What are the most common crypto scams?

It’s impossible to overstate just how buzz-worthy cryptocurrencies and the blockchain that enable them have become over the last 10 years. From an obscure but promising alternative to fiat currencies to “digital gold”, they have become a controversial mainstay in the financial world.

Over 100 million people are now using cryptocurrency exchanges, with the total value of all cryptocurrencies adding up to almost $2 trillion – although this figure has proven volatile as markets enter a state of flux.

Investing in cryptocurrencies comes with a number of risks beyond mere market fluctuations though, as the security of cryptocurrencies and NFTs have proven to be woefully lacking. Just last year, there was over £11.8 billion worth of stolen crypto, according to blockchain analytics firm Chainanalysis.

So what are the ways in which scammers separate people from their crypto? Join us as we share the facts.

How cybercriminals are stealing crypto

Where there’s money, there are scammers. It’s no different with cryptocurrencies, and the consequences can be financially catastrophic.

One recent hacking incident involved the theft of over £433 million from Poly Network, before all but £25 million was transferred back. There have been many more similar incidents, with Binance losing $41 million to hackers in 2019. Just last week, actor Seth Green had his ‘Bored Ape Yacht Club’ NFT stolen, pausing production on his TV show which utilised the character.

Many online scams target new investors who are keen to hop onboard a particularly hot market.

These scams utilise the fact that cryptocurrencies are still complex and not all investors have an in-depth understanding of how the systems around them work. Due to this general lack of knowledge, investors are more likely to fall for scams that enable cybercriminals to steal their money.

A common type of scam is where scammers pose as celebrities or well-known investors encouraging people to invest in crypto, but once they pay the money they receive no crypto tokens in return.

However, the most common type of attack is good old fashioned phishing. By far the most common attack type across cybersecurity in general, it’s also a popular attack type in crypto scams.

Put simply, phishing attacks involve sending emails purporting to be from legitimate sources, but are in fact from scammers.

An example might be an email that appears to be from your crypto exchange, requiring an update of passwords for security purposes. Once you click through and input your details it’s too late – the scammer has your account and can effortlessly transfer your tokens and NFTs to another wallet.

How to protect yourself and your businesses from crypto scams

With more businesses offering digital currency payment options, and more people investing in the market, reducing the risk of falling victim is a top priority.

With 90% of successful attacks occurring as a result of human error, the only truly effective tool against attacks is education about what the attacks look like and what to do if you think you spot one.

With cybercriminals continuously developing new scams and techniques to penetrate system vulnerabilities and to trick people, it is important that individuals receive regular training to receive updates on the latest methods criminals are using.

That’s why, at Bob’s Business, we have over 50 engaging cybersecurity awareness training modules covering everything from malware to phishing, alongside compliance topics like GDPR and PCI-DSS.

Book your free consultation with a Bob’s Business expert to find out more about our highly effective training solutions.

What are the key cybersecurity threats in the retail sector?

It goes without saying but, if your business is targeted with a cyberattack, it could cause catastrophic damage. A glance at the morning news will tell you as much.

There are severe consequences for those who fall victim, from financial losses, disruption in productivity, and reputational damage to investigations from regulators. Unfortunately, cyberattacks have become a common occurrence for businesses of all sizes – with two in five UK firms experiencing cybersecurity breaches in the last 12 months.

Some sectors, however, are at greater risk than others. Today, we’re going to share with you the critical statistics around retail’s cybersecurity threat.

Why is retail at risk?

The eCommerce sector has experienced significant growth in recent years, with global eCommerce growth reaching 25.7% in 2020, mainly attributed to the pandemic. Due to the increase in people using eCommerce websites to make online purchases, there is more data, more businesses, and more people for hackers to target than ever before.

Retail is one of the most vulnerable industries due to the high volume of private financial information transferred when customers purchase products. Even retailers’ customers are at risk because of the card payment details and other sensitive information saved to their accounts. It makes it quicker and easier to pay when you shop online, but don’t be surprised if those details end up in the wrong hands.

In many cases, hackers have been able to access this data and sell it on the dark web or use it for credential stuffing, which involves using the same login details across numerous different sites at once.

What are the most common retail cyberattack methods?

As with any sector, cybercriminals use various attack methods to prise data from retail organisations. However, there are some which are particularly common for retail sector institutions, including:

POS (Point-of-Sale) attacks

These attacks involve using malicious malware that steals card payment details when a customer enters them onto a website or uses a till in a store. Typically occurring due to human error or weak security systems, these attacks can scrape the card data of millions of individuals.

Ransomware attacks

Ransomware attacks have become an all-too-common occurrence for retail sector organisations, with just this week seeing KP Snacks fall victim to an attack that has crippled their manufacturing.

These attacks usually begin with social engineering techniques or phishing emails, which encourage unsuspecting members of your team to install malware. From there, hackers can lock down data and systems until a ransom has been paid to remove the block. This often happens to retailers at times of the year when they are particularly busy, to cause as much damage and pressure to pay as possible.

Phishing attacks

Did you know that 90% of breaches start with a phishing email? With 3.4 billion phishing emails sent per day globally, it’s little wonder that it’s such an effective method of attack.

Phishing attacks work by sending seemingly realistic emails, SMS messages or phone calls which are designed to expose private information, like passwords or banking details.

Oftentimes, it only takes one member of a team to fall victim to such an attack to compromise an entire system, highlighting the need for phishing awareness training within every organisation.

Website application attacks

Retail has changed, and so have the methods by which scammers and criminals attempt to steal from you. Website application attacks are where hackers exploit security vulnerabilities on a retailer’s website. Typically, these occur when access is granted by unsecure passwords or your website is running on outdated software.

What should retailers do to prevent cyberattacks?

As high-value targets for cybercriminals, it’s crucial that retailers approach their cybersecurity protections in a holistic manner.

Both hardware and software solutions have a role to play, from investing in high-quality security software like remote back-up and restoration tools, encryption software, alongside firewalls and other automated malware prevention tools.

However, with 90% of breaches occurring due to human error, the most effective way to protect a business from cyberattacks is to provide high-quality cybersecurity training to employees to help develop an internal culture of security-focused people.

How Bob’s Business helps retail sector organisations

Bob’s Business is a leading cybersecurity awareness training provider that uses innovative e-learning strategies, engaging animations and storytelling to industry-leading engagement rates of over 95%.

Our training solutions help retailers, and a wide range of businesses from other industries, to protect their business by empowering employees with the skills and knowledge to prevent cyberattacks. Find out more about our cybersecurity courses today, and you will receive 50% off your first year with Bob’s Culture.

Will the rise of artificial intelligence (AI) impact cybersecurity?

The rapid advance of Artificial Intelligence (AI) has been a game-changer for a huge variety of sectors from technology to healthcare, helping companies make giant leaps and greater understand their customers.

Whilst AI will continue to add great value to businesses in the future, like any other technology, its use can also have a negative impact on the cybersecurity of businesses.

How, you ask? Well, join us as we explain how the rise of AI will impact cybersecurity.

How AI is assisting hackers

One of the key risks to businesses is that hackers are now able to use AI to improve their malware and develop more advanced attacks. Hackers can quickly learn information about vulnerabilities by testing large amounts of random inputs through AI-assisted automation, enabling multiple simultaneous attacks.

Hackers can also utilise AI to exploit flaws in security systems much faster, which is naturally a major concern for businesses of all sizes. These flaws can be easily exploited and used to launch large-scale denial-of-service or ransomware attacks.

Just last year, European media retailer MediaMarkt was hit by a Hive ransomware attack. The ransom to regain control is thought to have been $50 million.

Why AI is becoming more important to businesses

AI enables businesses to automate tasks, reduce human workload and streamline processes. Workforce shortages can often be resolved by automating tasks, businesses can also reduce payroll costs because fewer employees are required when work is completed by automation tools.

Additionally, AI can also improve cybersecurity by alerting businesses of unusual, or suspicious activity. A wide range of AI-based systems have been developed to provide greater cybersecurity protection, including vulnerability management, phishing detection and automatic network security monitoring.

AI can even be used to gather data and identify any patterns that indicate any unusual activity that requires investigation. It is now possible to predict what hackers will do based on their previous actions, to then put relevant security solutions into place to defend against the predicted attack.

AI is also used to monitor key data centre processes, such as backup power and power consumption, alerting the necessary personnel when there is an issue that could affect security.

The use of AI is also useful in authenticity detection and password protection. AI helps to prevent unauthorised parties from compromising password vulnerabilities by flagging weak passwords in addition to identifying unusual user details, such as location.

Machine learning can also enable security systems to learn from past successful security attacks alongside thwarted attack attempts; this reduces incident response times, helping to minimise any business disruption.

Through advances in the capabilities of AI, many businesses will benefit from a more proactive approach to cybersecurity. AI can detect threats in advance rather than reacting when an attack has already happened, limiting financial and reputational damage.

Conclusion

While AI can be used in a negative way by hackers who use it to exploit business systems, developments in AI are also driving major cybersecurity improvements.

Unfortunately, the war against cyber threats is a constant, growing problem around the world. Cybercriminals will continue to utilise AI in new ways to design more sophisticated attacks.

Businesses should prioritise training employees to be more knowledgeable about cyber-attacks as well as how to prevent them; because many types of cyber-attacks target employees, rather than just looking for system vulnerabilities.

Training should be implemented to not only educate employees but to also develop a culture of information security within an organisation to provide a higher level of defence against cyber-threats.

Bob’s Business is an industry-leading training provider, specialising in cybersecurity training solutions. With our award-winning phishing simulations, we instil effective behavioural change within employees, enabling them to actively combat attacks and contribute to your business’ level of defence.

We have years of experience developing bespoke training programmes developed around specific industry risks, from government to retail.

Click here to find out more about the training courses we provide to help drive culture change and reduce your level of risk.

What are 2022’s top trends in security risk management?

With businesses across every sector inviting greater digitisation into their processes and growing more reliant on technological systems to sell products, offer services and store data the level of disruption a cyberattack can cause is constant.

eCommerce revenue has grown by over £5.3bn in the UK, largely as a result of the pandemic. Sectors such as finance have launched additional online services to help customers safely make transactions and use other banking services. This increased use of technology solutions, as well as website and app usage, provides opportunities for cyber attackers to steal data or use other techniques to extract money.

Businesses must have a high-quality security risk management framework in place, incorporating the latest risks and trends that are impacting their industry. Understanding what risks to look out for can help to educate employees to protect the organisation from attacks, although new and more sophisticated techniques are continually being developed.

With that in mind, we’re taking a look at what the top cybersecurity risks of 2022 are, and what steps you need to take to secure your organisation. Let’s get started.

What are the top cybersecurity risks in 2022?

Ransomware

Ransomware was the top threat in 2021, with high-profile incidents such as the Colonial Pipeline attack, where hackers demanded $4.4m in ransom after shutting down the company’s digital systems.

Ransomware attacks can affect businesses of all sizes because criminals rely on human error to infect systems. Some companies think up-to-date firewalls and a comprehensive backup system is enough to protect them from data loss.

Whilst a comprehensive backup system can sometimes protect an organisation from data loss, the main way to protect against this is to ensure employees are trained to recognise an attack and avoid clicking on unsafe links.

Cloud attacks

Cloud-based technology has helped businesses to operate easily over multiple locations, support a remote working model, as well as access systems and data from anywhere in the world.

However, attackers are targeting vulnerabilities in cloud services – a fact reinforced by studies showing that 79% of companies have experienced at least one cloud data breach in the past 18 months. Needless to say, this is a growing concern in 2022.

Phishing

Phishing attacks have long been the #1 element behind successful breaches, and that’s no different in 2022.

Attackers have used the continual uncertainty of the pandemic to take advantage of individuals. For example, cybercriminals are claiming to be from the NHS and requesting payments for vaccinations or tests.

There are thousands of examples of scams, but the vast majority can be spotted and stopped before they do harm. Effective training can dramatically reduce click rates on phishing attempts – like Bob’s Culture, which cuts link clicks by 21% and phishing open rates by 29%.

What steps are required to protect from cybersecurity risks in 2022?

Unfortunately, there’s no silver bullet to protect businesses from cyber-risks. Organisations must have comprehensive security risk management frameworks in place that include responsibilities for the IT, HR and training departments. While the IT department will need to implement IT security solutions and processes, the responsibility does not stop with them.

The key to a successful risk reduction programme is empowering every employee to play a key role in protecting the organisation. In turn, this creates cultural change to drive more risk awareness and develop risk management behaviours across the whole business, from the exec team to front-line employees.

Bob’s Business can help you to develop an effective security risk management framework through high-quality engaging and innovative cybersecurity training that drives the required culture change.

Find out more about how our unique, award-winning training solutions can protect your business from cyber threats.

What are the risks when bringing personal devices into the workplace?

It’ll come as no surprise to hear that, today, we’re rarely without some kind of personal computer on our person. Whether it’s a laptop, tablet or smartphone, such devices have become an integral part of our lives. In fact, latest estimates suggest that 87% of the UK population own a smartphone.

No longer are our mobiles solely for making calls, we can now access almost anything we want; all in the palm of our hand.

The ubiquity of these devices means that they’re rarely away from our side, extending the office and allowing us to answer emails, check social media, or take calls any time, anywhere.

Clearly, there are huge advantages for a business to leverage these personal devices, especially in an era when many teams are splitting time between the home and work office. 95% of organisations allow personal devices in the workplace in some shape or form, and it’s easy to understand why.

Many employees prefer to use their own devices due to convenience and remote working. study conducted by Microsoft found that 67% of employees use personal devices for work purposes.

However, there are security risks that come with employees bringing their personal devices into the workplace.

In 2021, research found a 50% increase in corporate cyber attacks per week (2020). This is a statistic that continues to grow as cybercriminals continue to attempt to breach network security and access information systems for financial gain.

Employees who use unsecure personal devices when accessing work information can pose a significant risk to the cyber health of companies. It only takes one unsecured device to give cybercriminals access to an entire network. For example, if an employee downloads a malicious email attachment or visits an infected website on their personal laptop, the entire company network could be compromised.

What potential risks can you face?

Some of the risks organisations can face when unsecured personal devices are used include:

  • Company data breaches
  • Accessing or downloading unsafe apps or content
  • Malware infections
  • Unauthorised access to data and systems

However, with the right precautions in place, organisations can allow employees to use their personal devices at work without putting the company network at risk; with many organisations now implementing a ‘BYOD’ policy, but what is this?

What is a Bring Your Own Device (BYOD) policy?

The National Cyber Security Centre defined ‘BYOD’ as ‘the concept of employees using their personally owned device(s) for work purposes’.

With a BYOD policy, organisations have ownership of the accessible data and sensitive information, but the personal device is the property of the employee.

Having a robust BYOD policy is an important factor in keeping company data secure. However, there can be challenges and risks when it comes to BYOD.

Can you mitigate ‘BYOD’ risk?

To mitigate the risks associated with using personal devices in the workplace, there are a few things your organisation can do, such as:

  • Having a clear and concise BYOD policy in place, ensuring that all employees adhere to it
  • Educating and communicating the risks of BYOD and the importance of a BYOD policy to employees
  • Providing employees with guidance on which devices are suitable for work purposes
  • Implementing strict security measures, such as two-factor authentication, across every personal and company-owned device in your organisation

In this day and age, it is inevitable that personal devices will be used in the workplace. However, research by Trustlook in 2016 found that only 39% of companies have a formal BYOD policy in place, and 51% of employees received no BYOD training.

This lack of policy and training poses a major security risk to organisations; this is why it is so important that organisations not only increase awareness, but also educate and train employees on cybersecurity.

At Bob’s Business, we build brilliantly effective training programmes for all employees, reducing your risk of data breach. Book a free consultation to discuss how we can help you reduce risk within your organisation.

The do’s and don’ts of social media to keep information secure

It doesn’t take an expert to note that social media has become almost totally ubiquitous.

Today, over 58% of the world’s population is using social media. In the UK alone, 77.9% of us are active social media users, spending an average of almost two hours using such services every day.

As we know, where there’s data there are cybercriminals. These individuals are constantly looking for opportunities to take advantage of the vast amounts of information that many of us share without realising the dangers.

The picture isn’t entirely bleak. There are obvious benefits to using social media for businesses, and people enjoy using social media to connect with friends, share their passions and discover new things.

However, if you share personal information on social media channels like Facebook, Twitter, and Instagram, you should be aware that hackers can use the information. There has also been an increase in cybercriminals hacking accounts and pretending to be the account holder to extort money from friends and family.

To keep your information secure, follow these guidelines:

Do:

Be aware of the privacy settings for each social media platform you use.

Ensure that you understand how your information will be shared before sharing it. For example, you can set your Facebook account to private, so that only people you’ve friended can see your posts and shares.

Use strong passwords for all of your social media accounts.

Avoid using easily guessed words or phrases like your name or birthdate. Alongside strong passwords that use a mixture of random words and numbers, you should never use the same password across all your accounts. Why? Because if a hacker steals the password for one, it instantly grants access to the rest of your accounts too.

Don’t post confidential information on social media.

This, naturally, includes information like your credit card number or home address. However, there are lots of types of information that you might not consider “confidential”.

Checking into locations can reveal information such as your address, so don’t tag locations that could reveal where you live. Don’t add information such as your date of birth, schools you attended or any other personal information on profiles, as these can be used to impersonate you online.

Be cautious about the information you share about others.

Remember, when you post something that includes another person, you’re taking their privacy into your hands. Be aware that anything you post on social media can potentially be seen by anyone, even if you think your account is private.

Think about what you are about to share before you post it, as once it has been online even for a few seconds, any information may have been captured.

Don’t:

Don’t click on links from people you don’t know.

Whilst a link on social media might look safe, an errant click could lead to malicious websites that will steal your information.

Scammers often try to trick you into clicking a link by saying something like ‘look at you in this video’, or point to a great deal on a desirable item to take advantage of your curiosity. Links from unknown sources could contain viruses that will infect your device.

Don’t respond to social media requests for personal information.

Legitimate companies will never ask for this type of information on social media, as they know it is an unsafe way to share information.

If you encounter a request like this, ignore the message and report it within the app as soon as possible. If you suspect this to be a targeted approach report it to your IT team, who can then be on alert for similar attacks.

Don’t add friends on social media who you don’t actually know.

Everyone likes having friends, but when it risks your data security then it’s always worth thinking twice.

Social media is a great way to stay in touch with friends and family and share fun content, but it can also compromise your information, so it is important to always stay vigilant when using social media. Staying up to date with the latest types of scams and understanding what they look like will help ensure you do not put your information at risk.

It’s more than personal data that’s risked, organisational data is risked on social media too.

That’s why thousands of companies choose Bob’s Business to educate their teams on social media usage, boosting their knowledge and empowering teams to protect themselves and your data. Learn more about our social media course here, and view our full course catalogue here.

What are the top cybersecurity myths in the workplace?

Cybersecurity has become a top priority for businesses in all sectors,. As you can imagine, raising awareness about cybersecurity and the different types of threats is crucial to protecting your data and systems.

As part of the education process, separating the facts from the fiction can help employees to form a better understanding of not just their responsibilities, but the actions they should take when faced with a potential cyber threat.

As cyber education specialists, we work with companies every day to make the most of their training and we encounter no shortage of cybersecurity myths. Join us as we share some of the biggest myths about cybersecurity in the workplace we encounter:

“Only dodgy websites can give you viruses”

While visiting unsecured and “dodgy” websites will certainly increase the chances of being infected by a virus, legitimate sites can also be a risk.

Hackers can compromise genuine sites and infect them with malicious code that can infect the devices of website visitors. The key to risk reduction, in this case, is ensuring that employees know the telltale signs of a compromised website or emotionally manipulative web copy.

“Our business has already been attacked, it won’t happen again”

This is one of the biggest myths of all and, unfortunately, businesses who take this approach to their cybersecurity are likely to be targeted again and again until adequate cybersecurity solutions are implemented.

Therefore, once one attack has occurred, employees should receive immediate communications and training to not only help them recognise what the different types of attacks look like, but to also understand what to do if there is a repeat attack.

“Cybercriminals only target large businesses”

Another big (and costly!) myth is that small and medium-sized businesses aren’t a target for cybercriminals. After all, why go after a smaller company when the likes of Apple, Amazon and Facebook are out there with billions of pounds on the line?

The truth is that SMEs are often more at risk of an attack; this isn’t simply because they have lower budgets to spend on cybersecurity, there is often a lack of focus on the issue at board level too.

In comparison, larger businesses and organisations will usually have heavily invested in their cyber resilience, making the process of breaching their defenses significantly harder.

“Investing in cybersecurity technology keeps us completely protected”

Unfortunately, even if you have anti-virus and anti-malware software installed, your business is still highly vulnerable to cyberattacks. Analysis of the Government’s own data on cybersecurity breaches indicates that 90% of recorded breaches had their roots in human error, highlighting just how important the human element actually is.

“Cybersecurity is the responsibility of the IT department”

Another misconception we see among many staff members is that cybersecurity is solely the responsibility of the IT department. While the IT department are responsible for setting up the right IT infrastructure to protect your business from cyber threats, every single employee also has a responsibility to protect the business from cyberattacks.

Additionally, HR, Internal Communications alongside Learning and Development teams should be involved in creating a culture of employees who know how to protect the company from cyberattacks. Having a strong cybersecurity framework is a collaborative effort across the business.

How to protect your business from cyberattacks

In addition to investing in cybersecurity solutions such as anti-virus, anti-malware and firewalls, your organisation must have a comprehensive cybersecurity awareness training strategy that puts your teams at the heart of your cyber resilience.

Bob’s Culture is our flagship online training solution. It includes our unique Human Vulnerability Assessment to assign training where it’s needed, our award-winning phishing simulations, full access to an engaging and effective course library – even your own organisational LMS.

Curious to learn more? Book a consultation with a member of our team to find out how we can help your organisation reduce its risk, and put an end to the myths.

What are the cyber-threats to the technology sector?

It wouldn’t be inaccurate to say that, when it comes to cyber threats, the technology sector has seen more than its fair share.

In fact, research shows that an average of 150,000 threats per week were recorded against the sector in 2021. While it’s true that attacks affect every industry, the technology sector’s relentless innovation and large data pools are highly attractive to cybercriminals.

Whilst the technology sector is more likely to have a board member with a specific cyber or data security remit, its reliance on technological solutions can hamper its ability to mitigate attacks.

According to Verizon’s Data Breach Investigations Report, 85% of cyber-attacks have a human element to them, and no purely technological solution can reduce this risk.

But what are the top cyber threats faced by the technology industry? Join us as we take a look.

Ransomware

One of the biggest threats to any kind of business is disruption that prevents everyday operations. Taking systems offline is one way that a business can be disrupted and the longer the disruption, the more money it will cost.

Ransomware has grown to become one of the key threats facing companies. Put simply, ransomware attacks lock data and systems behind strong encryption and demand payment in turn for returning control of the data. Often, these attacks begin with a simple phishing email and a compromised file download.

Early adoption vulnerabilities

It stands to reason that companies that provide communications and technology solutions will be at the forefront of the adoption of cutting edge technologies. Whilst this can often make for a productive office environment, it can also make them an easier target than companies who do not adopt the very latest in digital tools.

Day-one vulnerabilities, unpatched software and even hardware vulnerabilities are not at all uncommon in new products and software, so being early adopters provides more opportunities for hackers to exploit vulnerabilities.

Distortion

Another emerging problem for the technology sector is the distortion of information, where social engineers alter documents or data for financial gain.

There are various techniques associated with distortion, such as editing documents so an accounts department pays an invoice into the hacker’s account rather than the genuine person who raised the invoice. Another way that distortion can be used is by altering information about the company which could damage brand reputation and lose consumer trust.

The key to reducing the efficacy of distortion attacks is training your team on the techniques employed by social engineers.

Phishing attacks

Phishing attacks are by far the most common root cause behind cybersecurity breaches, including ransomware, malware and spyware attacks.

They’re also increasingly sophisticated, utilising proven psychological principles to bypass scepticism. Indeed, a study of our simulated phishing emails found the two elements which combine to create a 94% phishing success rate.

At Bob’s Business, we have a range of solutions designed specifically to reduce your risk of a breach. Our human-focused training is engaging, effective and proven to reduce your risk of a successful attack and increase policy adhesion.

Book a free consultation with one of our cybersecurity training solution experts to boost employee awareness, keeping your business protected from the full range of cyber threats.

How Bob’s Culture changes cybersecurity behaviours

Changing behaviours isn’t easy – just ask anyone with a kid – but when it comes to cybersecurity, it’s often essential. Research suggests that 90% of breaches start with human error, and so no matter how sophisticated your hardware and software cybersecurity solutions are, they can’t account for a member of your team making a simple mistake.

That’s why our training solutions are designed to reduce those behaviours that put organisations at risk.

To measure exactly how behaviours and knowledge levels are changing within businesses, we utilise our bespoke Human Vulnerability Assessment. It shows you exactly how your organisation is progressing in reducing human error in a simple, easy to understand format.

Now, with a full year of data from organisations of all sizes, we’ve anonymised and collated our data to show the effects that just one year with Bob’s Culture has on businesses just like yours. Here’s what we have found:

Behaviour

  • 7.8% of users admitted to sharing passwords, down from 12.7% in the opening baseline – a 39% decrease
  • 62.3% of users claimed to follow their organisation’s cybersecurity procedures, up from 43.1% – a 45% increase
  • 14.4% of users admit to storing company data on personal devices, down from 20.0% – a 28% increase
  • 15.8% of users admitted to downloading material without verifying its authenticity, down from 25.5% – a 38% decrease
  • Users reporting having sent emails to the wrong recipient was reduced from 34.1% to 25.1% – a 26% decrease
  • Users admitting to clicking on links in emails from unknown sources were reduced from 13.8% to 10.9% – a 21% decrease
  • 58.2% of users admit to reusing passwords, down from 66.7% – a 13% decrease

Confidence

  • 6.6% of users felt unconfident in their ability to recognise phishing emails down from the initial 13.2% – a 50% decrease
  • 5.1% of users were not confident in their ability to browse the web safely, down from 10.3% – a 50% decrease
  • 6.9% of users lacked confidence in their ability to manage passwords, down from 11.0% – a 38% decrease
  • 5.9% of users were not confident in handling sensitive information online, down from 11.3% – a 48% decrease

Attitudes

  • 16.8% of users believed they did not have to worry about cyber security risks on work networks, down from 18.1% – a 7% decrease
  • 40.3% of users believed it’s the IT team’s responsibility to protect their organisation from cyberattacks down from 46.3% – a 13% decrease

Phishing

  • Baseline phishing email open rates were reduced from 14.8% to 10.4% – a 29% decrease

Results after one year with Bob’s Culture and based on a randomised selection of 4053 respondents across 39 organisations.

Ready to start your journey with Bob’s Business? Book a chat with a member of our team and learn how we can help reduce your risk in an engaging, effective and affordable way.

Cybersecurity risks and preventions in the construction industry

The construction industry has faced a number of major challenges over the last few years, from site closures in lockdown to material supply shortages, increased materials costs and even labour shortages due to Brexit immigration changes.

While the construction industry is getting back to business, there is another battle to overcome.

Specifically, cyberattacks are a constant concern for businesses across all industries and with the construction industry becoming more digitalised, the risks are increasing.

Digital technologies are driving many efficiencies and benefits to the construction industry, from software to collaborate on projects online to using smart equipment, even digital contract approval and payment services. These benefits are helping construction companies to reduce costs and increase productivity, but the cybersecurity risks cannot be ignored.

A Forrester survey revealed that over 75% of respondents in the construction, engineering and infrastructure industries were victims of a cyber incident in the last year. It’s a staggering statistic, and the consequences of such an attack can be significant also. Cyber incidents can vary from minor inconvenience to significant financial, not to mention reputational damage.

Construction companies can be fined and sued if they are found to be non-compliant with data security regulations, as well as risking a PR disaster if the incident is publicised.

Therefore, it is crucial for construction companies to prioritise their cybersecurity strategy to keep their company, clients and suppliers protected from the growing list of cyber risks.

But what are the main vulnerabilities that the construction industry face? How can they reduce their risk? Join us as we share everything you need to know.

What vulnerabilities exist in the construction sector?

Ransomware

Companies have become reliant on the data they collect and store, and where there’s data there’s value for cybercriminals. As such, ransomware attacks are becoming increasingly frequent in the sector, and pose a real threat to continuity for construction companies.

Put simply, ransomware attacks lock data and systems behind strong encryption and demand payment in turn for returning control of the data. Often, these attacks begin with a simple phishing email and a compromised file download.

Social engineering

Social engineering attacks are another high-risk form of a cyberattack; this usually involves hackers impersonating a person, such as a company executive, in order to trick the targeted person into sharing data. These types of attacks prey on well-meaning employees, exposing the vulnerabilities inherent in organisations.

The hacker might send a very realistic looking email with an email address that looks legitimate. In the employee’s eagerness to provide the executive with the requested information, the employee may not follow the data security policies that they would usually follow.

Malware and viruses

Viruses and malware attacks are an all-too-common risk to construction companies, despite the adoption of antivirus software.

Viruses and malware come in many different forms. Check out our complete guide to malware and viruses here.

Reducing cyber risks in the construction industry

Reducing risk requires a multifaceted and holistic approach. A comprehensive cybersecurity strategy must be developed to give your company as much protection as possible. Of course, this should include hardware and software protection solutions.

However, these alone won’t protect you from attack, especially with 90% of breaches occurring as a result of human error.

That’s why employee cybersecurity training is so crucial, and why developing a culture of awareness and accountability is required for organisations of all sizes, and in all sectors.

At Bob’s Business, we build brilliantly effective training programmes for all employees, reducing your risk of breach. Your employees will develop the tools they need to protect themselves and your business.

Click here to learn more about our products, or click here for a demo with a member of our team.