2021’s biggest breaches (and what they can teach you)

We’re officially made it to 2022, and although the New Year brings plenty of promise, there’s always value in looking back to see what we can learn from the previous twelve months.

2021 was, of course, a challenging year for many individuals and organisations for a number of reasons. Compounding those difficulties, though, data breaches continued to threaten the viability of businesses and other organisations last year, with criminals taking advantage of the uncertainty and pressures of home working.

Around half of all businesses were subjected to a cybersecurity breach in 2021, with medium-sized businesses even higher at 65%. This pattern of increasing numbers of breaches is expected to continue, so it’s crucial that we learn what we can from the breaches of the previous 12 months so that you can develop and refine your cybersecurity strategy for 2022.

These are some of the highest-profile breaches in 2021 – and what you can learn from them:

What were the biggest breaches of 2021?

LinkedIn

In June 2021, data associated with 700 million LinkedIn users was posted in a forum on the Dark Web.

That number accounted for 92% of all LinkedIn users and included full names, email addresses, social media account details, phone numbers and geolocation records. More than simply embarrassing for LinkedIn, however, this data is could be used by social engineers to use in identity theft attacks.

LinkedIn issued a statement to say that there had not actually been a data breach and that data had been scraped from the website by bots. However, some cybersecurity experts believe that LinkedIn APIs that share data with other websites were abused.

Crucially, it highlighted the value of training your team to understand what they’re making available online – regardless of its visibility.

Colonial Pipeline

Few breaches in 2021 were as visible as that on Colonial Pipeline, an American oil pipeline that carries 3 million barrels of fuel per day across America, from Texas to New York.

On May 6th, the company was hit by a ransomware attack that encrypted their data and held them to ransom, pausing the pipeline in the process and causing a significant shortfall in available gasoline.

Short of options, Colonial Pipeline, paid the ransom (a fee of around $5m), but the financial impact of the attack amounted to much more than that. The Chief Executive revealed that the attack used a legacy VPN system that did not have a multifactor authentication in place and hackers were able to steal a password.

As is the case with many attacks, a single password allowed hackers to disrupt the entire pipeline, once again highlighting how important it is to train everyone in your organisation on how to create, secure passwords with effective multi-step verification.

Facebook

Showing that no company is too big to be breached, social media giant Facebook was also hit with a major data breach in 2021.

A leaked database containing 533 million accounts was discovered with data including personal information such as full names, email addresses and phone numbers. It is thought that attackers were able to create a data set by abusing a Facebook address book contacts import feature.

With phone numbers made visible, Facebook users were exposed to attacks that would otherwise be prevented by two-factor authentication methods. Although Facebook declined to notify individuals whether they’d been part of the breach, 4.9% was wiped from their stock price and the company was later rebranded as Meta in a bid to shift the perception of their company.

Why should you care?

You might be thinking why you should care. After all, the breaches above were to high-profile, high-value targets. Who would go after an SME when there are far bigger targets available?

The answer is simple: small and medium-sized companies typically deploy far less training than larger organisations and often employ purely technological systems like firewalls and email filters to protect them from attacks.

The result? 40% of small businesses in the UK experience a cyber-attack each year.

With cybercriminals continuing to develop new, more sophisticated techniques and methods to steal data, it’s vital that you take steps to protect your organisation from a breach before it’s too late.

How to protect your business from cyberattacks

To give your company the best chance of avoiding breaches, it’s important to get everyone in your organisation on the same page. As the Colonial Pipeline hack proved, just one error from a single employee can bring a massive company to its knees.

Doing that begins by providing high-quality cybersecurity training to employees. With 90% of breaches occurring as a result of human error, giving your team the knowledge they need to protect themselves and your company is quite simply the most effective way of reducing your risk of breach.

Bob’s Business provides engaging online training solutions to raise cybersecurity awareness amongst employees so that they can capably protect the business from a wide range of online threats.

Find out more about our cybersecurity awareness training by clicking here.

Melanie Oldham awarded OBE in New Years honours list

For her outstanding contributions to cybersecurity under the YCSC (Yorkshire Cyber Security Cluster), CEO of Bob’s Business, Melanie Oldham has been awarded an OBE in the Queen’s 2022 New Year’s Honours List.

The award recognises Melanie’s service in helping develop cybersecurity awareness across Yorkshire and the rest of the United Kingdom.

Melanie’s work in cybersecurity is well-known through her innovative company Bob’s Business, founded in 2007, which has helped transform cybersecurity awareness amongst organisations across the UK from its base in Barnsley, South Yorkshire.

Hailing from Yorkshire, Melanie found that many of the opportunities found in the South simply weren’t available in the North of England and set about to change that for the better.

Melanie recognised an opportunity to encourage cross-collaboration of cybersecurity sector organisations and founded the YCSC, a self-funded non-profit organisation in Yorkshire which aims to build awareness around cyber and increase career opportunities in cybersecurity for young people by improving talent and increasing school engagement on the subject of cybersecurity.

Speaking on her recognition in the New Year honours list, Melanie stated: “I am truly honoured to be awarded an OBE for services to cybersecurity.

As a woman in a largely male-dominated industry, it is my firm belief it’s crucial that we continue to give opportunities and support to those who want to enter the sector, and to view talent without preconceptions. To be recognised as a leader in cybersecurity sends a positive message that, regardless of their background, a career in cybersecurity is possible for anyone.”

Temp

Is human error harming your business?

Let’s cut to the chase, if you’re wondering whether human error is harming your business, then the answer to this question is almost definitely yes.

We’re all human, and so we understand that mistakes can never truly be eliminated, but the fact remains that those small errors can be a major risk for businesses, as both decision-based and skill-based errors can lead directly to a major cybersecurity breach.

A study from IBM revealed that human error is the main cause of 95% of cybersecurity breaches, with hackers exploiting this area of weakness for their own gain.

What may surprise you, however, is that these errors are not only often small in scope, but can often be trained out of your team. Here are just a few examples of the types of human error that cybercriminals are capitalising on:

Using weak passwords or writing passwords down

When a password falls into the wrong hands, it means unauthorised people can access data and use it in a number of ways that will pose problems to your business.

Poor password practises plague businesses of all sizes, for a very good reason: with an average of 70-80 passwords to remember, many people fall back on simple, easy to recall passwords.

Some employees are guilty of reusing passwords, writing down passwords in notepads, or even on post-it notes that are easily found, not realising the impact of their actions.

It only takes one compromised password to gain access to your systems, so ensuring your team has positive password habits can be the difference between an attacker breaching your system, or moving onto a business without cybersecurity training.

Using unauthorised software

Another common issue that affects organisations of all sizes is employees using unauthorised software, such as free online editing software that contains malware.

Company systems have even been compromised because employees have streamed a sports event, or accessed a similar unauthorised online service. It highlights the risks of general internet usage on company machines, especially those without the knowledge required to spot and stop malware attacks.

Not updating software

Software updates are critical to keep systems protected, as security updates are required to combat new threats and vulnerabilities. If employees do not update the software on their PC or laptop when required, this can leave your company systems at greater risk of security breaches.

By training your team to effectively manage their software updates – even when it means potential downtime – you will reduce the risk of your systems being compromised.

Improper handling of sensitive data

One type of human error that can cause significant damage to your company is the improper handling of sensitive data, for example, sending sensitive data to the wrong recipient by mistake or storing data without adequate protection. Not backing up important data is another error that can have major consequences if data is lost… not to mention some awkward phone calls!

Far beyond reputational damage alone, improper handling of sensitive data can have serious financial consequences if, for example, GDPR or DPA legislation is breached.

Using unsecured internet connections

With more people working remotely as a result of the COVID-19 pandemic, there has been a dramatic increase in security breaches caused by the use of unsecured internet connections – like those found in our homes, or in public places like coffee shops.

Using public Wi-Fi without using a VPN, or even having default passwords set on your home Wi-Fi, can leave your company systems open to cyberattacks.

Opening email links or attachments

Phishing attacks are the number one cause of data breaches, with an astonishing 3.4 billion phishing emails sent per day.

More concerning still, such phishing attacks are growing increasingly sophisticated, utilising elements of your digital footprint to create tailored spear-phishing attacks.

Other types of attacks, might send text messages claiming to be a person or company that the person interacts with and trusts. Within the email or text, they encourage the recipient to click on a link that takes them to a dangerous site.

Sometimes employees are more vulnerable to some of these errors because they have a heavy workload, other times it’s simply because they don’t have the knowledge required to spot an attack before they fall victim.

How can Bob’s Business help you?

Bob’s Business provides highly effective online cybersecurity training solutions that reduce your risk of falling victim to human error. We provide your employees with a comprehensive understanding of what threats they need to be aware of and their potentially harmful behaviours. We will even simulate phishing attacks, so you can be sure your staff know what to do in the event of a breach.

As new threats emerge, our training is regularly updated to keep employees informed of new cyberattack techniques, so they can easily identify threats and take the correct actions to protect your business.

Ready to learn more? Click here.

What is your digital footprint and how can you minimise it?

In today’s day and age, it’s virtually impossible to use the internet without leaving footprints in the (digital) sand.

Whether it’s the public playlist we make on Spotify, the office selfies we take at our Christmas parties or the information we let slip on our social media profiles, we run up a large digital footprint each day.

But what is your digital footprint, why is it important and how can you minimise it? Join us as we share everything you need to know.

What is a digital footprint?

Your digital footprint is the sum total of the data that you leave behind as you use the internet, whether that’s posts on social media, online purchases or any other publicly available data on yourself. This can either be passive or active.

Passive footprints are data that gets collected without you even knowing, such as where you came from when the footprint was created and your IP address. An active footprint, however, is information that you have optionally shared on websites (cookies) or social media, such as social media comments, profiles or forum interactions.

For example, if you have a profile on Facebook and LinkedIn, strangers can find out personal information about your life and your career. In just a few clicks, an attacker can begin to build a pretty accurate picture of who you are. This is why you’ll often see relevant ads on social media, as companies can target you based on your internet history, interests and purchasing intentions.

Why is your digital footprint an issue?

With so much of our lives lived online, knowing what we’re leaving out in the open has become incredibly important.

However, understanding your digital footprint’s contents is even more so. Why? Because whilst your publicly available data can be personally useful, cybercriminals can also exploit it for their own ends, using it as the basis of spear-phishing attacks or in identity fraud.

Additionally, your digital footprint can be permanent, as once the data is public there is very limited control of what happens to it or how others will use it. Employers can research you on social media and can make instant hiring decisions based on people’s social media presence.

What can I do to minimise my digital footprint?

Check your digital footprint

You can easily check your digital footprint by searching your name on Google. Use your full name and include any spelling variations.

This will allow you to see what information is currently available publicly, and what a stranger can easily find out about you. If any of the results are negative, or you want something removed, contact the site administrator of that website and ask if it can be removed, or log in and remove the information yourself if you can.

Abstain from posting personal details online

Whilst you may think it’s harmless posting about your dog or birthday, these details are often used as passwords to many sites, and therefore can be easily exploited as hackers can use this info to get into your banking and other important sites.

Additionally, check your social media privacy settings. By ensuring that only your friends can see your updates, you prevent strangers and hackers from building a full picture of who you are.

Be careful of public WiFi

Using public unsecured wifi is an easy way to give out personal information. You don’t know who set up that wifi and who is watching.

Never send any personal information when using these wifi networks – wait until you get home and can use a private secure connection, or use a VPN to connect securely. While you are out and about, your phone’s hotspot is a great alternative.

Password security

Ensure your passwords are the strongest they can be. A strong password contains a mixture of upper and lower case letters, numbers and symbols and never includes any personal details such as name or date of birth.

The more complex your password is, the harder you are to hack. Don’t record your passwords anywhere and try to use a different one for each of your accounts.

Keep your software up to date

There are numerous viruses and digital malware that’s designed to mine your data, so it is important to ensure your anti-virus software and any other programmes are kept up to date to protect you against the latest security issues. Older software is easier to breach and leaves you open to more avenues of attack.

To find out more about your digital footprint and how to minimise it, enrol your team on our new Digital Footprint course and reduce your organisation’s risk of being breached.

The cybersecurity risks of working from home

There are few aspects of our society that haven’t been directly impacted by the Covid-19 pandemic, and businesses are no different, with the vast majority forced into a quick transition towards working from home measures, to protect their staff during these uncertain times.

The changes haven’t been temporary, either. Gov UK found that at the beginning of November 2021, some 67% of adults reported travelling to work daily, suggesting that a proportion of the remaining 33% are continuing to work from home.

Cybersecurity and threats to organisations have been severely impacted. Switzerland reported an increase in cybersecurity attacks at the beginning of the pandemic. Statistics showed that there were more than 350 cybersecurity attacks per week in April 2020, compared to 100-150 attacks throughout the same period in 2019.

Indeed, 2021 has seen a record number of cyber incidents recorded by the NCSC. But what’s been causing the rise in attacks?

Cybersecurity and the coronavirus

A spokesperson from Kaspersky cybersecurity lab in Switzerland stated that the working from home situation in the country was one of the primary reasons for this increase, as the vast majority of employees did not have access to the level of security they would have had were they in the office.

In their annual survey series, Gov UK stated that having company personnel work from home made it more difficult for IT and cybersecurity departments to keep an eye on how files were being accessed, how often internet software was being updated and how frequently staff were trained to strengthen protection.

One area of significance was the introduction of virtual meetings on platforms such as Google and Zoom. Deloitte found that from February to May 2020, more than half a million people reported their personal data being sold on the dark web as a result of their video meetings being hacked. This change in the way people’s data was being stolen is not surprising, with Deloitte also recording a 15% increase in the new methods hackers were using to attack software and steal data.

However, official statistics from Gov UK shows that in 2021, there has been a decrease in the reporting of cybersecurity attacks. Whilst this may seem positive, it is in fact very concerning. The government warns that instead of a decrease in attacks occurring, there is a decrease in companies realising they have been breached.

So, why is this happening?

Worryingly, there is a 10% decrease in the number of organisations using third-party cybersecurity tools, and a 6% decrease in organisations using any form of cybersecurity monitoring.

The real threat, however, comes from a lack of training deployed to teams. Cybersecurity awareness training is often the forgotten central pillar to any successful cyber-attack mitigation strategy. The importance of cybersecurity awareness cannot be overstated in 2022.

An astonishing 90% of successful breaches begin with simple human error, and with our teams at the heart of our organisations, it’s imperative that your teams are trained to spot and stop attacks.

Don’t make the mistake of ignoring cybersecurity threats. Let us empower your staff to protect your business! View our range of courses that can help protect your employees, including one designed for those working from home.

The industries most at risk of cyberattacks

When it comes to being a target of a cyberattack, there’s something of a misconception commonly held by organisations. Namely, cyberattacks are something that happens to other organisations.

While the news is often full of stories about large global firms getting targeted and falling victim to attacks, the vast majority of attacks focus on small businesses, charities and public sector organisations.

More distressing still, the volumes and frequency of cyberattacks have been increasing at an alarming rate over the last few years, costing businesses significant money and causing major disruption.

Just this week, over 300 Spar stores had to temporarily close due to cyberattack, with criminals targeting the company that operates the convenience store’s till and IT systems, compromising Spar’s ability to take payment. It’s a stark reminder of why companies need to be vigilant.

Retail, however, is just one industry that is commonly targeted for cyberattacks, with some industries being targeted on a regular basis. These are the industries that are most at risk:

Healthcare organisations

The most significant concern regarding cyberattacks in the healthcare industry is that a successful attack does more than financial or reputational damage, they put people’s lives at risk.

The healthcare system industry has proven particularly susceptible to ransomware attacks, notably the WannaCry attack, which hit more than 60 NHS trusts and ground healthcare to a halt.

Small businesses

Small businesses might not seem a natural target for cybercriminals, especially with significantly greater riches available by targeting bigger firms.

This view, however, fails to take into account how difficult it is to breach a small business, rather than a large one. With little by way of cybersecurity training deployed in many small companies, it can prove a simple task to gain access to their systems.

Research revealed that 43% of cyberattacks were targeting small businesses and phishing attacks to specific targets are very common.

Government agencies

More than a target for cybercriminals, government agencies of all sizes are regularly targeted by nation-states and private hacking organisations due to the confidential and high-value data that is stored on government agency records. It is common for hackers to breach system security to steal highly confidential information.

Local councils alone are subject to an average of 19.5 million cyber-attacks a year, highlighting the threat level that governmental teams of all sizes face from cybercriminals and fraudsters.

Read our Government and Local Authority case study here.

Financial institutions

Banks and other financial institutions are, naturally, an extremely high-value target for cybercriminals. After all, where there’s money, there will always be people willing to steal it.

An incredible one-third of phishing attacks are aimed at financial institutions, costing banks an average of £13m annually in losses and fines.

More than simply financial damage though, breaches of financial sector organisations erode trust between consumers and other institutions.

Read our Financial Services case study here.

Education

A recent study found that UK universities are hit by a successful cyberattack every three hours, and 87% of them have experienced at least one breach.

With many universities funding world-leading research, cybercriminals see high-value targets within universities and other educational sector organisations. Hackers have been able to bring education systems down, affecting high numbers of students around the world.

Energy and utility companies

Another industry that has been frequently targeted is energy and utility suppliers. Hackers have been able to stop the supply of energy and hold the companies to ransom, causing severe disruption to the company and their customers.

According to an analysis from the Department for Digital, Culture, Media and Sport, the utilities sector ranks sixth-highest for mean investment in cybersecurity with an average spend of £5,420 per year. This, despite having arguably the most to lose in a potential attack.

Read our Energy & Utilities case study here.

In 2022, it is expected that cyberattacks will yet again increase, making it more important than ever to ensure that, no matter your sector, you have adequate security and training in place to keep your business protected.

Bob’s Business provides highly effective online training that can help small and large businesses to protect their IT systems by empowering employees to take the right actions to avoid falling for scams or compromising data.

Find out more about Bob’s Business’ cyber awareness training and discover how to improve your cybersecurity.

Your 2022 cybercrime forecast

If you want to make sure that your business has a successful future, it’s essential that you put processes and strategies in place that ensure you hit your targets. With digital solutions now at the heart of virtually every company, it won’t come as a surprise to hear that your online systems must have adequate security to prevent the risk of cyberattacks too.

Since the start of the COVID-19 pandemic, there’s been a significant increase in cyberattacks, largely aimed at the security vulnerabilities presented by people working from home.

More concerning still for SMEs, the weight of attacks have fallen on small businesses that might not have considered themselves to be at risk.

2022 promises more of the same. So, to help your business enjoy a safe and secure 2022, we’ve cast our minds to the future to predict what we think the major challenges organisations will face over the next twelve months. Ready to find out more?

These are the cybercrime threats to look out for in 2022:


Pandemic-related phishing

COVID-19 is, unfortunately, a continued reality going into 2022 and potentially, beyond.

Having already led to a fundamental shift in our working habits, driving many into a work-from-home environment, new variants could yet close offices in the new year, causing further disruption.

Although much of the cybercrime around the pandemic took advantage of reduced security in home office environments, a large portion of attacks looks to capitalise on the fear, uncertainty and doubt generated by the pandemic.

Countless phishing emails sprung up around the pandemic, like fake NHS emails asking people to pay for a vaccination or a test. Indeed, research found a 220% increase in phishing emails around the peak of the pandemic – a figure we might see repeated, should the global health situation enter another perilous phase.

Data breaches

Data breaches, regardless of their source, remain the most costly and disruptive cyber threats to organisations. In 2022, data breaches will remain a significant threat to organisations.

Worryingly, almost a third of all data breaches happen to small businesses, as cybercriminals take advantage of weaker security measures due to smaller cybersecurity budgets caused by a tightening of purse strings. Data breaches can result in large fines as well as cause significant reputational damage to the business brand, so it is important to ensure employees receive cybersecurity awareness training to reduce your risk of breach.

Ransomware attacks

Ransomware attacks, where a target’s data is encrypted and held hostage until money is sent to the attacker, have been a reality for over 30 years now, but their increasing appearance is cause for alarm. Need proof? The first half of 2021 saw a 93% increase in attacks compared to the same period of the previous year!

Ransomware attacks are expected to increase in 2022, which is bad news for businesses. With more and more of us working from home, the gap between the office at work and the office at home is widening and causing issues that organisations are still scrambling to address.

Mobile malware

Another growing concern is mobile malware, targeting company phones and smart devices of people working from home.

Cybercriminals have been utilising machine learning and artificial intelligence to make even more sophisticated malware attacks. With mobile malware, criminals can disable devices and force the owners into paying a ransom to have their mobile re-enabled.

We’ve highlighted just a handful of the cybersecurity threats lurking on the horizon and expected to cause severe problems for businesses in 2022, but they are far from the only concerns going into the New Year.

So, how do you protect your organisation?

With 90% of breaches occurring as a result of human error, by far the most effective way to protect your business from cyberattacks is to ensure that your employees have high-quality cyber awareness training. Bob’s Business provides engaging, cost-effective online training covering essential topics such as cyber awareness.

Find out more about our unique training solutions.

How experiential learning can strengthen your cybersecurity

As the risk of cyberattacks continues to grow for businesses, reaching record levels in 2020, it has never been more important to ensure that your teams stay informed about new cyber threats, as well as emerging technology and other tools that are able to enhance cybersecurity and combat online threats.

Developing employee cyber awareness is one of the most effective ways to protect your company from cyberattacks, as in 90% of successful breaches, it is employees who are targeted first.

At Bob’s Business, we believe in creating training solutions that your team actually want to take, and that means using innovative training theories. Join us as we explain.

How learning theories can be utilised in digital training

It is easy to see why it is important to invest money and time into cyber awareness, but as a business, you also need to see optimal results in return for that investment.

That means finding and investing in the most effective training solutions, designed to boost employee cyber awareness.

As we discussed in our last blog, experiential learning is a theory introduced by David Kolb in the 1970s. In short, it’s the theory of learning by doing.

We apply the experiential learning theory to the narrative-driven technological training solutions, Bob’s Business can boost cyber awareness within your organisation to levels that traditional training methods cannot achieve.

But why do we do it? It’s simple, research suggests that the knowledge retention rate of experiential learning can be as high as 90% – far higher than traditional training seminars, books or videos, for example.

So far, we’ve incorporated narratively-driven animations, gamified learning and quizzes and phishing simulations into our training, but now we’re ready to introduce a new type of experiential training experience: remote escape rooms.

Introducing remote escape rooms from Bob’s Business

Escape rooms have grown to become an established entertainment product, but their use in training has largely been ignored – until now.

Hack the Hacker is the first remote cybersecurity escape room, built to teach groups of up to ten at a time vital cybersecurity habits by having them explore the room together, solving clues and cracking the code at the heart of the mystery.

With workers now often spread out across the country, we’ve built Hack the Hacker to work for every organisation. The escape room connects your team together via Zoom where they guide a single avatar around the room, giving them instructions, so they can easily access it from home.

We’ve always battled against notoriously boring traditional cybersecurity training. Now with Hack the Hacker, our remote escape room, we’re bringing cybersecurity to life in an innovative and enjoyable way, one which bonds teams and builds knowledge.

Curious? Find out more about our virtual escape room and how this approach is a game-changing development for cybersecurity training.

What is experiential learning?

Everyone knows that Investing in employee learning and development delivers countless valuable benefits to businesses, but what many forget is that in order to optimise the outputs from learning and development strategies, businesses need to deploy varied learning experiences.

Learning theories have been researched for centuries, and David A. Kolb’s Experiential Learning Theory is one that has received significant acclaim and has been implemented to great effect in a wide range of learning environments.

But what is it, how can it help your employees working from home and how does it work?

What is experiential learning?

Experiential learning is based around a four-step cycle:

  • Experience
  • Reflect
  • Think
  • Act

At its core, experiential learning is learning by doing.

The learning process starts with the person experiencing something, like doing a task for example. They then have time to reflect on that experience, taking away what they have learned from the experience. After the thinking step, the person then makes a decision to act, by trying out what they have learned.

The beauty of experiential learning is that all of us are already doing it, each and every day. As such, we often don’t realise we are learning this way, as it feels like a natural process that requires no conscious decision to do it.

By taking the concept of experiential learning into the often artificial world of workplace training, we can help embed lessons effectively in both the short and long term memory.

How can home workers enjoy experiential training?

Due to the pandemic and the government’s work from home advice, many businesses are still operating with employees working from home, either part or full time.

Even with many workplaces reverting back to pre-pandemic working arrangements, there is still a large number of companies that are allowing employees to work from home and this is expected to remain the case in the near future.

It’s a shift which has brought a good number of benefits for businesses, being safer from a health point of view and requiring less office space and allowing employees more flexible working hours.

However, one of the drawbacks of having a workforce working from home is that it limits some of the learning opportunities that would be available in the workplace. For example, learning from other members of the team is restricted, as they are not physically working together.

It limits the potential of experiential learning, so how can your home working teams get involved?

Experiential learning through digital solutions

There are lots of digital technology solutions that have been developed around the experiential learning approach, including training activities that we at Bob’s Business utilise, like our phishing simulations and interactive courses.

Playing games that test skills and knowledge is another way that experiential learning is applied in digital training solutions.

At Bob’s Business, we put our focus on innovative digital training that combines cutting-edge technology with effective learning methodologies to ensure employees develop and thrive, to help businesses succeed in today’s challenging markets.

For a sneak peek at where we’re taking our innovative experiential training next, check out our blog on how experiential learning can help strengthen your cybersecurity.

What do hackers use your data for?

You’re probably already aware that hacking is becoming a bigger and bigger problem for organisations of all sizes, despite the sophisticated cybersecurity software that is often pushed forward as a ‘cure’.

2020 was a record-breaking year for hacking attempts against UK firms, owing largely to the fact that with many of us working from home, our personal security levels have slipped.

The fallout from a successful hack can be extensive, including reputational damage, fines and loss of customer trust. But what do hackers get out of the deal?

Here are some of the things that hackers use stolen personal information for:

Identity theft

Criminals often illegally access data so that they can steal someone’s identity for financial gain. For example, they can use personal information to apply for loans and credit cards in the victim’s name. In some cases, identity thieves can purchase goods using financial details.

When hacking organisations, a criminal may steal the identity of a trusted senior team leader to encourage more junior staff to give over crucial data.

Selling onto other criminals

It is quite common for cybercriminals to sell data to other criminals on the dark web. The buyer will then use the data for identity theft and other crimes. Hackers sell certain pieces of personal data, sometimes using a shopping list of prices, where there will be a set price for information such as credit and debit card information.

Account takeover

Hackers can use data to take over accounts such as shopping accounts. They will usually change your password so that you will not be able to log into your account, so you might not notice that they have taken over your account immediately.

In targeted phishing attacks

By using personal information, cybercriminals can make phishing attacks seem more authentic, by using the information in the email and tricking victims into thinking that the email is genuine. In these cases, a breach is often just the start of a longer-term series of attacks.

To cause reputational damage

Another way that hackers can use stolen data is to cause embarrassment and reputational damage to companies. Hackers may try to blackmail people, threatening to leak data that would cause harm to the company.

How do you protect your company from hackers?

If your company stores personal information about customers or employees, then it is important that appropriate security measures are in place as per the data protection regulations. 

Having the most up to date software installed on your company’s computers is one of the most effective ways to protect data, as well as deploying a number of other security solutions such as firewalls and making sure your website incorporates the highest level of security protection.

However, even with the most expensive security systems in place, your company may still be vulnerable to hackers when they target employees through phishing emails and other scams. This is because 90% of breaches start with simple human error.

Therefore, the best method of boosting data security in your organisation is to regularly educate and train employees, so that they know what a scam looks like and what to do if they receive one.

Bob’s Business designs effective online training solutions to empower employees to protect their company by increasing their cyber security awareness, using award-winning techniques like our innovative courses and phishing simulations

To ensure that your company is as well protected as possible, see how our training courses and simulations will boost your online security.