Why Now Isn’t the Time to Hit Pause on Training

COVID-19 has prompted a global financial slowdown, one which has caught plenty of organisations out. Although hopes of a v-shaped recession abound there’s no denying that, at present, we’re very much on the downswing, rather than the up.

It’s prompted a time of self-reflection and belt-tightening for organisations across the globe. Accordingly, many organisations are halting their cyber security training programs.

We think that’s the wrong path to take. Join us as we share precisely why.

Threats are increasing, not decreasing

The first and, perhaps, most important thing to note about the current cyber security environment is that far from being less active, we’re witnessing more (and more novel) attacks than before the pandemic began, like that which recently resulted in a death in a German hospital.

According to a recent study, cybercriminals are taking advantage of the uncertainty and unfamiliarity of the pandemic to isolate and attack individuals within organisations.

Indeed, spear-phishing attempts using COVID-specific designs and language have proven to be a remarkably common attack vector, as we covered in a recent blog.

With the variety and frequency of attacks increasing, now isn’t the time to scale back cyber security training.

Failure to train now impacts your organisation for years to come

It’s tempting to believe that we can moth-ball our organisation and simply pull it out of storage when the circumstances are more favourable.

However, we know that simply isn’t the case – especially when it comes to training.

Quite simply, the longer your team goes without training, the longer training will take to be effective when you resume. If you’re merely looking to tick a few compliance boxes, that might be fine, but if you’re trying to create real cultural change, it’s a fast track to failure.

For new behaviours to become second nature, it takes continuous training, regular reinforcement and support from across the organisation. Unfortunately, training isn’t a tap that you can turn on and off and expect to be effective.

If you’re serious about empowering your team to protect your organisation, now isn’t the time to pause your training program.

Threats don’t stop at your office doors

Working from home has become the new norm over the last six months, but with the move to home offices and personal equipment comes a raft of potential threats which aren’t found when teams are located in your offices.

Cybercriminals are using the lack of in-house security employed at many larger organisations to make opportunistic attacks on your workforce – many of which have never been seen before.

By abandoning training, you weaken your organisations immune response to threats, increasing your chances of breaches and the financial and reputational damage that it entails.

Want to learn more about how training can help build a cyber security culture within your organisation and create resilience from attacks? Get in touch with a member of our team today.

Report Finds Coronavirus Impact on Cyber Security

To suggest that the Coronavirus, COVID-19, has had an impact on our day to day lives would be something of an understatement. It barely needs repeating, but the global impact of Coronavirus has been staggering, with its impact being felt in virtually every aspect of life.

Case in point? The Coronavirus’ measurable impact on the cyber security landscape.

In the past, we’ve covered the rise in Coronavirus scams, and now a new study from Cynet has revealed the sheer scale of the Coronavirus’ impact on the way cybercriminals are attempting to prise open your security processes and gain access to your systems.

Why has the Coronavirus’ impacted cyber security?

Cynet’s study found that their systems detected a sharp increase in new, sophisticated cyber-threats across its global network, designed to take advantage of the unique circumstances created by the pandemic. Specifically:

  • Staff working from home
  • Extensive use of VPNs to connect to work networks
  • Broad usage of private and personal devices to access work emails
  • Lack of security team presence
  • Conspiracy theories created in the wake of the virus

Together, these circumstances have created a ‘perfect storm’ for opportunistic cyber criminals who are capitalising on the fear, uncertainty, unfamiliarity and confusion of the pandemic.

What has been the effect of the Coronavirus on cyber security?

Critically, their study found that in the confusion surrounding COVID-19, both the volume of attacks and the types of new malware have grown significantly. Cynet break their findings down into two key areas:

New types of malware

Historical data from Cynet shows that roughly 80% of detected attacks utilise existing malware, phishing techniques and malware variants, with 20% of attacks utilising novel versions of each.

However, in the first three months of the pandemic, they detected a significant upswing in novel attacks, witnessing a roughly 35/65 split on new to existing attack types.

This significant jump highlights the opportunistic nature of cybercrime, with cybercriminals quickly designing attacks to isolate and expose individuals within an organisation. 

An increased volume of attacks

Over the same three months, Cynet’s Detection and Response team witnessed a spike in the number of requests from organisations seeking their expertise. From an average of roughly 200 per month in the five months prior to the pandemic, February, March and April saw numbers ranging between 400 and 550. 

Although not indicative of overall global trends, this finding nonetheless highlights that organisations witnessed significant new challenges throughout the pandemic.

Which sectors were the most affected?

When it comes to cyber attacks, no sector is safe from breaches. Whether your orgnisation is large or small, for-profit or non-profit, you need to remain vigilant to attacks. Case in point?

According to the analysis, only one sector saw a decline in attacks: Sports & Education, for obvious reasons.

The rest all saw an increase in the number of attacks with Finance (+32.63%), Food Production (+29.36%) and Retail (+23.42%) particularly affected. The other sectors included IT Technology and Services, Machiner, Oil & Energy, Telecommunications, Manufacturing and Automotive.

What can you do to protect your organisation?

Cynet’s analysis of the Coronavirus and its impact on cyber security highlights one thing above all else – the need for more comprehensive organisational cyber security.

Technological solutions have their place, but with an estimated 80% of breaches occurring as a result of human error, rather than technological failure, it’s essential that you empower your team to protect your organisation.

By giving your workforce the tools they need to spot and stop attacks before they do damage, you can dramatically reduce your chances of data loss and reputational damage.

It’s why our cyber security awareness training is adopted by organisations large and small, and why we’re tireless in our goal to bring everyone together to improve organisational cyber security.

Want to know more? Get in touch with a member of our team today.

Three Business Continuity Calamities

Having a business with no continuity plan is a bit like having a ship with no lifeboats.

While we all like to imagine our lives and organisations will always run smoothly, unexpected events can change everything in an instant. When such events strike, you either have a plan or you don’t. This is what business continuity is all about. You’re preparing for scenarios that could hinder or completely stop your business.

This blog will take you through three real-life examples of businesses that have suffered through a lack of continuity planning and leave you with some top tips you take away to help better prepare your organisation in the event of a disaster.

Ransomware Attack on Atlanta

The SamSam ransomware attack hit the city of Atlanta in March 2018. The Government’s computer systems were targeted, resulting in a number of services shutting down, including police records, parking services, utilities and other programmes. This persisted for five days, meaning many departments had to revert to hand-written paperwork.

The attackers demanded a $52,000 payment to bring the system back online but the full recovery took months. It is estimated to have cost a total of $17 million to fix, with nearly $3 million being spent exclusively on emergency IT consultants and crisis management firms.

In retrospect, this attack had been coming. Two months prior to the attack, an audit revealed that there were between 1,500 and 2,000 vulnerabilities in the city’s IT systems, including ‘obsolete software’ and a security culture driven by ‘undocumented processes’.

Hospitals Infected with a Computer Virus

In November 2016, a network of hospitals in the UK was infected with a computer virus, crippling its systems and halting operations at three separate locations for five days.

In that time, patients were turned away at the door and advised to visit other hospitals, even those who had suffered major trauma or were giving birth. Only patients suffering from severe accidents were admitted.

A report by Computing.co.uk showed that the hospitals had no business continuity plan document in place, which resulted in more than 2,800 procedures and appointments being cancelled.

The Backup Blackout

The California Department of Motor Vehicles suffered a computer outage, which shut down its operations for several days. Several DMV California offices closed with drivers having nowhere to turn to for their license or vehicle registration needs.

Both the primary and secondary backup systems went offline simultaneously because they were within the same facility and shared the same power source. Data security experts were quick to point out California DMV’s backup blunder, noting that it was a disaster waiting to happen.

Remember, backup systems should be stored in a separate location to your primary system. This means that if one backup fails, there is another ready to take its place.

Our Top Tips

Having spent over a decade helping organisations secure information and understand the importance of business continuity, we’ve collected a number of simple, top tips for you to take away and consider for your organisation’s business continuity.

  • Familiarise yourself with your organisation’s business continuity plan.
  • Make sure everyone knows where the external site is in the event of a disaster.
  • Resume business as soon as possible to reduce the consequences.
  • Backup your files on a daily basis to a secondary location to minimise potential data loss.

Business continuity in the age of Coronavirus is more important than ever before. From your cyber security to your data collection, our product helps your staff before the front line in your fight against cybercrime. Learn more about how Bob’s Business can help you now by booking a web demonstration.

Health & Safety: What You Need to Know

According to the latest Health & Safety Executive (HSE) statistics, over 28.2 million working days were lost in 2019 as a result of work-related ill health and non-fatal injuries. Even if we drastically undervalue each working day at 1 penny, this equates to £282,000 in lost revenue.

Health & safety is in everyone’s remit. While employers have a duty and responsibility to provide a safe working environment, all employees are responsible for maintaining it. Remember, your greatest defence when it comes to health & safety is vigilance, foresight and prevention.

The following blog will take you through everything you need to know about health & safety in the workplace, including relevant documentation, employers’ & employees’ responsibilities and ways you can help to keep your workplace safe.

The Health & Safety at Work Act (1974)

The Health & Safety at Work Act (1974) contains wide-ranging guidelines for employers and workers to create a safe working environment.

In short, everyone has the right to feel safe at work and employers are required to protect the health, safety and welfare of all employees and people on their premises.

For a more detailed reference, the Health & Safety Executive website contains the full version and a condensed overview of the Health and Safety at Work Act (1974).

Employers’ responsibilities

Employers are responsible for ensuring the health, safety and welfare of employees and others on the premises. This includes:

  • A safe place and system of work.
  • Safe equipment and machinery.
  • Safe and competent colleagues (employers are also responsible for the actions of their employees and managers).
  • Carrying out risk assessments and taking steps to control or eliminate risks.
  • Appointing a competent person responsible for health & safety.
  • Informing workers about all potential risks of the work process.

Essential Health & Safety Documents

There are two key documents to consider when it comes to Health & Safety:

Risk Assessment Form

Risks are part of everyday life. Something as simple as crossing the road could have disastrous consequences, but that doesn’t mean we don’t do it. We accept risks and minimise them by, in this case, looking both ways and using crossings where possible. Health & safety risks are no different.

Using risk assessment forms, you can identify, mitigate, minimise and nullify these risks to keep your workplace as safe as possible.

Accident Report Form

Your organisation needs to document accidents for various reasons.

Firstly, to highlight the cause of the accident, which can then be assessed using a risk assessment form, and secondly, the severity and nature of injury must be noted for legal reasons.

Top Tips

Over the last 12 years, Bob’s Business has helped organisations of all shapes and sizes secure their information and keep their workplaces safe. Below is a selection of our dos and don’ts for health & safety in the workplace.

Do…

  • Comply with guidelines in the Health & Safety at Work Act (1974).
  • Stay vigilant and report any potential hazards.
  • Complete risk assessments to identify and reduce risks.
  • Record all accidents on accident report forms.

Don’t…

  • Ignore health & safety hazards.
  • Tamper with health & safety procedures.

Ready to learn more? Our Health & Safety course forms part of our comprehensive cybersecurity awareness course catalogue, touching on everything from H&S to GDPR compliance, cyber security and more. Click here to learn more.

ISO 14001: Everything You Need to Know

ISO 14001 is an international standard that provides guidance on implementing and managing an Environmental Management System (EMS). It is effective for organisations of all shapes and sizes, from start-ups to corporate giants.

If you want to help lower your carbon emissions, you’re going to need to change a few things at work. It doesn’t mean you walking miles every day to work and never turning your lights on, just a few simple compromises that will gradually help lower the emissions you produce.

The following blog will take you through why ISO 14001 is so important, the advantages to compliance and how to comply.

Environmental Concerns

Concerns around climate and environmental change have never been as prevalent in society as they are today, with more and more people coming to understand their role in a greener society.

As much as there is we can do as individuals though, making your organisation as green as possible is one of the best ways to improve both your carbon footprint and public perception. Not only that, but going green will actually cut costs for your organisation in certain areas, such as energy.

Worryingly, in spite of the Government’s plan to reduce the UK’s carbon emissions to net-zero by 2050, over a third of businesses have no plan in place.

Benefits of Going Greener

Reducing your carbon emissions can have a number of benefits for your organisation, including:

Reduced Waste, Energy and Costs

Cutting costs without cutting services or functionality is always welcomed. You can increase your organisation’s turnover by saving energy where possible. This could be something as small as opening windows rather than running air-conditioning.

Compliance and Legislation

This can be instrumental in receiving business opportunities or gaining large contracts, where active compliance is often a requirement.

Increased Stakeholder and Customer Trust

Reducing your carbon emissions could give your organisation a competitive advantage by improving your public image and impressing your organisation’s stakeholders.

How to Reduce your Organisation’s Carbon Emissions

You take your first steps towards a greener organisation with the smallest changes. In fact, you may already do some of these things.

  • Where possible, produce double-sided prints in greyscale to reduce paper waste and coloured ink use.
  • If you’re holding a meeting that requires many people to travel, consider using video-conferencing instead to reduce carbon emissions.
  • Reduce your energy expenditure by opening windows rather than using air-conditioning.
  • Chat to your colleagues and see if you live in similar areas. If so, consider car-sharing to divide your carbon footprints.
  • Assuming you live within a reasonable distance of your workplace, you could try walking or even cycling to work, both of which will cut your carbon emissions whilst also improving your health and wellbeing.
  • Another way of improving your health and your organisation’s carbon footprint is to take the stairs instead of elevators, especially if you’re only going up one or two floors.
  • While paper may grow on trees, remember to recycle it correctly using the appropriate bin. This will reduce your wastage and help sustain the environment.

Ready to learn more? Our ISO 14001 course is part of our full course catalogue, addressing key issues like your organisation’s cyber security, ISO and GDPR compliance and much, much more. Click here to learn more.

Download our Free ‘Home Working’ Module Now

“How are you doing?”

It’s a question we’re asking our staff a lot these days. Whether it’s their physical and mental wellbeing, or the safety and security of their home working environment, there’s plenty to consider in these turbulent times.

That’s why we’ve built a new interactive eLearning course called Home Working, and why we’re giving it away for free. It’s our way of helping organisations and individuals get to grips with difficult times.

But what can you expect to learn from our free module?

  • How to secure your home network and protect your organisation’s information
  • How to maintain your mental and physical wellbeing
  • How to stay productive when working from home

We think it’s the perfect tonic for Coronavirus disinformation, anxiety, and the sharp rise in scams and cyber attacks prompted by COVID-19.

Getting started couldn’t be easier, just click here and fill in a short web form and we’ll deliver your course as a link you can distribute to your workforce. For more information, email info@bobsbusiness.co.uk.

Social Web Call Software: A Blessing or a Curse?

The COVID-19 lockdown has completely changed day-to-day life in the UK; we can’t go out, visit family or travel for any unnecessary means.

We humans are innately social animals, which has posed a question for many – how can I see my friends, or speak to my family? Well, the answer has been around for a while, though it has not been very popular until recently.

What is Social Web Calling?

Web call software is nothing new. Organisations have used video conferencing as a way of conducting meetings across long distances for decades, but it never really made the leap into everyday life. After all, if you wanted to see your friends, you could just go and see them, right?

Today, with the rise of social distancing, many of us are taking to social web call software such as Zoom and apps like House Party to stay in touch with our loved ones, chatting, drinking, laughing and, in some cases, quizzing.

These apps allow us to connect with friends and family in group video calls to recreate the social interactions we’re sincerely missing.

Interestingly, video conferencing really doesn’t work if everyone shouts over each other, so you might find yourself having the most civil conversations you’ve ever had with your friends!

Unsecure Interactions

As with any form of social media, there is a dark side to web conferencing software. For example, conversations on these apps are often unprotected, potentially exposing vulnerable adults and children to malicious individuals, which is something that parents should be particularly wary of.

On top of this, the security surrounding these apps is lax to say the least. Just this week, Prime Minister Boris Johnson shared a screenshot of a cabinet meeting taking place over a Zoom video conference.

Number 10 was quickly scrutinised for firstly posting the ID for the chat, which was, fortunately, password protected, and secondly for using Zoom, an app that has previously found itself in the information security firing line.

Zoom advertises end-to-end encryption as a key feature, but have recently been forced to admit that this is not the case, meaning that users’ conversations are not as secure as they are led to believe. This makes Number 10’s use of Zoom all the more worrying.

How to Practise Secure Social Web Calling

Video conferencing solutions often do not prioritise security, or make it an optional feature. This is because security measures often need updating and improving, and so they do not use end-to-end encryption by default in order to preserve quality, which can sometimes reduce the quality of the video stream.

Below are a set of top tips that will ensure your video conferencing remains safe and secure:

  • Use a video conferencing system that is end-to-end encrypted, so that only the participants on the call have the ability to access it and it cannot be made available to third parties.
  • Do not presume that your video conferencing system has the option of encryption enabled. Check in the settings to ensure that this has been turned on.
  • Use a software that supports single sign-on (SSO), as it reduces the risk of your credentials being stolen or compromised.
  • Check your environment to ensure that your video stream does not contain sensitive information.

Is your workforce struggling to adapt to the new working environment? With cyber security attacks at alarmingly high levels, now isn’t the time to drop your guard. Discover how our innovative and engaging cyber security awareness courses are ideal for your organisation today, book a web demonstration or get in touch to find out more.

COVID-19 and the Mobile Working Migration

Home is where the heart is, or at least that’s how the saying goes. However, when it comes to information security, home isn’t as safe an environment as you might think. Hackers already prefer attacking home networks because their security measures are often not as thorough as an organisation’s.

IT departments across the country have been put under unprecedented pressure due to the COVID-19 (Coronavirus) outbreak. Suddenly, organisations are relying on staff working from home in order to continue operating, and many were not prepared for it. This means, in the eyes of cybercriminals, it’s open season.

Ask yourself: Is my network as secure as it could be? If a hacker targeted me, have I done everything I can to protect my own and my organisation’s data? If the answer to both these questions is not a resounding ‘NO’, then you might find this blog on security when working from home useful.

For even more hints and tips – including information for organisations using Office365 – click here to read a piece we produced for our partner Data2Vault!

Phishing At Home

Phishing is the chief cause of all data breaches, accounting for over 90%. While this is still a huge concern for those within an office, home workers have their guard lower and are more susceptible.

To make matters worse, scammers are using the Coronavirus panic as a way of making potential victims click, posing as bodies like the Government and the World Health Organisation (WHO). We have already written about some of these new scams in a blog, which you can view here.

However, if you want a quick read, here are our top tips for how to avoid being phished at home:

  • Be wary of emails that contain links, imply a sense of urgency or ask for login details.
  • Double-check emails for spelling and grammar errors as this is a sign of a phishing attack.
  • Hover your cursor over any links you’re unsure of to check their actual destination.
  • Remember not to give out details online unless you have instigated it.

Covid-19 Ransomware

Phishing attacks on their own pose a significant threat to your personal and organisational security, but when they lead to ransomware attacks, the damage can be catastrophic to an organisation.

Ransomware, which encrypts and locks all data on your device or system, demands payment or will automatically destroy every file it has discovered. With data being the most valuable asset of any organisation, it’s virtually impossible to quantify the damage that mass deletion can cause.

Worse still, coronavirus has birthed a new host of ransomware attacks. Just last week, healthcare workers were attacked with ransomware which used coronavirus as bait.

While we’d strongly recommend following our tips for reducing your risk of being phished to help reduce your chance of falling victim to ransomware, there are steps you should take to protect your data in the event your data is encrypted by ransomware:

  • Run ethical phishing tests on your organisation and target eLearning at staff who fail to spot their nature, to raise awareness
  • If remote users are set up to store their files and data on your organisation’s servers, protect that data with regular backups with cyber scanning and Attack Loop prevention.
  • If your remote users are storing their data on their local systems, then set up end-point malware scanning and detection.

Secure Mobile Working

With current Coronavirus measures forcing so many employees to work from home, and 48% of phishing attacks taking place on mobile devices, it really is like shooting phish in a barrel for cybercriminals.

More than 57% of all internet traffic comes from mobile devices, so it’s no surprise that attackers have turned their focus to mobile employees, especially when you consider that users are 3x more vulnerable to phishing on mobile devices than on desktops.

If you are self-isolating and/or working from home, then remember to:

  • Secure your wi-fi connection by updating your antivirus software and making sure you’ve changed your password from your router’s default. Strong passwords use a collection of random, but memorable words interweaved with numbers, capitals and special characters amounting to more than 8 characters e.g. Pile4Loose2Twix”
  • Regularly update your privacy tools, add-ons for browsers and check your patch levels.
  • Backup your data so that, in the worst-case scenario of staff falling foul of ransomware, all is not lost.
  • Make sure you are using a secure connection. If your organisation’s policies permit its use, consider using a Virtual Private Network (VPN) to connect your PC to your workplace server.
  • Check that you have encryption tools installed.

For organisations looking to make secure cyber behaviours part of their culture, book a web demonstration with a member of our team to discover how our innovative eLearning courses can help you reduce your risk of breaches.

Freedom of Information: Your Guide

Transparency is one of the best ways for your organisation to maintain a high level of trust with its customers and the public.

The Freedom of Information Act (2000) was introduced to provide public access to information held by public authorities, including several guidelines and requirements for organisations to consider.

Failure to comply can have troublesome consequences for you as an individual as well as your organisation. Therefore, it’s important that you understand your roles and responsibilities regarding Freedom of Information (FOI) within your organisation.

What is a Freedom of Information Request?

Anyone can make a request for information from a public authority. A freedom of information request must be presented in writing either by email or by letter. In addition, new guidelines state that you should treat requests made via social media as legitimate.

Requests should include the requester’s name and a reference to the information in question. However, the request does not have to specifically mention all information or the Freedom of Information Act.

How to Reply to Freedom of Information Requests

You have two main responsibilities when replying to a freedom of information request: inform the requester as to whether or not you possess the information and provide that information.

Providing the requested information is not exempt from public release (see the section below), you should respond with all information relating to the request within 20 days.

Selective or incomplete information, or an overview, would not be considered an adequate response to a Freedom of Information request.

Bear in mind that more general requests might need clarification before you adequately answer. In this case, you should contact the requester as soon as possible.

Wherever possible, your freedom of information officer should take the lead role in replying to requests. Remember, you can always refer to the Data Handling Flowchart if you’re ever unsure of how to deal with an information request.

Is Any Information Exempt From Freedom of Information Requests?

There are three main sets of circumstances which would make information exempt from being released under the Freedom of Information Act (2000).

Remember, even if you’re unable to release information relating to a request, you should still contact the requester within 20 days explaining the reasoning for your decision not to release the information.

The three circumstances are:

Class-based

You should exempt any information that concerns a pending legal investigation as this could potentially compromise the case and endanger those involved.

Privilege-based

You should assess whether the information relates to a member of the royal family, or is likely to cause harm upon release. Should this be the case, your reply must state:

  • A negative consequence of the information’s release
  • How the release could lead to this consequence
  • A real possibility of the consequence occurring.

Vexatious

Requests can be deemed vexatious if the information has already been provided to the requester or made available to the public. In either case, a reply should still be sent explaining the refusal and directing the requester to the information.

CCTV Best Practices Explained

While your organisation needs to protect its digital assets, it also needs to protect itself physically. This is why most organisations run Closed Circuit Television (CCTV) throughout their premises.

However, despite so many organisations operating CCTV, many are still unaware of CCTV best practices. There are a number of things to consider from a legal and operational point of view.

The following blog will take you through the benefits of using CCTV, how to use it correctly, when & how to release footage and why it’s important.

Benefits of CCTV

CCTV is paramount to physical security. By being able to record and rewatch footage of your premises, you can identify risks & suspicious activity, keep an accurate record of any malicious activities for later legal action, and maintain the health & safety of your organisation.

From a crime prevention point of view, CCTV is invaluable as a tool for collecting evidence and monitoring risks. For example, if you notice a suspicious individual, you can monitor their activity to see if they return or actually do something to harm your business. The police can then act on this information with video evidence by their side.

Using CCTV Correctly

CCTV cannot be used without first displaying signs that indicate its use. This is so members of the public are aware that they will be filmed when on your premises, maintaining transparency and trust between your organisation and the public.

It doesn’t just stop with signs either. You can’t display CCTV in a location that you cannot justify. The reasons you could use to justify CCTV use include crime prevention and ensuring health & safety.

Lastly, you should regularly check and make sure your cameras are facing the right way and are not obstructed.

Releasing CCTV

There are a number of reasons why you might release CCTV footage.

If a crime has been committed in the area that your CCTV covers, the police may request specific footage to help with their investigation. This is one of the most common reasons for releasing CCTV footage.

Additionally, CCTV footage of a person is classed as personal data, which means that data subjects (individuals you hold the personal data of) have a right to access this information.

Data subjects can do this by submitting a Subject Access Request (SAR). You must respond to SARs within one month in order to comply with the Data Protection Act (DPA) (2018) and the General Data Protection regulations (GDPR).

Remember, when responding to a SAR, do not include any footage that could identify another individual. This would be classed as a data breach.

Top Tips

Bob’s Business has spent over a decade helping organisations protect their digital and physical assets. Below are a number of simple dos and don’ts, which will help you maintain a strong and secure CCTV system.

Do…

  • Always check that CCTV cameras are not blocked and facing the correct way.
  • Make sure CCTV footage is protected and only accessible by authorised individuals.
  • Ensure that footage is used appropriately and deleted once used as it is classed as personal information.

Don’t…

  • Forget to display signs when having a CCTV system in operation.
  • Store data for longer than necessary.