How to boost employee engagement in your security awareness programme

While it’s true that businesses are more aware than ever that they need to train their teams on cybersecurity awareness, getting teams on board with the idea is often where the challenges begin.

Quite simply, many employees are not motivated to do mandatory compliance training. Completing standard training courses on topics that are traditionally considered to be boring, such as data protection and security, can feel like a chore. As a result, employees will often try to avoid doing the training as long as possible.

When they do finally complete the training, usually after getting reminders and warnings, they complete it as quickly as possible; this means the information is not fully retained because the employee is so disengaged.

In these training scenarios, the business is merely ticking a box to say that the employee has completed the necessary training, which will satisfy the regulators, but the benefits to the business are lost.

For example, this approach to training does not help to develop a culture of employees who are security-aware and behave in ways that protect the business. With cyberattacks being a continued threat to many organisations, no matter the size or industry, an effective cybersecurity training strategy is essential.

But how do you boost employee engagement in your security awareness programme? Read on to find out.

How to boost engagement in security awareness

To make cybersecurity training more engaging, there are a number of best practices you should implement:

Use interactive training

At the core of most training programme failures, is the content you serve up to your team. Put bluntly, the world of cybersecurity training is littered with dull, dry and dreary training courses.

If you want your teams to actively engage in their training, then you should choose a provider who places their emphasis on creating entertaining content that your teams actually want to take. Storytelling, animations and interactive elements all boost engagement in security awareness training, which help embed lessons and positive behaviours in your team.

Keep your training short and actionable

There’s no requirement for cybersecurity training to last an hour at a time, and yet, much of the available training does. Your teams are busy and will typically prioritise their workloads overtraining, especially if the latter is going to take up too much of their time.

So, when delivering your training, prioritise finding a training partner that utilises short-form content with a focus on simple, actionable advice. Using a mix of content, such as a short bit of video and some interactive slides, is far more engaging than a long set of slides without any animation.

Use humour

Cybersecurity can often feel like an overly dry and serious topic, this means traditional training content often contains formal language and a serious tone. However, using humour within training content helps to boost engagement and keep employees coming back for more.

Use incentives and gamification

Incorporating games and puzzles into training courses, known as gamification, is a highly successful way of creating more engaging training content. Employees have more fun and enjoy working towards incentives, such as collecting points, in the same way, video games are enjoyed due to the accomplishment of getting to a new level or high score.

Bob’s Compliance and Bob’s Culture training packages incorporate fully gamified learning experiences that are built around the principles of experiential learning. Our new ‘Hook, Line and Sinker: The Game’ course helps employees to develop behaviours that will prevent phishing, smishing and vishing attacks, through engaging games and activities.

If you are looking for a way to increase employee engagement with your security awareness programme, get to know our products now.

What are the key cybersecurity threats in the retail sector?

It goes without saying but, if your business is targeted with a cyberattack, it could cause catastrophic damage. A glance at the morning news will tell you as much.

There are severe consequences for those who fall victim, from financial losses, disruption in productivity, and reputational damage to investigations from regulators. Unfortunately, cyberattacks have become a common occurrence for businesses of all sizes – with two in five UK firms experiencing cybersecurity breaches in the last 12 months.

Some sectors, however, are at greater risk than others. Today, we’re going to share with you the critical statistics around retail’s cybersecurity threat.

Why is retail at risk?

The eCommerce sector has experienced significant growth in recent years, with global eCommerce growth reaching 25.7% in 2020, mainly attributed to the pandemic. Due to the increase in people using eCommerce websites to make online purchases, there is more data, more businesses, and more people for hackers to target than ever before.

Retail is one of the most vulnerable industries due to the high volume of private financial information transferred when customers purchase products. Even retailers’ customers are at risk because of the card payment details and other sensitive information saved to their accounts. It makes it quicker and easier to pay when you shop online, but don’t be surprised if those details end up in the wrong hands.

In many cases, hackers have been able to access this data and sell it on the dark web or use it for credential stuffing, which involves using the same login details across numerous different sites at once.

What are the most common retail cyberattack methods?

As with any sector, cybercriminals use various attack methods to prise data from retail organisations. However, there are some which are particularly common for retail sector institutions, including:

POS (Point-of-Sale) attacks

These attacks involve using malicious malware that steals card payment details when a customer enters them onto a website or uses a till in a store. Typically occurring due to human error or weak security systems, these attacks can scrape the card data of millions of individuals.

Ransomware attacks

Ransomware attacks have become an all-too-common occurrence for retail sector organisations, with just this week seeing KP Snacks fall victim to an attack that has crippled their manufacturing.

These attacks usually begin with social engineering techniques or phishing emails, which encourage unsuspecting members of your team to install malware. From there, hackers can lock down data and systems until a ransom has been paid to remove the block. This often happens to retailers at times of the year when they are particularly busy, to cause as much damage and pressure to pay as possible.

Phishing attacks

Did you know that 90% of breaches start with a phishing email? With 3.4 billion phishing emails sent per day globally, it’s little wonder that it’s such an effective method of attack.

Phishing attacks work by sending seemingly realistic emails, SMS messages or phone calls which are designed to expose private information, like passwords or banking details.

Oftentimes, it only takes one member of a team to fall victim to such an attack to compromise an entire system, highlighting the need for phishing awareness training within every organisation.

Website application attacks

Retail has changed, and so have the methods by which scammers and criminals attempt to steal from you. Website application attacks are where hackers exploit security vulnerabilities on a retailer’s website. Typically, these occur when access is granted by unsecure passwords or your website is running on outdated software.

What should retailers do to prevent cyberattacks?

As high-value targets for cybercriminals, it’s crucial that retailers approach their cybersecurity protections in a holistic manner.

Both hardware and software solutions have a role to play, from investing in high-quality security software like remote back-up and restoration tools, encryption software, alongside firewalls and other automated malware prevention tools.

However, with 90% of breaches occurring due to human error, the most effective way to protect a business from cyberattacks is to provide high-quality cybersecurity training to employees to help develop an internal culture of security-focused people.

How Bob’s Business helps retail sector organisations

Bob’s Business is a leading cybersecurity awareness training provider that uses innovative e-learning strategies, engaging animations and storytelling to industry-leading engagement rates of over 95%.

Our training solutions help retailers, and a wide range of businesses from other industries, to protect their business by empowering employees with the skills and knowledge to prevent cyberattacks. Find out more about our cybersecurity courses today, and you will receive 50% off your first year with Bob’s Culture.

Why positive reinforcement is the key to reducing your risk of breach

When it comes to data breaches, the fact of the matter is that it’s a matter of ‘when’, not ‘if’ it happens to your organisation. According to Hiscox, every 19 seconds a business in the UK is hacked, highlighting the seriousness of the threat posed by breaches.

Whilst there are steps you can take to reduce your risk of a breach, like cybersecurity awareness training for your team, the fact remains that no business is immune to human error.

That’s why, when this type of breach occurs, it’s vital that you understand not only how to react, but the steps you can take to further reduce your risk and maintain a positive culture around cybersecurity.

Oftentimes, businesses will react to breaches by investigating and tracing the faults their employees have made that compromised security. It is not uncommon for employees to receive punishment for their actions, even though they may be completely unaware that they have put the business at risk. Punishments can vary from a meeting with a manager to discuss the incident, to receiving a formal warning or even dismissal.

However, this type of reaction is not only ineffective at preventing future incidents, it can be actively harmful to the cyber health of your organisation.

The most effective way to combat future cyberattacks? Utilise positive reinforcement to educate every employee in your team. Don’t believe us? Join us as we share everything you need to know about positive reinforcement.

What is the positive reinforcement theory?

The positive reinforcement theory was introduced by psychologist B.F. Skinner in 1938, involving the use of a reinforcing stimulus following a behaviour, in order to increase the likelihood of that behaviour happening again.

It’s an inherently intuitive theory, one that suggests praising positive behaviours helps to lock them in as standard behaviours in the future.

However, the theory also suggests that taking a non-punitive approach to mistakes is the most effective way of reducing them – especially in cases when correcting a simple mistake, rather than intentionally harmful actions.

How can the positive reinforcement theory be used to prevent cyberattacks?

At the core of your cybersecurity protections should always be your staff. They’re the most important defence your organisation has, and so it’s imperative that you create a culture where making mistakes isn’t the end of the world.

Fear of repercussions is the leading reason why teams don’t report breaches or suspicious activity. When breaches don’t get reported, they don’t get spotted until it’s too late and the opportunity to correct mistakes passes by.

A positive reinforcement culture within a business means that when a mistake inevitably does occur, that person feels empowered to come forward and discuss it. The case can be shared with the team and even turned into a positive learning experience for everyone. After all, the best lessons are the ones we learn from real life.

How does Bob’s Business incorporate positive reinforcement?

Positive reinforcement is key to Bob’s Business’ training methods. Don’t believe us? Look no further than Bob’s Phishing.

As part of our phishing simulations (included in Bob’s Culture and Bob’s Phishing) employees are sent simulated phishing emails. For those that click the link, they are redirected to one of our Think Before You Click courses. With the only repercussion for their mistake being positive, engaging training, this helps remove the fear and stigma associated with phishing attacks and effectively reduces their risk of clicking in the future.

Our award-winning phishing simulations are a highly effective way to introduce all of the different types of phishing scams that are being used, in order to educate employees on what to look out for. By regularly completing these phishing simulations, your employees think about the legitimacy of the emails they receive and understand what actions they need to take to protect your business.

Ready to learn more? Find out more about how our phishing simulations can reduce your risk of breaches.

Is your company’s security being jeopardised by high personnel turnover?

It goes without saying, but there are many reasons why companies should try to avoid a high turnover of staff.

From the costs of recruiting and training new staff, to replacing leavers and the disruption caused by loss of expertise: the issues caused by high staff turnover are numerous.

Nevertheless, some industries and job types have a naturally high turnover of staff, and other businesses have internal issues that may cause a higher turnover – such as a disengaged culture or lower pay than competitors.

A high turnover of staff is predominantly seen as an issue for the HR department to deal with. Still, the impact that it has on the overall business is often underestimated. One such area is the loss of knowledge around business processes and cybersecurity.

How high turnover impacts cybersecurity

Every business should be aware of the risk that cybersecurity breaches and, in turn, so should every member of your team.

Cybersecurity awareness training is increasingly commonplace in businesses as they look to limit their vulnerability to security breaches. This training, however, is a defence that is critically weakened by high staff turnover.

More experienced staff will usually have undertaken regular cybersecurity and data protection training. As such, when they go, they take that knowledge with them while new staff entering the business often do so without any cybersecurity awareness training in place.

Without the experience of dealing with attacks like phishing scams, and no chance to read internal communications related to cybersecurity, new starters are a serious gap in your cybersecurity defences, albeit through no fault of their own.

How to mitigate the cyber risk of high staff turnover

Your first goal should always be to, where possible, try to keep your experienced team members from leaving your organisation. In this case, your starting point should be to understand why so many employees want to leave. You can find out this information through staff surveys or interviews when people leave the business.

Should your efforts to reduce staff turnover fail, or you’re in an industry where high turnover of staff is unavoidable, then it’s important that you ensure that staff receive comprehensive, high-quality training from their first day on the job.

Ideally, their training should begin before they join as part of their induction training programme, and they should continue to receive regular security training.

Bob’s Business provides comprehensive cyber awareness training that helps to protect businesses from cyberattacks. We ensure all of your staff, including you, have the required knowledge and skills to handle cyberattacks in a safe, controlled manner.

How to keep your personal information safe when ordering online

It has never been easier to shop online, with websites like Amazon, Argos and eBay promising same or next day delivery and auto-fill technology, putting an end to laborious typing-out of your card details.

However, it’s a convenience that comes with risk, because whenever your card details are used online, you could potentially be handing them over to a scammer.

It’s no surprise that the pandemic has accelerated the trend towards online shopping. Equally, it has encouraged cybercriminals to take advantage by utilising a range of sophisticated methods to acquire card payment details and other personal information to steal money from shoppers.

For organisations, having the details of company credit cards stolen can pose a significant risk.

But how can you keep your personal information safe when ordering online? Join us as we share our top tips.

Check the website you are buying has a secure connection

You should always check that the website you are buying from has a secure connection, especially if it is one that you have not used before.

Luckily, it’s a simple check to do. Simply look for the padlock symbol next to the URL address in your browser, and ensure the website URL starts with ‘https’. This doesn’t guarantee that the website isn’t fraudulent, but it does mean that nobody can snoop on the traffic and steal your data.

It’s a useful way to spot a cloned website, which may look almost identical to the site you intended to visit. Always check the website address, as this will be slightly different if the website is a scam.

Research new websites you come across

Just because you found a deal via Google doesn’t mean it’s legitimate.

If you have never heard of or used the website in question before, do some quick research to check that the company is legitimate – look for online reviews and whether the company is legally registered.

Avoid unsecured public WiFi

We’ve all been there, when the mobile signal is low and there’s an unsecured WiFi network available.

The temptation is real, but whether it’s public transport, a hotel, café, bar or restaurant providing public wi-fi connection, do not use the WiFi for checking your work email, accessing your online banking or making a purchase.

Public WiFi is never secure, so we recommend investing in a paid VPN, which will protect your traffic and prevent your information from being snooped on.

Use a credit card, Google Pay or PayPal

If you do end up the victim of a scam, using a credit card rather than a debit card provides a higher level of protection if your purchase is between £100 and £30,000.

Also, using a third party payment option such as Google Pay or PayPal can often be safer because you are not providing your card details directly to the merchant, limiting your exposure.

Don’t store your card details

Many online retailers will provide the option to save your card details to make it quicker to make payments in the future. However, this convenience comes with great risk, because if somebody gets access to your account, finding your card details is trivial.

As such, always choose not to save your card details and manually input them instead. The inconvenience is well worth it.

Check the details you asked to provide

When you’re completing any purchase, look carefully at what the website is asking for.

A scam website may ask for more details than would be necessary to complete a transaction. Bank authentication checks should only ask for 2 numbers from your security code.

f you feel you are being asked for too many details, cancel the transaction and report the website to the NCSC as soon as possible.

Train your team to reduce their risk

By following these tips and remaining aware of the risks that cybercriminals pose, you can reduce your personal risk of breach. Nevertheless, one question still remains, how do you improve the cyber awareness of your organisation?

At Bob’s Business, we provide industry-leading cybersecurity awareness training solutions. We will reduce your organisational risk of breaches by combining cutting edge data analysis with engaging, effective and entertaining training courses.

Click here to learn more, or click here to read testimonials from some of our clients.

2021’s biggest breaches (and what they can teach you)

We’re officially made it to 2022, and although the New Year brings plenty of promise, there’s always value in looking back to see what we can learn from the previous twelve months.

2021 was, of course, a challenging year for many individuals and organisations for a number of reasons. Compounding those difficulties, though, data breaches continued to threaten the viability of businesses and other organisations last year, with criminals taking advantage of the uncertainty and pressures of home working.

Around half of all businesses were subjected to a cybersecurity breach in 2021, with medium-sized businesses even higher at 65%. This pattern of increasing numbers of breaches is expected to continue, so it’s crucial that we learn what we can from the breaches of the previous 12 months so that you can develop and refine your cybersecurity strategy for 2022.

These are some of the highest-profile breaches in 2021 – and what you can learn from them:

What were the biggest breaches of 2021?

LinkedIn

In June 2021, data associated with 700 million LinkedIn users was posted in a forum on the Dark Web.

That number accounted for 92% of all LinkedIn users and included full names, email addresses, social media account details, phone numbers and geolocation records. More than simply embarrassing for LinkedIn, however, this data is could be used by social engineers to use in identity theft attacks.

LinkedIn issued a statement to say that there had not actually been a data breach and that data had been scraped from the website by bots. However, some cybersecurity experts believe that LinkedIn APIs that share data with other websites were abused.

Crucially, it highlighted the value of training your team to understand what they’re making available online – regardless of its visibility.

Colonial Pipeline

Few breaches in 2021 were as visible as that on Colonial Pipeline, an American oil pipeline that carries 3 million barrels of fuel per day across America, from Texas to New York.

On May 6th, the company was hit by a ransomware attack that encrypted their data and held them to ransom, pausing the pipeline in the process and causing a significant shortfall in available gasoline.

Short of options, Colonial Pipeline, paid the ransom (a fee of around $5m), but the financial impact of the attack amounted to much more than that. The Chief Executive revealed that the attack used a legacy VPN system that did not have a multifactor authentication in place and hackers were able to steal a password.

As is the case with many attacks, a single password allowed hackers to disrupt the entire pipeline, once again highlighting how important it is to train everyone in your organisation on how to create, secure passwords with effective multi-step verification.

Facebook

Showing that no company is too big to be breached, social media giant Facebook was also hit with a major data breach in 2021.

A leaked database containing 533 million accounts was discovered with data including personal information such as full names, email addresses and phone numbers. It is thought that attackers were able to create a data set by abusing a Facebook address book contacts import feature.

With phone numbers made visible, Facebook users were exposed to attacks that would otherwise be prevented by two-factor authentication methods. Although Facebook declined to notify individuals whether they’d been part of the breach, 4.9% was wiped from their stock price and the company was later rebranded as Meta in a bid to shift the perception of their company.

Why should you care?

You might be thinking why you should care. After all, the breaches above were to high-profile, high-value targets. Who would go after an SME when there are far bigger targets available?

The answer is simple: small and medium-sized companies typically deploy far less training than larger organisations and often employ purely technological systems like firewalls and email filters to protect them from attacks.

The result? 40% of small businesses in the UK experience a cyber-attack each year.

With cybercriminals continuing to develop new, more sophisticated techniques and methods to steal data, it’s vital that you take steps to protect your organisation from a breach before it’s too late.

How to protect your business from cyberattacks

To give your company the best chance of avoiding breaches, it’s important to get everyone in your organisation on the same page. As the Colonial Pipeline hack proved, just one error from a single employee can bring a massive company to its knees.

Doing that begins by providing high-quality cybersecurity training to employees. With 90% of breaches occurring as a result of human error, giving your team the knowledge they need to protect themselves and your company is quite simply the most effective way of reducing your risk of breach.

Bob’s Business provides engaging online training solutions to raise cybersecurity awareness amongst employees so that they can capably protect the business from a wide range of online threats.

Find out more about our cybersecurity awareness training by clicking here.

Melanie Oldham awarded OBE in New Years honours list

For her outstanding contributions to cybersecurity under the YCSC (Yorkshire Cyber Security Cluster), CEO of Bob’s Business, Melanie Oldham has been awarded an OBE in the Queen’s 2022 New Year’s Honours List.

The award recognises Melanie’s service in helping develop cybersecurity awareness across Yorkshire and the rest of the United Kingdom.

Melanie’s work in cybersecurity is well-known through her innovative company Bob’s Business, founded in 2007, which has helped transform cybersecurity awareness amongst organisations across the UK from its base in Barnsley, South Yorkshire.

Hailing from Yorkshire, Melanie found that many of the opportunities found in the South simply weren’t available in the North of England and set about to change that for the better.

Melanie recognised an opportunity to encourage cross-collaboration of cybersecurity sector organisations and founded the YCSC, a self-funded non-profit organisation in Yorkshire which aims to build awareness around cyber and increase career opportunities in cybersecurity for young people by improving talent and increasing school engagement on the subject of cybersecurity.

Speaking on her recognition in the New Year honours list, Melanie stated: “I am truly honoured to be awarded an OBE for services to cybersecurity.

As a woman in a largely male-dominated industry, it is my firm belief it’s crucial that we continue to give opportunities and support to those who want to enter the sector, and to view talent without preconceptions. To be recognised as a leader in cybersecurity sends a positive message that, regardless of their background, a career in cybersecurity is possible for anyone.”

Temp

Is human error harming your business?

Let’s cut to the chase, if you’re wondering whether human error is harming your business, then the answer to this question is almost definitely yes.

We’re all human, and so we understand that mistakes can never truly be eliminated, but the fact remains that those small errors can be a major risk for businesses, as both decision-based and skill-based errors can lead directly to a major cybersecurity breach.

A study from IBM revealed that human error is the main cause of 95% of cybersecurity breaches, with hackers exploiting this area of weakness for their own gain.

What may surprise you, however, is that these errors are not only often small in scope, but can often be trained out of your team. Here are just a few examples of the types of human error that cybercriminals are capitalising on:

Using weak passwords or writing passwords down

When a password falls into the wrong hands, it means unauthorised people can access data and use it in a number of ways that will pose problems to your business.

Poor password practises plague businesses of all sizes, for a very good reason: with an average of 70-80 passwords to remember, many people fall back on simple, easy to recall passwords.

Some employees are guilty of reusing passwords, writing down passwords in notepads, or even on post-it notes that are easily found, not realising the impact of their actions.

It only takes one compromised password to gain access to your systems, so ensuring your team has positive password habits can be the difference between an attacker breaching your system, or moving onto a business without cybersecurity training.

Using unauthorised software

Another common issue that affects organisations of all sizes is employees using unauthorised software, such as free online editing software that contains malware.

Company systems have even been compromised because employees have streamed a sports event, or accessed a similar unauthorised online service. It highlights the risks of general internet usage on company machines, especially those without the knowledge required to spot and stop malware attacks.

Not updating software

Software updates are critical to keep systems protected, as security updates are required to combat new threats and vulnerabilities. If employees do not update the software on their PC or laptop when required, this can leave your company systems at greater risk of security breaches.

By training your team to effectively manage their software updates – even when it means potential downtime – you will reduce the risk of your systems being compromised.

Improper handling of sensitive data

One type of human error that can cause significant damage to your company is the improper handling of sensitive data, for example, sending sensitive data to the wrong recipient by mistake or storing data without adequate protection. Not backing up important data is another error that can have major consequences if data is lost… not to mention some awkward phone calls!

Far beyond reputational damage alone, improper handling of sensitive data can have serious financial consequences if, for example, GDPR or DPA legislation is breached.

Using unsecured internet connections

With more people working remotely as a result of the COVID-19 pandemic, there has been a dramatic increase in security breaches caused by the use of unsecured internet connections – like those found in our homes, or in public places like coffee shops.

Using public Wi-Fi without using a VPN, or even having default passwords set on your home Wi-Fi, can leave your company systems open to cyberattacks.

Opening email links or attachments

Phishing attacks are the number one cause of data breaches, with an astonishing 3.4 billion phishing emails sent per day.

More concerning still, such phishing attacks are growing increasingly sophisticated, utilising elements of your digital footprint to create tailored spear-phishing attacks.

Other types of attacks, might send text messages claiming to be a person or company that the person interacts with and trusts. Within the email or text, they encourage the recipient to click on a link that takes them to a dangerous site.

Sometimes employees are more vulnerable to some of these errors because they have a heavy workload, other times it’s simply because they don’t have the knowledge required to spot an attack before they fall victim.

How can Bob’s Business help you?

Bob’s Business provides highly effective online cybersecurity training solutions that reduce your risk of falling victim to human error. We provide your employees with a comprehensive understanding of what threats they need to be aware of and their potentially harmful behaviours. We will even simulate phishing attacks, so you can be sure your staff know what to do in the event of a breach.

As new threats emerge, our training is regularly updated to keep employees informed of new cyberattack techniques, so they can easily identify threats and take the correct actions to protect your business.

Ready to learn more? Click here.

What is your digital footprint and how can you minimise it?

In today’s day and age, it’s virtually impossible to use the internet without leaving footprints in the (digital) sand.

Whether it’s the public playlist we make on Spotify, the office selfies we take at our Christmas parties or the information we let slip on our social media profiles, we run up a large digital footprint each day.

But what is your digital footprint, why is it important and how can you minimise it? Join us as we share everything you need to know.

What is a digital footprint?

Your digital footprint is the sum total of the data that you leave behind as you use the internet, whether that’s posts on social media, online purchases or any other publicly available data on yourself. This can either be passive or active.

Passive footprints are data that gets collected without you even knowing, such as where you came from when the footprint was created and your IP address. An active footprint, however, is information that you have optionally shared on websites (cookies) or social media, such as social media comments, profiles or forum interactions.

For example, if you have a profile on Facebook and LinkedIn, strangers can find out personal information about your life and your career. In just a few clicks, an attacker can begin to build a pretty accurate picture of who you are. This is why you’ll often see relevant ads on social media, as companies can target you based on your internet history, interests and purchasing intentions.

Why is your digital footprint an issue?

With so much of our lives lived online, knowing what we’re leaving out in the open has become incredibly important.

However, understanding your digital footprint’s contents is even more so. Why? Because whilst your publicly available data can be personally useful, cybercriminals can also exploit it for their own ends, using it as the basis of spear-phishing attacks or in identity fraud.

Additionally, your digital footprint can be permanent, as once the data is public there is very limited control of what happens to it or how others will use it. Employers can research you on social media and can make instant hiring decisions based on people’s social media presence.

What can I do to minimise my digital footprint?

Check your digital footprint

You can easily check your digital footprint by searching your name on Google. Use your full name and include any spelling variations.

This will allow you to see what information is currently available publicly, and what a stranger can easily find out about you. If any of the results are negative, or you want something removed, contact the site administrator of that website and ask if it can be removed, or log in and remove the information yourself if you can.

Abstain from posting personal details online

Whilst you may think it’s harmless posting about your dog or birthday, these details are often used as passwords to many sites, and therefore can be easily exploited as hackers can use this info to get into your banking and other important sites.

Additionally, check your social media privacy settings. By ensuring that only your friends can see your updates, you prevent strangers and hackers from building a full picture of who you are.

Be careful of public WiFi

Using public unsecured wifi is an easy way to give out personal information. You don’t know who set up that wifi and who is watching.

Never send any personal information when using these wifi networks – wait until you get home and can use a private secure connection, or use a VPN to connect securely. While you are out and about, your phone’s hotspot is a great alternative.

Password security

Ensure your passwords are the strongest they can be. A strong password contains a mixture of upper and lower case letters, numbers and symbols and never includes any personal details such as name or date of birth.

The more complex your password is, the harder you are to hack. Don’t record your passwords anywhere and try to use a different one for each of your accounts.

Keep your software up to date

There are numerous viruses and digital malware that’s designed to mine your data, so it is important to ensure your anti-virus software and any other programmes are kept up to date to protect you against the latest security issues. Older software is easier to breach and leaves you open to more avenues of attack.

To find out more about your digital footprint and how to minimise it, enrol your team on our new Digital Footprint course and reduce your organisation’s risk of being breached.

The cybersecurity risks of working from home

There are few aspects of our society that haven’t been directly impacted by the Covid-19 pandemic, and businesses are no different, with the vast majority forced into a quick transition towards working from home measures, to protect their staff during these uncertain times.

The changes haven’t been temporary, either. Gov UK found that at the beginning of November 2021, some 67% of adults reported travelling to work daily, suggesting that a proportion of the remaining 33% are continuing to work from home.

Cybersecurity and threats to organisations have been severely impacted. Switzerland reported an increase in cybersecurity attacks at the beginning of the pandemic. Statistics showed that there were more than 350 cybersecurity attacks per week in April 2020, compared to 100-150 attacks throughout the same period in 2019.

Indeed, 2021 has seen a record number of cyber incidents recorded by the NCSC. But what’s been causing the rise in attacks?

Cybersecurity and the coronavirus

A spokesperson from Kaspersky cybersecurity lab in Switzerland stated that the working from home situation in the country was one of the primary reasons for this increase, as the vast majority of employees did not have access to the level of security they would have had were they in the office.

In their annual survey series, Gov UK stated that having company personnel work from home made it more difficult for IT and cybersecurity departments to keep an eye on how files were being accessed, how often internet software was being updated and how frequently staff were trained to strengthen protection.

One area of significance was the introduction of virtual meetings on platforms such as Google and Zoom. Deloitte found that from February to May 2020, more than half a million people reported their personal data being sold on the dark web as a result of their video meetings being hacked. This change in the way people’s data was being stolen is not surprising, with Deloitte also recording a 15% increase in the new methods hackers were using to attack software and steal data.

However, official statistics from Gov UK shows that in 2021, there has been a decrease in the reporting of cybersecurity attacks. Whilst this may seem positive, it is in fact very concerning. The government warns that instead of a decrease in attacks occurring, there is a decrease in companies realising they have been breached.

So, why is this happening?

Worryingly, there is a 10% decrease in the number of organisations using third-party cybersecurity tools, and a 6% decrease in organisations using any form of cybersecurity monitoring.

The real threat, however, comes from a lack of training deployed to teams. Cybersecurity awareness training is often the forgotten central pillar to any successful cyber-attack mitigation strategy. The importance of cybersecurity awareness cannot be overstated in 2022.

An astonishing 90% of successful breaches begin with simple human error, and with our teams at the heart of our organisations, it’s imperative that your teams are trained to spot and stop attacks.

Don’t make the mistake of ignoring cybersecurity threats. Let us empower your staff to protect your business! View our range of courses that can help protect your employees, including one designed for those working from home.