing explained

Phishing is a hacking technique where ‘bait’ – often in the form of an ‘urgent’ request for information from a seemingly trustworthy source – is emailed or texted to users.

It involves tricking the user into clicking upon false links that redirect to a fraudulent, yet convincing-looking, website. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.

By and large, phishing emails are mass-sent to thousands of recipients at random, in the hope that at least one or two people will fall for the trick (maybe they’re busy and distracted at work, for example, a very good reason to refresh phishing awareness training regularly!).

A similar, yet more targeted, scam known as ‘spear phishing’ is slightly more artful. Spear phishing is designed to target a specific individual, often inside a particular organisation that hackers have chosen to infiltrate, and it often involves differing levels of social engineering to craft targeted attacks. Find out more about common types of phishing attack here.

Image

Phishing and social media

Phishing might also occur across social media channels, and this isn’t something businesses should overlook. After all, many members of staff use personal social media accounts during their break time or on their phone at work, and most organisations have professional social media accounts set-up to share company updates.

Hacked-accounts on social media might share links via a status update or private message – a method of phishing that’s highly effective since users are more likely to trust links sent from people they know.

Another common phishing tactic on social media is fraudulent customer-service representatives or ‘help desks’ asking users to verify their identity, or claiming users’ accounts are under attack and must be reset in some way. Of course, this always involves users sharing their login information with the fraudster.

In both these cases, people that re-use social media passwords for things like email accounts, work PCs, and online banking could find themselves in serious trouble if they fall for the con.

Data Phishing Prevention

Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can educate employees to avoid these sorts of phishing panic-attacks by offering regular cyber-security awareness training (including social media awareness training) designed to keep users alert and always wary of the messages they receive.

Using a phishing simulator tool can also test how effective your cyber-security training is by putting employees to the test with regular phishing simulation emails.

Designed to keep awareness levels high and offer additional phishing training to those who need it (i.e., those who don’t pass the test), phishing simulators can boost your organisation’s information security program and allow security professionals to monitor vulnerabilities.

Hybrid Working – Reducing the Risks of Cyber Attacks

Since the start of the COVID19 pandemic, it is estimated that cybercrime has skyrocketed by 300%. A major factor contributing to the increase in cybercrime is the rise of remote working.

Currently, many businesses continue to work remotely with one in three UK workers currently based exclusively at home. It is a trend expected to continue this year with hybrid working expected to become the norm. With the changing world of work, cybercriminals will continue to exploit human error and target vulnerabilities in systems – no matter where your employees work from.

Red Flags to Look Out For

Cybercriminals use sophisticated tricks and techniques to target and illegally access businesses’ confidential data. Be it phishing, ransomware or social engineering. To beat cybercriminals and ensure cyber safety and information security in the hybrid workplace, let’s look at some of the common red flags of modern social engineering and cyber attacks:

  • Suspicious links or downloads: Avoid clicking on links in emails that you receive from people you don’t know. Take the time to inspect the sender information and whether the email source is genuine. If in doubt, always best to not click or download.
  • Signs of urgency: Many attacks are designed to force the user into taking action promptly. For instance, it could be an email on an outstanding invoice yet to be paid or taking action on an external account to prevent disruption to service.
  • Requesting sensitive information: Such as bank details or national insurance number for tax purposes. Any legitimate organisation will always call you directly if they gather sensitive information.
  • Posing as public or government bodies: Many individuals and businesses report being contacted by public or government bodies. Such as tax refunds from the HMRC, email attachments from the World Health Organisation (WHO) and even bitcoin donations to help fight the coronavirus. These are scare tactics aimed at giving up work or personal email details.

Reducing the Risks

We are strong believers in prevention is better than cure. The best way to reduce the risks of cyberattacks is to invest time and resource in keeping your systems secure and ensuring that your employees are aware of the cyber threats facing your business. The level of threat remains the same irrespective of whether they work from the home or from the office. But in a hybrid working set up, the chances of human error can go up as seen during the COVID19 pandemic. It’s vital for businesses to recognise the risks and take proactive measures to keep their business prepared as they move to a hybrid working model.

Keeping Systems Secure

Most cyber-attacks aim to target organisations with outdated computers and systems which haven’t had the critical security updates or patches installed in a long time. With a lack of security, hackers can easily gain access to business networks and systems. They may also use ransomware to resort to blackmail to hand-back control of systems and databases.

Keeping systems up to date, especially when working remotely, is the first line of defence against cyber-attacks. Make sure you have invested in a reliable IT team and systems which can protect your devices and networks from viruses and hackers. Antivirus software is a cybersecurity cornerstone that can protect against various malware by providing security features such as firewall, spam filters, real-time scanning and security reports, among other things.

Implementing a Cybersecurity Policy

An efficient, company-wide cybersecurity policy can help organisations outline the best practice for their employees to follow while hybrid working and ensure they are taking the necessary steps to keep business information secure. A comprehensive cybersecurity policy is essential for driving the message from the top and raising awareness amongst your employees. Make sure the cybersecurity policy covers:

  • The importance of cybersecurity
  • Recognising cyber threats such as phishing and ransomware
  • Installing security updates and patches
  • Keeping computers and devices secure when not in use
  • Effective password management
  • Using email and the Internet securely

Investing in Awareness Training

Many experts recognise cybersecurity awareness training as a key priority in a hybrid working world. Many cyberattacks are often attributed to employees inadvertently creating an entry-point to the systems that cybercriminals could take advantage of. It all comes down to a lack of awareness which can put your employees at risk of making errors in judgement, resulting in information security breaches, company downtime, or financial loss. Educating staff reduces the likelihood of successful cyber and social engineering attacks. Make sure your awareness training program is capable of rolling out effective learning interventions over a number of years – after all learner engagement and knowledge retention are the key ingredients in ensuring effective awareness training and return on investment.

As specialists in awareness training, we can support your business with our online training solutions for cybersecurity and information security. Visit our Information Security collection page to find out more.

Introducing Our New Information Security Collection

We are excited to launch the second of our Compliance Collections for Information Security – a unique approach to keeping awareness training programmes fresh, year on year. Keep your workforce cognizant no matter where they work.

Keeping Business Information Secure

Cyberattacks continue to be a concern for many organisations. A study by Accenture indicates that the most expensive component of a cyber-attack is information loss at $5.9M. Information breaches from cyberattacks can have devastating consequences on businesses – from significant financial losses to damage to reputation and job losses.

With remote working becoming the norm, in light of the COVID19 pandemic, information security is more important than ever. Employees are now spread across different locations – be it in the office or at home. It is therefore paramount to keep your workforce aware and informed on how to keep business information secure. Awareness training is vital for educating employees on the threats facing businesses, spotting the signs of cyberattacks and mitigating the risks of breaches.

One Size Does Not Fit All

When it comes to online training programs, one size does not fit all. With this in mind, we designed our Collections to help organisations create a cost-effective bespoke training solution using our off-the-shelf products. With Collections, organisations can roll out effective learning interventions over a number of years – promoting learner engagement and knowledge retention.

New Information Security Collection

Our Information Security Collection is packed with courses in a variety of learning styles – combining immersive learning, microlearning and toolbox talks to keep learners engaged. Also included are free communications resources which can be printed out or displayed in the workplace digitally to reinforce key messaging.

With novel learning experiences and targeted messaging, our Collection can help boost engagement and retention while embedding a culture of compliance.

What’s New?

Apart from a complete refresh of our existing courses, our Information Security Collection includes the following new courses.

Immersive Learning

Our immersive learning courses are scenario-based and highly interactive – placing the learner at the heart of the experience and testing them on their ability to make the right decisions.

With the new immersive-learning course on Introduction to Information Security, educate members of your staff on their responsibilities in ensuring that your organisation is protected against cyberattacks and breaches. It is a highly gamified course, using multiple gamification elements and the latest techniques in high-quality 3D styling.

Diagnostic Assessment

The new Diagnostic Assessment is a short quiz to measure the learner’s understanding of information security and automatically create enrolments onto relevant microlearning courses. The assessment is useful for assessing individual training needs, offering valuable insight into common training gaps with targeted interventions tailored for each employee.

The Diagnostic Assessment requires all the microlearning courses in the collection. It is exclusively available for xAPI courses, utilising the auto-enrol functionality powered by our Astute LXP’s AI engine.

Microlearning

In addition to our existing microlearning courses, following are the new additions to the Collection:

Toolbox Talks

Three new Toolbox Talks designed as blended training courses for small groups. Each Toolbox Talk includes downloadable facilitation notes.

Get a sneak peek at all the new courses on our Information Security topic page. Or download the brochure below for Information Security Collection.

Protecting Homeworkers’ Health and Safety

The recent HSE update to their guidance on protecting homeworkers has become even more pertinent following the new Government directive to work from home where possible.

Just as many workers were returning to their offices, albeit in a very different capacity to which they left them, the trend is now set to reverse with numbers working from home likely to rise again.

The updated guidance reiterates the need for employers to demonstrate the same duty of care towards employees who work from home as they do for on-site staff.

HSE guidance and how training can help

The importance of adhering to the guidelines is twofold:

  • To look after your employees and ensure their wellbeing, both physical and mental
  • To ensure that your business is compliant and operating within the guidelines, negating the possibility of any future accusations of not following the correct procedures which could leave the company open to financial penalties.

In order to help keep your employees safe and your business compliant, eLearning can help employers ensure that they are providing the best possible level of care to the health and safety needs of their employees.

Employees can take the training at home and as they are likely to be in their current working environment they can make any changes necessary to improve their safety quickly and easily.

eLearning can cover the key areas contained within the HSE guidelines and is ideally suited to ensuring that you and your employees are working in a safe environment.

The guidelines refer specifically to DSE (Display Screen Equipment), Mental Health and Stress and state that:

As an employer when someone is working from home, permanently or temporarily, you should consider:

  • How will you keep in touch with them?
  • What work activity will they be doing (and for how long)?
  • Can it be done safely?
  • Do you need to put control measures in place to protect them?

This is as important now as it was when employees first started to work from home on a widespread scale, following restrictions imposed in March.

It could be argued that it is actually even more important as time has progressed, with feelings of isolation likely to have grown the longer home working has gone on.

To say that everybody who has switched to working from home has suffered mentally isn’t true; studies have shown that a high number of people have flourished, citing increased flexibility, lack of commute and reduced distractions as just some of the reasons for a reduction in stress and improvement in overall mental health.

DSE and working from home

One of the key things to consider about the home office space is DSE. We all know that incorrectly set up screens can cause musculoskeletal issues and other health problems and that this has to be a core area of concern for employers moving towards homeworking; but how do employers and employees alike mitigate this risk?

The answer is with targeted training that can be delivered at home, namely eLearning. Getting your employees to undergo training specifically focused on DSE will help to achieve the goals of ensuring their safety and demonstrating you taking responsibility as an employer.

Training should include points such as:

  • How to set up DSE correctly to maximise safety
  • Exercises to minimise the risks of injury
  • Importance of regular breaks
  • Relevant legislation

To discover more about successfully training your employees to set up their DSE safely, we have a number of options available.

Stress

The HSE guidance explicitly mentions the greater need for employers to ensure the mental health of their homeworking staff is protected.

Studies have shown that a number of people have seen improvements to their mental health since working from home, citing increased flexibility, lack of commute and reduced distractions as just some of the reasons for a reduction in stress.

However, for a great many others, feelings of isolation, loneliness and detachment from the workplace has led to a rise in stress and a deterioration in mental health.

This is where managers have had to step up and will continue to need to do so. Increased communication from managers is vital to help with feelings of isolation, as is the need to be able to recognise early warning signs and symptoms of stress in employees.

We have a set of resources specifically designed to help employees recognise their own signs of stress and to help manage it, along with resources for managers to learn how to manage stress in their team.

Home Working Risk Assessments

Many of the risks inherent to homeworking are the same as working in the office: setting up display screen equipment correctly, minimising slips and trips and taking extra precautions if lone working for example.

Home working environments should have had a thorough risk assessment carried out at the outset. Even if this was the case, now is a good time to be re-visiting it to ensure that the working environment remains safe.

We created a Home Working Risk Assessment for precisely this purpose and provides a comprehensive tool for ensuring the safety if your employees.

It focuses on three core areas: your home workspace, working design and taking care of yourself. From looking after your mental health all the way to electrical safety, no homeworking topic is neglected. There is also an extra section for people with line management responsibilities.

Summary

The recent updates to the HSE guidelines about protecting home workers are a timely reminder that we cannot be complacent about the health and safety of homeworkers.

Coupled with the new advice from the government regarding working from home where possible, now is the perfect opportunity to refresh your employees training to maximise their safety.

Our solutions provide a high quality, cost effective solution to your training needs in order to mitigate risk and keep your employees safe.

Improving the Education Around Online Scams

Online safety is something we’re constantly telling kids – don’t speak to people you don’t know, don’t open any dodgy looking emails, and don’t give out personal details. This is all well and good, but online scammers are still finding victims to get money out of every day.

Whilst the younger generation are growing up with internet security being drilling into them to create a tech-savvy attitude, the older generations seem to be have been forgotten, and because of this they become the ones that are more regularly the victims of online crime.

Anyone can be a victim of online crime, with it being estimated that around £10 billion is lost every year in the UK alone because of cyber scams. Age UK reported that 43% of older people believe they have been a target for scammers.

The very fact that older people are more likely to live alone is a point that fraudsters look out for because it is a potentially lonely and vulnerable victim that they can take advantage of.

Scams can come through a number of sources: face-to-face doorstep conversations, over the phone, through the post, and on the internet – so now more than ever we need to know how to protect ourselves.

Angela Ramsay is a perfect example of how fraudsters targeted someone out of touch with technology and unaware scamming techniques.

“I was a 57-year-old lady living alone and was very happy in my new home. I loved my job and was financially secure after being left some money in a will from a lifelong friend. I had a lovely new man in my life, all was perfect. Then I was scammed.”

What happened

Angela was called at work from a number claiming to be Nationwide’s fraud team, when she checked the number that had rung, it matched up with a number listed online as Nationwide, so she thought everything was fine.

When they rung her back later on, they told her someone was attacking her account in the West Midlands. When she questioned their legitimacy, they reassured her that they were the number listed on the back of her bank card. She then got an email which began the process of them taking her money. They told her they were moving it to safe accounts.

The next morning, she rung the number that had called her, which put her through to Nationwide, she wanted to check everything was okay. They didn’t know what she was talking about.

“I broke down and screamed. I didn’t know what to do. I was feeling sick, a fool, ashamed and very depressed.”

After 3 months of persistent phone calls and questions, Angela managed to retrieve £53,000, leaving scammers with £14,000.

“I know I was very lucky to get that back, but I had to fight for it.”

Improving education on scamming

Angela admitted that she knew nothing about scammers and the techniques they used, and this is where the problem lies.

Education around scamming and online fraud needs improving, because although there is plenty of material online, not everyone has internet access, and as a result, it tends to be those people that are the easiest targets.

Increasing the production of physical material in branches to educate people on scams means that more people can be aware of the warning signs and stop things like this happening.

What are the warning signs?

It can be hard to spot a scam but following these steps could prevent you becoming the next victim of this modern crime.

It is out of the blue?

If a company calls you randomly, make sure you verify who you are talking to before giving them any information. Ask them to give you details that only that company would know. If you’re not convinced, then hang up and call the company directly. It is always better to be over cautious.

Too good to be true?

This is very simple, if it sounds too good to be true, it probably is

Personal details

Phone scammers work by getting personal information from you. No matter how small the detail is, it could be exactly what they need to steal your identity and go on to steal your money. Never share personal details with someone that can’t verify who they are.

Feeling hurried?

If a company is putting a time pressure on you to make a decision, that is when alarm bells need to be ringing. Anyone that tries to rush you should not be trusted.

Being the victim of a scam has a massive effect on your life, financially and emotionally. Following these simple steps and improving the education around scamming can stop people becoming victims of these cyber criminals.

This article is written by guest author India Wentworth [email protected]

Millennials, COVID-19 and Technology

Millennials, COVID-19 and Technology

The effects of the COVID-19 outbreak are unprecedented in living memory. Almost unique in peacetime, the changes to society, work and leisure are far-reaching, with major measures to prevent the spread of the virus in place in every country touched by it.

The crisis has shone a light on the central role of technology in our society. If our reliance on modern tech was something to be concerned about beforehand, it has become nothing short of vital now. Perhaps the Millennial generation – long mocked for their supposed obsession with technology over real-world interactions – are specially placed to adjust to these changes.

The Role of Technology

With many people confined to their homes for the foreseeable future, our internet connections have to stand in for many of the building blocks of normal life:

  • Work: Those who are able to work from home have been told to do so. This has created an army of remote workers, many of them working from home for extended periods for the first time in their careers.
  • Education: Since schools closed, many parents and family members are finding themselves in the role of temporary teachers. The internet provides endless content for activities to keep children happy, engaged and learning during the closure period, as well as providing a handy way for teachers to put work online for their students.
  • Social Lives: With gatherings forbidden, technology allows us to remember that “social distancing” only refers to physical distance. Keeping in contact with our friends and family remotely is more important than ever. When phone calls and social media posts just aren’t enough, video calls can give us that much-needed dose of human interaction.
  • Shopping: People have been advised to shop online for essentials where they’re able to. It’s not always possible – due to the greater demand, delivery slots are harder to come by – but where it can be done, it avoids unnecessary interaction with others and helps to stop the spread of the virus.

While for many people this is a revolution in how they live their lives, for many millennials, it is an intensifying of habits they already had.

Coming of age in the early 2000s, millennials were the first generation to fully embrace social media and go through the latter stages of school and university with broadband internet access close at hand. Keeping in touch with friends in far-flung places, ordering items online and doing work – or school work – at home is second nature to many. Though it is of course a generalisation, it may be the older generation who are feeling the most strain from the coronavirus lockdown.

Every generation expresses a preference for some flexibility in where they work from, but this has been particularly strong for millennials. For years before the crisis began, this age group were showing a strong desire to work from home where possible. It’s hard to predict what long-term effects the coronavirus lockdown will have on working practices, but with widespread home-working becoming the new (temporary) norm, it could be that more employers follow this line in the future, adapting their business demands to the needs of millennial workers.

Pulling Together

Now more than ever, society needs to pull together – and that needs effort from people in all age groups.

This period has been full of examples of the best social media has to offer the world. For example, within a few days of the shutdown there were hundreds of Mutual Aid groups on Facebook, where local people who were vulnerable, self-isolating or running low on essential supplies could ask for help. There have also been successful fundraising efforts to help those most at risk of the virus, such as the Robin Hood Fund in Nottingham.

Video calling technology has also been useful for connecting older people who cannot leave their homes or receive visitors to their families – proving that far from pushing people apart as opponents of such technology have suggested, it can actually bring people separated by circumstances closer together.

Helpful Resources

Here are some more helpful tips and resources to help you while remote working:

Remote Working awareness course

Try our Remote Working awareness course to stay safe and healthy away from the office.

Information Security awareness training

With the flexibility to work from home in the current climate, it’s a great time to refresh your knowledge of keeping business information secure and working safely online. Try our awareness training courses on key information security topics to working safely and securely away from the office.

Business Contingency Plan (BCP) for Infection Outbreaks

blog post with helpful tips for businesses on drawing up a business contingency plan and ensuring business continuity.

Mental Health While Working Remotely

blog post with helpful tips on how to care for your mental health while working from home for longer periods.

Four Tips For Keeping Safe Online When Remote Working

With the spread of the COVID-19 coronavirus globally, a majority of businesses are following up on the official advice of social distancing, encouraging employees to work remotely and ensuring business continuity. While remote working has its benefits, it could also lead to potential cybersecurity risks for employers and employees.

Here are some helpful tips for ensuring cyber safety and information security when working remotely.

Work on Secure Network

The first and most important step to working remotely is making sure you are connected to the Internet, ready to connect with your workplace, communicate with colleagues and access business information online. Failing to work on a secure network can make you vulnerable to a cyber-attack, compromising your systems and business information in such a critical time.

Top Tip:

Make sure you are using a virtual private network (VPN) or a secure home network with strong end-to-end encryption, for example, Office 365 SSL session. Using an unsecured network such as public WiFi could inadvertently create an access point for hackers and cybercriminals to exploit and make your systems susceptible to cyberattacks.

Secure Your Personal Devices

With so many employees working remotely, many organisations have authorised the use of personal devices when working from home. Using your personal device for work is fine as long as you are keeping it secure and have the most up-to-date software and settings running on it.

Top Tip:

It is very important to make sure that you are running the most up-to-date anti-virus software on your device. Anti-virus software carries out regular scans of your computer and removes any malware detected. Make sure you are combining the anti-virus software with a robust firewall – software that monitors incoming and outgoing network traffic on your machine. This will ensure that you are significantly reducing the risks of cybercriminals successfully infiltrating your machine.

Beware of Phishing Attacks

Beware of cybercriminals looking to exploit the current situation on the coronavirus pandemic. Phishing attacks are designed to gain unauthorised access to confidential information through email.

Security experts are reporting a substantial rise in phishing email scams related to the coronavirus – the worst they have seen in years. The BBC has followed up on reports of individuals and businesses being targeted with phishing emails. The campaigns include tax refunds from the HMRC, email attachments from the World Health Organisation (WHO), bitcoin donations to help fight the coronavirus and scare tactics aimed at giving up work or personal email details.

Top Tips:

  • Never click on links in emails that you receive from people you don’t know.
  • If you’re not expecting an email, always examine the content of the email thoroughly and look out for grammar or spelling of the email – these are the tell-tale signs of a phishing scam.
  • If the email is claiming to be from public bodies such as the HMRC or the WHO, don’t open these emails as these are well-known phishing scams circulating currently.
  • If in doubt, always forward the email to your IT team first and get help in verifying if the email is legitimate.

Keep Business Information Secure

Any business information you access from home will be protected by secure login and password. Be it your work email, online business applications and communications tools. Weak credentials are easily exploited by cybercriminals and setting secure passwords is your first line of defence against hackers trying to gain unauthorised access to businesses’ systems.

Top Tip:

Use strong and unique passwords each time and make sure they are a combination of letters, numbers and characters. Apart from setting up secure passwords, try using multi-factor authentication for your organisation’s systems. Multi-factor authentications work by verifying user identity by multiple credentials, normally a password and a code sent to the user’s phone by text or an additional security question.

Effective information security is key to optimising business information while remote working. Keeping information security risks under control will not only protect your own interests, but also those of your organisation, your customers and all other individuals or organisations that you hold information about.

Helpful Resources

Here are some more helpful tips and resources to help you while remote working:

Remote Working awareness course

Try our Remote Working awareness course to stay safe and healthy away from the office.

Information Security awareness training

With the flexibility to work from home in the current climate, it’s a great time to refresh your knowledge of keeping business information secure and working safely online. Try our awareness training courses on key information security topics to working safely and securely away from the office.

Business Contingency Plan (BCP) for Infection Outbreaks

blog post with helpful tips for businesses on drawing up a business contingency plan and ensuring business continuity.

Mental Health While Working Remotely

blog post with helpful tips on how to care for your mental health while working from home for longer periods.

Refresher Training in the Age of Home Working

People have been predicting a sharp rise in working from home for years. Sadly, it’s come to pass in a way few would have predicted, and nobody would have wished for.

The Covid-19 crisis continues to change the way we live and work in profound ways. Even for workplaces that can shift to a largely remote working model, it is a large change to make with very little preparation time. Individuals too are transitioning to performing their roles in ways they wouldn’t have predicted a few weeks ago.

In the midst of these difficulties and fast-moving changes, how does your training plan fit into all this?

A Remote Model of Learning

The key word for getting businesses through the coronavirus outbreak is “adaptability”. With eLearning, adaptability is one of its greatest strengths.

Employees working from home and juggling their job’s demands and a sudden increase in childcare responsibilities will need extra flexibility with hours. Rolling out eLearning courses is the perfect solution. Courses can be taken whenever it suits the learner and you can be sure that everyone is getting the same information.

Modern eLearning is designed to be accessible. People can take their courses on whichever device is most convenient or comfortable for them.

Training for Remote Workers

There are many topics that lend themselves to being the focus of refresher training during the period of coronavirus.

Cyber security is one of the most obvious. Being outside of the traditional working environment – for the first time for many – it can be easy to forget the basics of protecting yourself and your data. Some refresher training in this area can remind people of cyber sec’s importance and protect them, and your business, from anyone trying to take advantage of the situation by exploiting poor cyber security.

With such an upheaval in working practices, it can help to get a refresher on risk assessments. Spotting potential hazards is just as important at home and we might even forget to look out for them because we’re generally more at ease in a familiar environment.

Social media has been buzzing with people sharing their (often very improvised) home working stations. While amusing in many cases, it’s important to remember the need for good display screen equipment (DSE) set ups. Though this can of course be challenging in a household with minimal free space or with several people working from home at once, employers still have a duty of care to their employees to help them avoid musculoskeletal problems from bad DSE usage. Providing refresher training can help jog people’s memories.

Remote working is in itself a new challenge for many. Sending out general remote working training can be very helpful at a time like this. Even in a crisis, there are benefits to this style of working, and many might find themselves feeling more productive. Yet staying connected to others and being aware of the issues around remote working can be helpful.

One area that might be overlooked is mental health. Workplace stress was a huge, widespread issue even before the coronavirus outbreak. Current events will be exacerbating existing anxiety. Employers should do all they reasonably can to watch out for their employees’ mental health and support them where they need it. Stress management courses might help people to handle their current work stress – or even help with the stress from other areas of their lives.

Refreshing eLearning

Everyone involved in training knows it is not just a simple “one time and done” job. Our brains don’t work like that. We need our knowledge to be topped up and used regularly, with training filling in any gaps that might be left over from the first time round.

This is where eLearning really comes into its own. Training schedules can be adapted year on year to make sure the basics are still covered, but people aren’t taking the exact same course over and over again. People can take short courses to address any small gaps in knowledge.

Not at Home?

It’s important to remember that not everyone has the luxury of switching to a remote working model. Many jobs can’t be done remotely, including those of key workers such as hospital staff.

For their benefit and everyone else’s, we are making our Preventing the Spread of Infection course free for the next 12 months.

Six Tips For Keeping Your Business Safe Online

Technology has transformed the modern workplace. From remote working to cloud-based apps and systems, more businesses than ever, including small and medium-sized businesses (SMBs), are harnessing the power of the Internet and digital technologies to improve productivity, boost efficiency and maintain business continuity.

While innovation has made universal access to the workplace possible from anywhere in the world, it comes with its share of threats. Cybercriminals are waiting and ready to attack vulnerable systems and users online. According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, about 66% of SMBs globally have reported a cyberattack in the past 12 months.

With new risks coming to light each year, it is vital to step up the efforts to protect your business and employees from the threat of cyberattacks. Here are some useful tips for keeping your business and employees safe online and securing your systems.

Prevent Ransomware Attacks

Ransomware attacks more than doubled last year with over £3.7bn paid out in ransom. Ransomware attacks are designed to disable or illegally take over business systems in exchange for financial payments, disrupting businesses and causing heaving financial losses. Cybercriminals are known to use a range of tactics, including phishing, to gain access to systems. Once in, it’s only a matter of time before data and systems are compromised and users find themselves locked out.

Ransomware attacks typically involve getting users to click on malicious links or attachments which could be PDF, ZIP, Word document, Excel spreadsheet, etc.

TIP: Beware of suspicious emails or SMS. If you are not expecting it, don’t know the sender or doubt the source, resist the temptation to click on potentially unsafe links or attachments which could open up access to cybercriminals.

Secure Systems Against Malware

Malicious software, or malware, enables cybercriminals to attack systems and networks by installing on to a user’s device without their knowledge. Malware can often be hard to detect and opens up access to personal and business information. The most common types of malware include viruses, spyware and Trojan horses. The best defence against malware is installing anti-virus software and ensuring systems are updated regularly.

TIP: Set up your devices, operating systems and apps to automatically install updates to make sure you get the latest security features that repair known security holes and help protect your systems against viruses and malware.

Beware of Social Engineering

Have you ever experienced an email asking for personal information or telling you that your account is at risk unless you provide login details? This is social engineering and involves cybercriminals psychologically manipulating unsuspecting users into divulging confidential information online. The best way to pre-empt a social engineering attack is through awareness, looking out for suspicious activity and about knowing who to trust with personal or business information.

TIP: Check before sharing any sensitive information online. Ask yourself these three questions: Does this look/seem/appear legitimate? Do you really need to provide this information online? What are you risking by providing information?

Use Unique Passwords

The number of accounts and devices which most people use daily usually means that a majority of people end up reusing their passwords rather than trying to remember several different ones. This could mean that employees often use the same or similar passwords for personal and business accounts. This could be dangerous because if one of the accounts is compromised by cybercriminals, it could mean all your accounts and all the information they hold become very easily accessible.

TIP: Use unique passwords each time and make sure they are a combination of letters, numbers and characters. Strong passwords avoid using obvious personal information which can be easy to ascertain or guess, such as date of birth, the first line of home/office address or pet names.

Adopt a Comprehensive Company Policy

A company cybersecurity policy outlines the guidelines and best practice for your employees to follow to ensure they are protecting their systems and keeping your business secure against the threat of cyberattacks. Company policies are vital for driving the message from the top and raising awareness amongst your employees.

TIP: A comprehensive company cybersecurity policy should include the following:

  • Importance of cybersecurity
  • Detecting key cyber threats such as phishing and ransomware
  • Applying security updates and patches
  • Locking computers and devices when not in use
  • Reporting lost and stolen devices
  • Protecting data and Personally Identifiable Information (PII)
  • Applying privacy settings for social media
  • Effective password management

Train your Staff

One of the key messages of the Safer Internet Day focuses on empowering employees to confidently respond to cyber threats through clear advice and quick access to support if things do go wrong. This includes training your workforce and developing their knowledge on the cyber threats facing them.

TIP: Invest in training and development programs which offer a comprehensive curriculum of training courses on cybersecurity and keeping information secure so that your employees are aware of the threats facing them and equip them with the knowledge for acting against threats.

How Can We Help?

As global specialists in compliance-focused training and development, we understand the importance of creating a compliant workforce and equipping your employees with the skills and knowledge to make the right decisions.

Find out how we can help you keep your business and employees safe online through our online Cyber Security Training courses. From comprehensive courses on Data Protection and Information Security to multiple bitesize micro-learning modules covering cybersecurity issues including phishingpassword setting and social engineering.