Meet the women shaping the cybersecurity industry

Whilst the demand for cybersecurity expertise has never been so high amongst organisations, there remains a significant skills shortage within the industry.

Indeed, according to UK Government research, 50% of all UK businesses have a basic cybersecurity skills gap, and 33% have an advanced skills gap. It’s a situation that makes the relative rarity of women in cybersecurity all the more confusing.

Just 24% of all cybersecurity employees worldwide are women, a dramatic increase from the 11% in 2017, but still far from parity.

While progress is being made, we still have a long way to go regarding improving diversity in our sector.

In this blog, we’re chatting with female role models in the sector leading the way for a change. Let’s get started.

Meet the panelists

Melanie Oldham OBE, Founder and CEO of Bob’s Business

Melanie’s journey began back in 2007 when she was tasked with supporting the IT team at the Mid Yorkshire Chamber of Commerce to develop a method of translating cybersecurity into a format that staff would easily understand.

16 years later, Melanie has become a leading voice and respected force in the infosec sphere, dedicating herself to raising cybersecurity awareness within organisations and breaking down the barriers between IT teams and their staff. In the 2022 New Year’s Honours List Melanie was awarded an OBE for Services to Cybersecurity.

Carolyn McKenna, Head of Security Demand, Capability & Awareness at Smart DCC

Carolyn is the Head of Security Demand, Capability & Awareness at Smart DCC – the company that has designed, built, and now manages the technology infrastructure that underpins the smart meter roll-out for Great Britain.

With a background in Information Security compliance, as well as Business Continuity Management Systems, she worked in the telecoms sector for over 25 years, before moving over to Smart DCC and the energy sector in 2018.

Anya Bridges, Junior Project Manager, Bob’s Business

Anya joined Bob’s Business in September 2020, aged just 16, as a Cybersecurity Apprentice keen to discover a sector firmly on the rise.

Since then, she’s enjoyed her own remarkable rise through the ranks, receiving promotions to Cybersecurity Technician and, most recently, Project Manager. The latter is a role she’s also undertaken at the Yorkshire Cyber Security Cluster (YCSC), before graduating to the Steering Committee.

Along the way, she’s received awards and PRINCE 2 Qualifications.

Cathryn O’Shea, Online Security and Support Manager at Cornerstones Education

When Cathryn graduated from the University of Huddersfield in 2014 with a degree in music, she had no idea what she wanted to do with her career.

She took an office administration job at Cornerstones Education, which was just about to launch its first online platform for schools. Cathryn helped populate the platform with content and users and built an effective customer journey.

The big challenge came when schools started asking security-based questions about their system, especially with the introduction of the GDPR, so Cathryn and the team decided to go all out and implement ISO 27001 across the business.

Caroline Kaye, MD and Principal Consultant at CRK Consulting Limited

Caroline is a mum of two, running her own consultancy business, CRK Consulting Limited, delivering ISO 27001, ISO 9001 and GDPR to businesses across the UK.

Educated to a degree level in IT and working in numerous IT roles, cybersecurity seemed a natural way forward for Caroline. The first opportunity to implement an Information Security Management System came when she worked for an IT company, and ISO 27001 certification was required to secure a large contract.

Fast-forward to today, and 2024 marks the 10th anniversary of Caroline running her own business, in that time she has worked across multiple industries such as manufacturing, software development, education and training, market research and finance, and has never looked back.

We asked them a series of questions about their achievements, the state of the industry and what they think the future holds for women in cybersecurity.

What are your greatest achievements within the cybersecurity industry?

Melanie: “Helping IT & compliance teams break through the communication barriers that exist between them and end users. Getting everyone to understand the benefits of adopting good cybersecurity practices and how a subject that creates so much resistance can really be made simple.”

“Organically growing a project that was a passion into an award-winning, internationally recognised business that provides employment and stability to a diverse hugely talented team of individuals.”

Carolyn: “I think my greatest achievement to date is creating Smart DCC’s first intake of Degree Apprentices. We partner with Manchester Met University on their Digital & Technology Solutions Degree Apprenticeship, with four fantastic colleagues now in their final year of the course – following Cybersecurity or Data Analytics pathways. It’s such a privilege to be involved in shaping early careers.”

Anya: “As a young woman in tech, my achievements in cybersecurity include receiving the Special Recognition Award for Cyber Apprentice of the Year in 2023 and leading on impactful processes and projects for the business.”

Cathryn: “When Cornerstones planned to implement ISO 27001 in January 2018, I was promoted to Online Security and Support Manager, given the standard, and given four months until the certification audit to get things in place.”

“With the help of my fantastic team, Cornerstones are now fully certified, and is successfully monitoring and maintaining their Information Security Management System.”

Caroline: “When my clients have that light bulb moment when it all falls into place and makes sense, this gives me a warm fuzzy feeling inside knowing that I can walk away from the company and they no longer need my services. They have the skills and confidence to manage their own systems and risks. That’s a job well done.”

What advice would you give to women seeking a career in cybersecurity?

Melanie: “I think it’s essential to acknowledge bad things are going to happen, but what’s important is how quickly you dust yourself off and rise to the challenge. Accepting this has helped me develop a resilience that keeps me going when curve balls come bounding in and knock me off my feet!”

“It’s tough when your kids say ‘Mummy I hate your work, I want you to stay with me today!’ But it makes me smile when they say ‘My mum teaches people to stay safe and not be silly online’. Knowing that I am helping secure their future makes it all worth it and I have made it my personal mission to make the online world a safer place”.

Carolyn: “For girls still in school I would encourage them to step outside of what might be seen in their families or culture as traditional roles. My own daughter is 23, and works in Security Architecture at Fujitsu, having completed a Cyber Degree Apprenticeship herself.
Diversity in Security is paramount – if we all come from the same kind of background, we will all think in the same way. We need gender diversity, neurodiversity, cultural diversity and so much more in security to ensure we truly are ‘covering all bases’ regarding our ways of thinking, security controls and designs.”

“Get involved in initiatives such as Cyber First Girls Competition run by the National Cyber Security Centre, look for summer school events for cybersecurity run by companies and universities and don’t be afraid to step out of your comfort zone!”

Anya: “For women entering cybersecurity, my advice is to build a strong foundation of connections, engage in continuous learning, network actively, showcase your skills online, and most importantly have confidence in yourself.”

Cathryn: “It’s an exciting time to join the industry as the world of technology is evolving rapidly so it’s never straightforward! There’s a wealth of information, networks and support so you’re never alone.”

“I landed in this role completely out of my depth and I’m learning something new every day. Make friends, network, and don’t be afraid to challenge people and speak out.”

Caroline: “Go for it, find what area of cybersecurity best suits you, technical or governance for example, seek new challenges and opportunities, and accept that you will make mistakes, this is the best way to learn. Lean on other experts in the area, the people I have come across in this industry are so helpful and willing to share knowledge. Don’t be afraid to ask for help.”

“There are so many ways of learning, information and contacts are at your fingertips. Don’t be a know-it-all, sit back listen to people’s opinions, if you don’t agree, be constructive and work together – no one knows everything.”

What is it like to be a successful woman in an industry predominantly made up of men?

Melanie: “Initially, I found it quite awkward but now love the fact that I am able to inspire and energise an audience of IT professionals, that historically I was intimidated by. Knowing they really appreciate and respect my views and experiences is fantastic.”

Carolyn: “Whilst the industry is still predominantly male, I am definitely seeing more women these days, which is fantastic news. When I joined Smart DCC six years ago, I was the first and only female for over a year, with very few female applicants coming through – now 36% of our Senior & Wider Leadership Team is female!”

“I see many inspiring women at industry events now who have created their own successful cyber businesses, so the balance is slowly getting there. It is important to work in an environment where diversity and inclusion are evident so that you feel comfortable having your voice heard.”

Anya: “Being a woman in a male-dominated industry involves inspiring others, advocating for diversity, and navigating challenges with resilience. Despite occasional obstacles, the experience has been so fulfilling. I have been very fortunate to have a great team around me, and my male colleagues have consistently provided support and encouragement whenever I’ve needed it.”

Cathryn: “Rewarding! I’m in a unique position in that I work very closely alongside other successful women in the industry who have brought a wealth of experience to help us navigate the world of cybersecurity. Despite the challenges we’ve faced along the way, the rewards have definitely been worth the effort.”

“Outside of the workplace I conduct and play in both brass and concert bands, and I have come up against similar challenges because of my age and gender. It has given me the confidence to stand my ground as my career in the cybersecurity industry progresses.”

Caroline: “Liberating. One of my line managers (male) told me that I would never be a success after having children and choosing to work part-time, from that point he constantly ‘kept me in my place’ and told me that I wasn’t good enough. Looking back, I realise he was threatened by my skills and knowledge, eventually making me stronger and more determined. Since running my own business, I don’t see or have experienced any gender inequalities or even notice anymore that I’m the only female in the room, as my presence and input is valued, based on my experiences and knowledge gained over the years.”

“When I do take a step back and reflect, it makes me proud that I can run a successful business in a male-dominated environment, what a great message and role model for my daughter – my aim has been achieved.”

AI startup Anthropic data breach: What you need to know

Have you ever hit “send” on an email and immediately regretted it?

The consequences of such a simple mistake can be enormous, especially when the email contains sensitive information.

This scenario became a reality for Anthropic, when a simple human error led to the unintended leak of consumer data.

Let’s explore how one small oversight can have significant implications for an organisation’s reputation, and how your organisation can avoid making a similar mistake.

Understanding the Anthropic data breach

Understanding the breach

In January 2024, Anthropic, an AI startup known for its Claude family of large language models (LLMs) and chatbots, faced a cybersecurity incident due to human error.

The breach began when a contractor sent an unprotected email to a third party containing sensitive customer data, such as customer names and open credit balances.

The breach did not include banking or payment information.

Once the breach was discovered, Anthropic swiftly initiated an investigation to assess the extent of the incident and identify the underlying causes.

Anthropic stated this was an isolated incident caused by human error and not a representation of vulnerabilities within Anthropic’s systems.

However, the consequences of the breach were significant, as sensitive customer information had been compromised.

The company promptly emailed their database to confirm only a ‘subset’ of customers were affected and provided guidance on how to avoid potential phishing attacks, such as:

  • Requests for payment
  • Requests to amend payment instructions
  • Emails containing suspicious links
  • Requests for credentials or passwords

Reflecting on the breach

The Anthropic incident highlights how a small human error can lead to significant consequences.

Despite advances in technology, human error remains a major cause of data breaches. Professor Jeff Hancock’s study found that 88% of data breach incidents result from employee errors.

Notably, even large companies like Anthropic, often seen as tech leaders, can experience human error data breaches.

This challenges the belief that only smaller, less resourceful companies are vulnerable.

Such breaches can harm a company’s reputation and customer trust, especially when seen as preventable.

Anthropic’s swift apology and proactive steps to inform customers about potential scams show a commitment to addressing the issue and preventing future incidents through thorough investigation.

The Anthropic incident serves as a reminder of the importance of addressing human error in cybersecurity and taking immediate action to maintain trust and prevent future breaches.

The consequences of human error in data breaches:

  • Reputation damage: Breaches can tarnish a company’s reputation, leading to a loss of trust and credibility.
  • Loss of customer loyalty: Customers may take their business elsewhere, resulting in a decline in loyalty.
  • Financial losses: Breaches incur costs for investigation, notification, and security measures, leading to financial losses.
  • Regulatory compliance issues: Non-compliance with regulations can result in fines and reputational damage.
  • Operational disruption: Breaches disrupt normal business operations, requiring resources for resolution.
  • Legal consequences: Companies may face lawsuits and penalties for negligence in data protection.

How you can prevent human error data breaches

Employee training

Provide comprehensive cyber awareness training on data security protocols, including identifying phishing emails with simulations, proper handling of sensitive information, and adherence to company policies and procedures.

Regular awareness programs

Conduct regular awareness programs to keep employees updated on the latest cybersecurity threats and best practices for data protection.

Strong password policies

Enforce strong password policies, including regular password changes and multi-factor authentication, to add an extra layer of security.

Data encryption

Encrypt sensitive data both in transit and at rest to prevent unauthorised access in case of a breach.

Access controls

Implement access controls to limit employee access to sensitive data only to those who need it for their job roles.

Incident response plan

Develop and regularly update an incident response plan to outline steps to be taken in the event of a data breach, including communication protocols and actions to mitigate the impact.

Regular security audits

Conduct regular security audits to identify vulnerabilities and address them promptly.

Create a culture of security

Foster a culture of security within the organisation, where employees understand the importance of data protection and feel comfortable reporting potential security incidents.

How Bob’s Business can help your organisation

At Bob’s Business, we provide engaging solutions to help organisations reduce the risk of human error data breaches.

Our training and awareness programmes are designed to equip employees with the knowledge and skills necessary to identify and prevent cybersecurity threats.

To further help organisations address the growing threat of QR code phishing, we are offering a free QR code phishing campaign to test staff vulnerability!

Simply interact with the bot below to get started.

Training across generations: Cyber education from Gen X to Gen Z

There’s no denying that, when it comes to technology, the only real constant is change.

From the days of backing-up to floppy disks to saving our data to the cloud, cyber technology has undergone a wholesale revolution!

It’s also true that new generations of employees have risen to positions of responsibility within organisations, bringing new perspectives and varying levels of technical literacy and expertise to executive boards.

With each generation experiencing a different tech era, however, the question is: how does that affect your cybersecurity, and should you adapt your training accordingly?

Join us as we share everything you need to know.

Cybersecurity training from Gen X to Gen Z

Technology differences across generations

Gen X

Born between the early 1960s and the early 1980s, Generation X witnessed the transformative journey into the digital era. They embraced the advent of personal computers and experienced the early days of the internet.

Gen Xers became adept at navigating a landscape that seamlessly blended analogue and nascent digital experiences. Their technological journey laid the groundwork for the profound changes that would follow.


Spanning the early ’80s to mid-’90s, Millennials emerged as pioneers of the mobile era. Their formative years coincided with the rapid rise of smartphones and the explosion of social media platforms.

This tech-savvy generation adapted swiftly to the shifting landscape, seamlessly integrating mobile devices into their daily lives. Millennials became the architects of a more interconnected world, shaping how businesses engage with technology and each other.

Gen Z

Known as the ‘digital natives,’ Generation Z was born between the mid-1990s and early 2010s. Unlike their predecessors, Gen Zers took their first steps in a world dominated by smartphones and instant connectivity.

Growing up in an age of unprecedented access to information, they possess an innate understanding of digital platforms, making them agile navigators of the ever-evolving technological landscape. Gen Z’s perspective is shaped by a constant flow of information, influencing how they interact with businesses and consume technology.

Generational cybersecurity challenges

Understanding the different tech eras that each generation grew up in highlights why tailored training can be beneficial.

Generation X

A cautious approach:

Having grown up in the pre-digital era, they have a unique approach to technology. Their introduction to the internet occurred when the internet was far more of a ‘wild-west’ than later generations found it, resulting in a more cautious attitude towards technology. This caution significantly influences their approach to suspicious links and privacy settings.


Unlike more recent generations, they might not depend solely on smartphones for everyday convenience, which can reduce their vulnerability to specific digital risks.

Email-oriented communication:

Having witnessed the rise of email communication, Gen X often rely heavily on email for professional and personal interactions. This reliance makes them susceptible to phishing attacks targeting email platforms.

Desktop-centric work:

Gen Xers will likely be more familiar with desktop-based work environments than later generations. This familiarity may make them less vulnerable to certain cyber threats more common in mobile-centric settings.


Social media:

Millennials, being early adopters of social media, might share significant amounts of personal information online. This openness can make them targets for social engineering attacks and identity theft.

Data shows millennials are responsible for more than a third of phishing and identity theft incidents.

App-driven lifestyle:

With the creation of mobile apps, millennials tend to handle various tasks through applications. This app-driven lifestyle exposes them to risks related to app permissions, potentially compromising their data.

Research has shown Millennials show susceptibility to online dating scams, with a staggering 44% falling victim, for example – through the use of the Tinder app.

Remote work trends:

Millennials, with a higher inclination towards remote work, face cybersecurity challenges related to securing home networks, sharing sensitive information digitally, and adapting to new digital collaboration tools.

Gen Z

Poor password practise:

Research suggests that Generation Z is more likely than older generations to use the same password for both professional and personal accounts, possibly due to the convenience of managing multiple accounts and devices.

IT updates:

Gen Z tends to overlook mandatory IT updates, possibly due to their constant interaction. The constant flow of notifications makes it easy to miss updates. (58% for Gen Z, 42% for millennials and 31% for Gen X.)

Visual and video content consumption:

Gen Z’s preference for visual and video content can lead to exposure to malicious content on various platforms.

Online multiplayer gaming:

With a significant presence in online multiplayer gaming, Gen Z faces unique cybersecurity risks associated with gaming platforms, including potential exposure to scams and phishing.

Web browser habits:

Additionally, research shows Gen Z often accepts web browser cookies on their work-issued devices (48%), surpassing the rates of millennials (43%), and Gen X (31%).

Adapting training methods

A one-size-fits-all approach to cybersecurity training may not be optimal. Tailoring training methods to align with the learning preferences of each generation ensures more effective education and compliance.

Practical examples for Gen X:

Given their unique journey from the analogue to the digital age, Gen X individuals appreciate practical, real-world examples. They’ve seen the evolution from some of the first cyber threats to today’s sophisticated attacks.

Including case studies and scenarios that resonate with their experiences helps highlight the relevance of cybersecurity in their day-to-day lives.

Interactive workshops for millennials:

Millennials, having grown up in the age of smartphones and social media, thrive on interactive learning experiences. Consider conducting workshops that encourage active participation, discussions, and real-world scenarios.

Concise and visual materials for Gen Z:

Gen Z consumes information through visual mediums. Utilise concise and visually appealing materials, such as infographics, short videos, and interactive content. This approach aligns with their preference for quick, visual information, making cybersecurity concepts more accessible and engaging.

Common cyber threats

While each generation faces specific challenges, common cyber threats require all generations to be vigilant and aware.

Employees should efficiently recognise suspicious emails, links, or messages regardless of generation.

Additionally, malware doesn’t discriminate based on age.

Ensure all employees understand the importance of efficient antivirus software and regular system updates.

Emphasise the significance of strong, unique passwords across all generations. The adoption of good password practices is essential to protecting accounts.

How Bob’s Business can help your organisation

At Bob’s Business, we’re dedicated to building training experiences that fit the needs of every generation.

From our innovative, engaging and practical eLearning training to our phishing simulations, gamified experiences and more, we aim to establish strong cybersecurity practices within your organisation. That’s why we’re trusted by organisations big and small to deliver their training and protect their data.

Click here to discover our course collection.

Psychology can protect your employees against cyber attacks

Despite significant investments in cutting-edge cyber security systems, many businesses inadvertently neglect their most vulnerable asset – their employees.

It’s often not sophisticated hacking techniques that pose the most significant risk, but rather the everyday behaviours and thought patterns of individuals within the organisation.

Research consistently shows that humans can be easily manipulated into divulging confidential information by exploiting their cognitive biases and habits.

Let’s delve into why psychology is pivotal in cyber attacks and explore actionable strategies to prevent human error within your organisation.

Understanding the human element in cyber risks

According to, £4,590 is the average spend on cyber security for businesses in the UK, and for larger organisations, the average annual spend is as much as £387,000.

However, the bulk of this expenditure typically goes towards technological solutions like anti-malware and firewalls, with only about 10% allocated for cyber education.

This approach overlooks a critical aspect: nearly 90% of successful cyber attacks stem from human error rather than technical deficiencies.

Cybercriminals often exploit human psychology, finding it easier to manipulate individuals than to breach robust technical defences.

Recognising the significance of this human factor is essential for striking a balance between technological investments and providing adequate employee training and awareness.

At Bob’s Business, we emphasise addressing these vulnerabilities in our training programs to bolster overall business resilience against cyber threats.

Our research and solutions

In 2019, psychologist Sathpal Panesar joined Bob’s Business’ Technical Team through a Knowledge Transfer Partnership (KTP) project.

Sathpal’s efforts focused on developing the UK’s first evidence-based, psychologically-informed cybersecurity training program.
This research delved deep into the psychological aspects of cybersecurity, particularly understanding the human factors contributing to risky behaviours such as clicking on phishing emails.

The findings were not confined to theory; they were practically applied in simulated phishing campaigns to identify employee vulnerabilities and tailor behavioural responses.

In 2021, this KTP project received a ‘Very Good’ grade, a testament to its success despite the challenges posed by the global pandemic.

The training derived from Sathpal’s research enables employees to identify and mitigate risks associated with phishing, thereby protecting businesses from potentially costly cyber attacks.

Bob’s Business now employs behavioural analytics to develop customised training packages that significantly reduce the risk of employees falling victim to phishing attacks.

Practical strategies for defence

We provide practical strategies to defend your business against psychological cyber threats:

  • Understanding cognitive biases: Recognise and address cognitive biases among employees, such as misplaced trust in familiar emails or urgent requests.
  • Habit formation: Implement regular, repetitive training to cultivate security-conscious habits among your workforce.
  • Emotional awareness in decision-making: Provide training to help employees recognise and manage emotional responses to phishing attacks.
  • Scenario-based training: Engage employees with practical scenarios relevant to their daily tasks to enhance learning retention.
  • Continuous learning: Ensure training is regularly updated with the latest phishing techniques to keep employees informed.
  • Promoting open communication: Foster an environment where employees feel comfortable reporting potential threats and seeking advice.
  • Leadership involvement: Demonstrate leadership commitment to cybersecurity by actively participating in training and awareness programs.

How Bob’s Business can help your organisation

By understanding the human factor behind cyber vulnerabilities within your organisation, our eLearning programs are specifically tailored to address your organisation’s unique blind spots.

By integrating real-life scenarios and continuous updates, we equip your team with the skills and awareness needed to effectively defend against cyber threats, ensuring your organisation remains one step ahead.

Click here to explore the best security training solution for your organisation.

Allen & Overy Data Breach Explained

In the legal sector, where confidentiality is essential, the cost of a data breach can be astronomical.

Crucially, while cybersecurity is often seen as a matter for IT teams, many of these breaches are not due to external threats, but human error within the firms.

According to the Information Commissioner’s Office in the period from Q3 2022 to Q2 2023, insiders were responsible for 60% of data breaches in the UK’s legal sector.

It’s a fact that many law firms are finding out in real-time, including Allen & Overy.

Join us as we unpack the details of a recent breach and discuss how you can protect your organisation against this kind of threat.

Allen & Overy breach explained

Allen & Overy, a prestigious Magic Circle law firm based in London, fell victim to a ransomware attack in November 2023 that targeted several storage servers, causing considerable disruption.

This attack coincided with a major financial milestone – their merger with Shearman & Sterling.

The LockBit ransomware group, known for its disruptive cyber activities, claimed responsibility for the attack.

They threatened to release sensitive data unless a ransom was paid by 28th November 2023.

Fortunately, the firm’s core systems remained intact, including document management and email services.

A growing concern in the legal sector

This cyber attack is yet another warning to the legal sector following the collapse of another law firm, The Ince Group, after a severe ransomware breach.

Indeed, despite having strict cybersecurity measures in place, The LockBit group were able to exploit vulnerabilities within the organisation – notably, human error.

That’s why, at Bob’s Business, we emphasise a multi-pronged approach when it comes to protecting your organisation, focusing primarily on raising awareness among your team of what threats look like and how to mitigate them.

Insights from the National Cyber Security Centre show that law firms emerge as prime targets for cybercriminals due to the amount of confidential data they hold, presenting a lucrative opportunity for malicious actors to pursue financial gains through data breaches.

Phishing attacks could be your weak spot

Recent findings reveal that a staggering 79% of cyber-attacks are executed via phishing emails, posing a significant concern for law practices.

These deceptive emails often disguise themselves as legitimate requests for information or access, highlighting the importance of heightened vigilance among legal professionals.

The role of employees within law firms is pivotal in identifying, reporting, and responding to cyber threats.

What can you do to prevent these attacks?

Prioritising cybersecurity awareness and training programs is essential to foster a culture of cyber hygiene and ensure robust protection against evolving threats.

Tailoring these initiatives to resonate with employees’ emotional, behavioural, and cognitive aspects can drive meaningful education and instigate positive behavioural changes to bolster defences against cyber attacks.

During pivotal financial events such as mergers and acquisitions, the risk of cyber attacks escalates as cybercriminals exploit the transitional chaos to orchestrate ransomware attacks and extort firms for financial gain.

In response, law firms must remain vigilant and implement proactive measures to protect their financial data.

Recent incidents such as Allen and Overy’s data breach and the collapse of the Ince Group show the importance for law firms to remain vigilant and proactive in their cyber defence strategies.

Adopting a comprehensive, multi-layered defence approach is paramount for safeguarding sensitive information in the digital age.

How Bob’s Business can help your organisation

At Bob’s Business, we understand the important role of human error in data breaches.

We offer specialised training and awareness programmes, putting employees at the centre of everything we do.

We are the industry-leading, “Most Trusted Cybersecurity Awareness Provider of 2023” that is helping businesses like yours to reduce the chances of being hit with data breaches through engaging, relatable training courses and simulations.

Ready to start protecting your organisation? View our range of courses today.

Free Course: Internet Safety

February 6 marks Safer Internet Day, and we’re supporting this vital global initiative by offering our Internet Safety eLearning course for free.

Our Internet Safety course teaches your staff how to identify risks like malware, phishing scams, and insecure websites so they can avoid online dangers.

With our Internet Safety course, your team will:

  • Recognize common cyber threats like malware downloads and phishing emails
  • Understand how to identify secure vs insecure websites
  • Learn safe practices for submitting sensitive data online
  • Know how to close suspicious pop-ups without engaging
  • Gain the knowledge to react appropriately to dangerous sites

Ready to get started? Interact with the bot below to gain instant access now! 👇

Note: Our free internet safety course offer ends on May 1, 2024.

Get a free QR code phishing campaign

When was the last time you scanned a QR code? Did you know where it would take you, or whether it could be truly trusted?

It’s a gigantic threat to organisational cybersecurity, with QR codes now involved in 22% of all phishing attacks, a fact we revealed in our recent blog on the rising threat of QR code phishing attacks.

The good news is that we’re offering every organisation a free QR code phishing campaign* to test their staff’s vulnerability to this growing threat 😍 simply interact with the bot below to get started.

*Minimum 50 users to qualify, campaign is limited to one email.

Malvertising: Everything you need to know

As 2024 begins, we’re already facing fresh computer and data security challenges – primarily due to advancing AI technology.

It’s safe to say that cyber attacks are growing more innovative and more personal.

While some attack types, like phishing, are increasingly well known, there are other attack types which fly under the radar.

Malvertising is just one example of the latter. According to, every day in 2023, there were 300,000 new malware cases; most were spread through emails and took an average of 49 days to notice.

But what do you need to know about malvertising? Let’s dig in.

What is Malvertising?

Malvertising is a compound word formed from ‘Malware’ (another composite word meaning ‘Malicious Software’) and ‘Advertising’.

Malvertising is the act of disguising malware within advertising, enticing users to click and interact to infect their system. Simply put, using advertising to encourage users to download viruses.

Cybercriminals place malicious code or software within legitimate-looking adverts, often as a pop-up.

Once clicked, the software could do any number of things, none of which will benefit your business.

The true threat of malverts is that you don’t even have to click on one to get infected. You just have to visit the wrong site.

How does Malvertising get approved?

Companies often use third-party ad vendors (or ad servers) to spread their content in a way that will make the most money for their websites.

This can be as simple as signing up to the site and submitting an ad.

Cybercriminals exploit this by initially submitting harmless and legitimate ads to gain the trust and services of the vendor.

Once the ad has been distributed, cybercriminals will switch out the legitimate content for a malvert.

After a few hours, the ad will be switched back, making it seem legitimate again.

Ad servers often have lax or automated vetting processes, making it very easy for cybercriminals to slip malverts through their systems without anyone knowing.

You might have come across a malvertising scam today without even realising it.

These cunning scams can appear on legitimate websites, including the BBC, often as display ad campaigns.

Do you recall any recent adverts you’ve seen alongside an article online?

It’s not to say they were all scams, but this highlights how these threats cleverly hide in plain sight.

Without awareness, a simple click out of curiosity could lead you into a trap!

How to spot Malvertising

Malverts often look legitimate, so spotting one can be tricky.

5 signs of malvertising

  1. Unexpected pop-ups: If you see pop-ups on a website where they usually don’t appear, be wary. Malvertising often uses pop-up ads to trick users into clicking on them.
  2. Ads that look out of place: Pay attention to ads that don’t fit the website’s usual style or content. An ad that looks odd or out of context might be a malvertisement.
  3. Offers that are too good to be true: Beware of ads that offer incredible deals or prizes. If an ad promises something that seems too good to be true, it probably is.
  4. Ads that prompt immediate action: Malvertising often tries to create a sense of urgency, like a limited-time offer or a warning about a virus on your device. If an ad urges you to act quickly, take a moment to think before you click.
  5. Poor ad quality: Look for signs of low quality in ads, such as misspellings, poor graphics, or awkward wording. Professional and legitimate ads usually have a high quality standard, so lower quality can be a red flag.

How can you protect your business from Malvertising scams?

Protecting your business from malvertising requires a mix of smart technology and raising employee awareness.

It’s not just about having the right tools; it’s also about creating a culture of security awareness within your organisation.

Implement Ad Blockers

Use ad blockers on your business’s devices. This can prevent many malverts from appearing, reducing the risk of accidental clicks.

Regularly update software

Ensure that all software, especially web browsers and operating systems, are updated. Cybercriminals often exploit vulnerabilities in outdated software.

Educate your employees

Make sure your staff are aware of the risks of malvertising. Regular training on cybersecurity best practices can be invaluable.

Use reliable security software

Invest in reputable antivirus and anti-malware software. This software can often detect and block malicious activity, including malvertising threats.

Back up your data

Regularly back up important business data. In the event of a malware attack, having backups can prevent data loss and facilitate a quicker recovery.

How Bobs Business can help your organisation

At Bob’s Business, we help educate and empower your employees to spot cyber threats such as malvertising through our engaging eLearning modules, such as ‘Internet Safety‘.

This module trains individuals and organisations in spotting malvertising online and offers practical tips to prevent falling victim to malverts.

Alongside this, we provide up-to-date insights, expert support, interactive learning tools, and customised solutions to ensure your business has the knowledge and resources to stay secure online.

Get in touch with us today to explore our cybersecurity training courses.

What is QR code phishing, and how can your business defend against it?

When it comes to phishing attacks, it’s worth staying alert to the latest threats.

Phishing attacks are the most common form of attack that businesses and organisations face; worse still, they’re constantly evolving to incorporate new technologies and psychological angles of attack.

The latest of those new technologies is QR codes, which rose to prominence during the pandemic and have since become a mainstay of modern life.

In this blog post, we’ll delve into what QR code phishing is, how it works, why it’s becoming a prominent threat, and, most importantly, how organisations can defend against it.

What is QR phishing?

We’ve all heard of QR codes, those square barcodes that have started appearing everywhere, from restaurant menus to bus stop advertisements.

But how often do you scan them without knowing exactly what they’ll do, and where they’ll take you?

Scammers have latched onto this notion and are utilising QR codes in phishing emails, sending you and your team to fake websites where they can trick you into inputting confidential data or unknowingly download malware onto your device.

What makes QR code attacks so dangerous?

QR code attacks pose a serious cybersecurity threat for several reasons. First, they exploit the convenience and ubiquity of QR codes, which most people scan without a second thought. This allows scammers to direct victims to malicious sites effortlessly.

Second, QR codes can direct users to websites that look identical to legitimate ones. Without carefully checking the URL, victims may not realise they’ve landed on a fake phishing site. This enables scammers to steal login credentials and sensitive data seamlessly.

Finally, QR code attacks can compromise devices and full networks if malware is downloaded from a scanned code. A single infected device can provide access to additional cyberattacks.

Why do QR code attacks work?

QR code phishing succeeds because these attacks leverage both psychology and technology.

On the psychological side, QR codes feel harmless to most people. We’re conditioned to scan without thinking. Technologically, QR codes are simple for scammers to generate, allowing phishing sites and malware to be embedded effortlessly.

The ubiquity of QR codes also provides billions of targets. Attacks happen everywhere codes appear – emails, ads, social media posts, and physical locations. With QR codes growing in usage, the attack surface only expands.

Ultimately, combining technological and psychological techniques makes QR phishing alarmingly effective. People underestimate the danger while scammers exploit the system.

How can you spot QR code attacks?

QR codes in emails require extra scrutiny. Here are tips to detect phishing attempts without scanning the code:

  • Inspect the sender’s email address. Does it match the company it claims to be from? Watch for slight misspellings.
  • Check for poor grammar, spelling errors, or unfamiliar tones in the email text. This signals a likely phishing attempt.
  • Be suspicious of emails with a sense of urgency, threats, or other psychological manipulation to entice scanning.
  • Mouseover links without clicking to compare destinations to text. Mismatches often reveal malicious URLs.
  • Verify the email formatting. Low-quality images or layouts may indicate a phishing attempt.
  • Contact the sender directly if you suspect an email is fraudulent. Don’t use the contact info in the questionable email.

Of course, if you suspect an email is a phishing attempt, you should always report it to your IT team.

The growing threat in 2024

The rise in QR code usage in phishing attacks has been astonishing, with 22% of all phishing attacks now including a QR code.

That number is not expected to fall in 2024, either.

With more businesses and individuals relying on QR codes for various transactions, the attack surface for cybercriminals broadens.

Awareness of this threat must be a top priority for organisations, as the potential for exploitation continues to rise.

Risks to organisations

The risks posed by QR code phishing are multifaceted – organisations may face data breaches, financial losses, and damage to their reputation.

Furthermore, compromised devices within the corporate network can serve as entry points for more extensive cyberattacks.

Educating employees about the potential dangers of QR code phishing is crucial in protecting your organisation’s cybersecurity defences.

Protecting against QR code phishing

Mitigating the risks associated with QR code phishing involves a combination of awareness, education, and technology.

At Bob’s Business, we make it our mission to give organisations the knowledge they need to combat the latest cyber threats. That’s why we’re among the first phishing simulation providers to launch QR code phishing templates for our clients.

Learn about our phishing simulation training here.

Ten actionable tips to keep your employees safe online

Have you ever considered how your business’s security relies on your employees’ online habits?

With organisations facing increasingly sophisticated cyber threats, it’s crucial to evaluate your team’s online behaviour and equip them with the essential knowledge and tools to stay safe online.

Let’s explore practical steps to enhance your team’s digital security.

The importance of employee safety online

The importance of protecting your employees online cannot be overstressed.

Each team member is a potential entry point for cyber threats, making their online safety crucial for protecting their personal information and your company’s data and reputation.

Implementing strong online safety measures minimises the risk of data breaches, financial loss, and the potential compromise of sensitive information.

Ten tips to keep your employees safe online

1. Adopt strong password policies

Emphasise the importance of strong, unique passwords for each account to enhance security. Encourage employees to mix characters, numbers, and symbols and avoid common words or phrases.

Implementing a policy for changing passwords at regular intervals helps reduce the risk of breaches, as does sharing our essential password guide with your team!

2. Regular software updates

Stress the necessity of consistently updating all software, including antivirus programs.

Educate employees on how updates often include patches for security vulnerabilities, thus protecting against new cyber threats.

Set up automatic updates where possible to ensure continuous protection.

3. Implement phishing simulations

Deploy simulated phishing training to help employees recognise and report phishing attempts. Explain the common signs of phishing, such as unexpected requests for information or uncharacteristic emails from colleagues.

Regularly update training materials to cover the latest phishing tactics.

4. Secure Wi-Fi use

Advise employees on the risks of unsecured public Wi-Fi networks, particularly when handling sensitive work-related tasks.

Encourage using secure, private networks or a reliable Virtual Private Network (VPN) when working remotely to ensure data security.

5. Two-factor authentication (2FA)

Implement two-factor authentication for an additional security layer on sensitive accounts.

Explain to employees how 2FA works and its benefits in protecting their accounts from unauthorised access.

Regularly review and update the 2FA methods to maintain security effectiveness.

6. Limit access to sensitive data

Establish clear protocols to ensure only employees needing sensitive data access have it.

Regularly review access privileges and adjust them based on current job requirements.

This minimises unnecessary risk exposure and enhances data security.

7. Data encryption

Utilise encryption to protect sensitive data when transmitted and while at rest.

Educate employees on the importance of encryption in protecting data from interception or unauthorised access. Ensure encryption standards are in line with industry best practices.

8. Regular backups

Develop a routine for regular backups of critical data. Explain the significance of backups in preventing data loss in the event of a cyber-attack or system failure.

Ensure that backup procedures are tested and updated regularly for effectiveness.

9. Clear device policies

Formulate explicit policies for using personal devices for work-related tasks. Mandate security requirements such as using antivirus software and regular security updates.

Educate employees about the risks of using unsecured devices and the importance of adhering to these policies.

10. Incident response plan

A well-defined incident response plan ensures all employees are familiar with it.

The plan should outline clear steps to be taken in the event of a suspected security breach, including who to contact and how to contain the incident.

Regular drills and updates of the plan are essential for preparedness.

How Bob’s Business can help your business

At Bob’s Business, we make cybersecurity education beautifully simple for hundreds of organisations.

Our product range is designed to give your team the knowledge they need to spot attacks, tailored to your business needs, ensuring that your team is well-prepared to tackle online threats.

Let us help you build a safer online environment for your team. Get in touch today to find out more!