With an intense focus on exterior cyber security threats, it can be easy to overlook just how crucial it is to take precautions when you are printing sensitive information. However, the risks created by leaking data could potentially damage your organisation are very, very real.

Although you might feel secure in your workplace, many organisations share printing services with others, which means that standard printing can leave confidential data exposed.

This blog will take you through the risks of printing, the benefit of secure printing and leave you with some top tips so that you can print with peace of mind.

Risky Printing

Your office printer might not spring to mind as being a security threat, but without consideration, it could present a serious risk to your organisation’s information and resources. In fact, a recent white paper showed that 63% of surveyed businesses had experienced a printer-related data breach.

When printing to a standard printer, if you do not collect documents straight away, you could unintentionally cause an information breach if the prints end up in the wrong hands.

Under the General Data Protection Regulation (GDPR), breaching personal information could result in a fine of up to €20 million or 4% of your organisation’s annual turnover, whichever is greater.

Remember, you should inform your manager immediately if you suspect a data breach due to missing printed files.

Benefits of Secure Printing

The key advantage of using secure printing services, like Follow-Me printing, is that they require you to log in using a username and password before your prints are released.

This means that if you can’t pick up your prints immediately, whatever information you’ve printed will be safe until you log in.

You should never share your username or password with anyone as this could potentially leave your prints unsecure. If you have reason to believe that your password has been compromised, inform your line manager and create a new password as soon as possible.

Remember, you can refer to our Perfect Passwords blog for advice on creating an uncrackable password.

Confidential Covers

Remember, even when using secured printing, confidential cover notes should be added to documents and utilised when printing information with restricted access.

The purpose of confidential cover notes is to deter all those who the document does not concern from reading it.

These pages should state whom the document is intended for and state clearly that it contains confidential information. Also, when collecting prints, you should make sure to double-check that you have only taken your documents, and not anyone else’s.

Top Tips

Having spent over 12 years helping organisations of all shapes and sizes protect their information, Bob’s Business has collected several simple dos and don’ts relating to secure printing…

Do…

• Collect your documents from shared printers straight away.
• Use secure printing e.g. follow-me printing, where possible. This uses password access or an individual ID key pass is needed to collect your prints.
• Use a confidential cover note when printing sensitive documents.

Don’t…

• Take every document from the printer without checking to see if they are yours.

Data has become one of the most valuable assets in the world, making information security more important than it’s ever been. Unfortunately, this has made cybercriminals more driven and dangerous too.

Bob’s Business has spent over a decade helping organisations instil a cyber secure culture to better protect their own and their customers’ data.

Throughout the years, we’ve noticed that employees are often laxer or more trusting in the office than they are outside of work, and don’t understand the importance of constant and habitual data protection. The following blog will explain what Keeping it Clear is all about, why it is important and what the best practices are.

Understanding Habits

We all have habits, but it might surprise you to learn just how much we rely on them. A study showed that almost 50% of people’s daily behaviours are automatic. Your habits are a huge part of your everyday life. They allow you to go into autopilot, conserve mental energy and perform repetitive tasks with speed and precision.

However, habits can also cause problems. For example, have you ever moved houses in the same area only to find yourself accidentally walking/driving to your old address?

Clear Desk by Default

So, why are we talking about habits? Well, Keeping it Clear is all about consistently and constantly maintaining a clear desk, locking away physical documents, securing removable data storage devices and locking your screen.

This is good information security practise, even when you’re only leaving your desk for a moment. Right now, your brain has an automated response when you decide to leave your desk. If this does not include clearing all your documents away, then you could be putting your organisation’s and its customers’ data at risk.

It takes an average of 66 days of conscious thought to break old habits and form new ones. To help yourself remember, simply write ‘Keep Clear’ on a post-it note on your screen. This short prompt will remind you each time you leave your desk unattended.

Why You Should Choose Cloud-based Storage

Cloud-based storage services are a great way of reducing the risk of physical documents falling into the wrong hands.

By uploading documents to a shared cloud platform, which is accessible to multiple accounts that are granted permission to view or edit, you can maintain one online version that can then be shared digitally without having to create multiple copies.

This ensures the integrity of the information as it removes multiple versions of the same document.

Top Tips

In our time working with organisations, we’ve amassed a number of simple, top tips to help protect information in various ways. The following things should help you get into the habit of maintaining a clear desk, and keep your organisation and its information in the clear.

• Keep a clear desktop to maintain the integrity and availability of information.
• Lock your computer when leaving your desk to avoid any unauthorised access.
• Never leave documents or removable data storage devices openly accessible.
• When working remotely, follow the same keeping clear guidelines as you would at work!

With IASME set to take over sole responsibility of administering the Government’s Cyber Essentials scheme on April 1, we’ve cooked up a special offer for any organisation looking to achieve accreditation. That’s right, we’re offering our brand new Cyber Essentials course for free until April 1.

What is Cyber Essentials?

Cyber Essentials is a government accreditation scheme designed to highlight organisations which are proactive when it comes to cyber security and protecting their clients’ and customers’ data.

It is a mandatory requirement for organisations wishing to work with government agencies, building trust and ensuring that data and information is handled in a safe and responsible manner.

Cyber Essentials chiefly aims to provide a clear statement of the basic controls all organisations should implement to protect themselves from common internet-based threats and offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Get Your Free Cyber Essentials Course

Our Cyber Essentials course is built from the ground-up to help you discover whether your organisation is ready to achieve certification. Built on the government’s guidelines, it takes you on a step by step journey to reveal whether you’re ready to take and achieve your accreditation.

Available for free until April 1 2020, it’s the ideal first step on your journey towards Cyber Essentials accreditation.

This course is no longer available as a free download.

Have you ever accidentally sent a group email that contained all the recipients’ addresses in the ‘CC’ field? While this can be an innocent mistake in a personal email, including others’ contact details in a professional email could constitute a data breach

Information classification is vital in maintaining your organisation’s reputation and future, so we’ve created the following blog to help explain what it is, why it’s important, and how to do it.

What is Information Classification?

Information classification is a way of categorising and concealing sensitive information so that it is only seen by those authorised to do so. It defines how confidential information should be handled and protected. For example, your organisation could have a number of classifications, including Public, Private or Restricted.

Your workplace policy should highlight the manner in which each classification is communicated. Remember, disclosing confidential information to unauthorised sources can lead to loss of productivity, customers, reputation and public trust, even if it’s accidental.

However, not all information requires the same protection.

What Should I Classify?

You should consult and familiarise yourself with your organisation’s policy regarding information classification as there may be specific practises you need to be aware of.

However, confidential information, which is not already publicly available, must not be divulged with anyone who is not authorised to access it. The format of this information will vary and therefore requires different methods of classification:

Physical Documents

• All physical documents need to be classified.
• Lock all physical documents that contain confidential information away when not in use.
• When sending physical documents, remember to include a return address, mark the envelope ‘addressee only’ and do not include the classification level on it.

Digital Files

• Digital files containing confidential information should be password-protected on secure networks.
• Employees should only be able to access information if they are authorised to.

Removable Data Storage Devices

• You can place digital files in password-protected folders to reduce the risk of unauthorised access on removable data storage devices.
• Remember, they have a high risk of loss or theft due to their portability and should be locked away when not in use.

Emails

• Email accounts should be adequately password-protected to stop unauthorised individuals from accessing them. If you’re unsure what is adequate, we have recently written about creating the perfect password.
• The classification level should always be added to the subject line, and the information should be encrypted to ensure only the intended recipient sees the email’s contents.
• Remember to use the ‘CC’ and ‘BCC’ fields correctly. Including addresses in the Carbon Copy (CC) field means that those recipients’ addresses will be visible, whereas Blind Carbon Copy (BCC) will keep their addresses hidden.

Why Should I Classify?

Information breaches can have serious consequences for you and your organisation. Due to the GDPR, your organisation could be given a fine of up to €20 million or 4% of its annual turnover, whichever is greater.

Remember, even though the GDPR only applies to the personal data of EU citizens, the UK Data Protection Act (2018) is in place and includes the six security principles of the GDPR.

On top of this, your organisation could suffer reputational damage from a data breach, meaning you could lose relationships with customers and clients due to damaged trust.

To learn more about our Carefully Classified course or any of our other award-winning cybersecurity awareness courses or services, get in touch or book a web demonstration.

If someone offered you £5,000 in exchange for £50, would you do it? While you might spot the scam, hundreds of people are being caught out every day online, losing their hard-earned cash to cybercriminals.

In this blog post, we’ll be taking you through everything you need to know about advance fee frauds, including what it is and how to spot an attack before you fall victim.

What Is Advance Fee Fraud?

Advance fee fraud is a type of scam where a criminal pretends to be someone else and offers a large sum of money in exchange for a significantly smaller, one-time fee.

Fraudsters play on an array of emotions when attempting to steal your cash. They’ll often talk up an ‘incredible opportunity’, which will result in you being rewarded a large sum of money. In the same breath, the fraudster will tell you that the ‘incredible opportunity’ will soon expire, evoking a sense of urgency and making you act rashly.

It’s a saying as old as sin, but if it seems too good to be true, it probably is.

How Can You Spot an Attack?

Some scams will be easier to spot than others. If someone emails you claiming to be a foreign Prince in need of a loan to release his gold reserves, then you’ll probably figure out that something’s not right.

However, if a cybercriminal has done their research, it can be trickier. It all comes down to how advanced the attack is.

There are, however, some tell-tale signs that can help you detect these fraudsters straight away:

Unsolicited Communication

Generally, unsolicited communication is a good sign of advance fee fraud, so you should always be suspicious of emails from people you do not know that arrive from out of the blue.

However, if fraudsters do their research, they may pretend to be from an organisation you trust, offering a promotion you’re interested in. Remember, you should independently visit the organisation’s website or contact them directly to confirm any promotions you may have been sent.

Unbelievable Offers

Very few things in life are free, especially money. As nice as it might seem, no one is going to make you rich for nothing, and you should question anyone who is offering to.

Asking for Payment

If an email is asking for payment, then it’s very clear what the sender wants. Regardless of what they are offering, asking for payment is a strong indicator of advance fee fraud.

Illegitimate Links

If you receive an email that looks in any way suspicious, remember not to click on any links without first checking that they are real. You can hover your cursor over a link to reveal its destination before clicking. This is a good habit to get into generally, especially when using work accounts.

Spelling and Grammar

Legitimate organisations tend to draft emails several times before sending them out, so spelling mistakes are a great way of detecting fraudsters. People receive so many emails each day that criminals bank on you not properly reading their messages. Take the time to carefully read your emails and be wary of mistakes.

Urgency

As previously mentioned, fraudsters will always imply that there is a time limit to their unbelievable offer. This is all part of their plan. They don’t want you to go away and think about the legitimacy of their offer. They just want you to act and send them your money as quickly as possible. Remember, any unsolicited communication that is trying to make you do something in a rush should not be trusted.

According to a 2017 Economist article, data has overtaken oil as the most valuable resource the world has to offer. It’s a startling claim, but not an untrue one.

In the modern age, virtually everything we do produces data. From the journeys we take every day to the websites we browse as we sit in front of the TV at night, everything is recorded in vast data sets, which are extremely valuable to the organisations that hold them.

Naturally, where there’s value, criminals will always attempt to cause damage. However, that’s not the only threat. Human error can result in massive data loss too so backing up data is absolutely essential.

In this blog post, we will take you through everything you need to know about backing up data, including what it is, why it is important, and how to do it.

What is a Data Backup?

A backup is simply a copy of your information that can be accessed in the event of the original information being lost or compromised. Think of it as a snapshot of your system, which you can go back to if something happens.

If you have Cloud storage on your phone, then you may already be familiar with how this works, and its benefits. For example, if you had an album of sentimental, baby photos on a phone that used Cloud storage, you would be able to access the photos online if you were to lose your phone.

Backing up your organisation’s data would enable the same protection from loss.

Why Backup Your Data?

Storing sensitive data without a backup is a bit like having a football team with no subs.

From a financial point of view, losing data can be catastrophic. This could be because customers no longer trust that you can protect their personal information, or because you have physically lost customer data and are unable to re-establish the relationships.

On top of all this, the Information Commissioner’s Office (ICO) can impose cut-throat fines for data protection non-compliance, which is the last thing you need after a data breach.

How to Backup Securely?

Bob’s Business has spent years helping organisations instil a cyber secure culture, including how to backup sensitive information. Below is a selection of Bob’s Top Tips, taken from our NCSC-accredited Cyber Security Awareness module, which boasts engagement rates of over 90%.

• Your backup storage should be at an external site. This would mean that if your primary site was compromised, your information wouldn’t be.
• Many Cloud-based storage systems offer an auto-save option, which saves work as it’s being done and lowers the risk of loss. You can implement automatic saving into your work software, or introduce a daily backup policy for your staff.
• Remember not to power off any device that is performing a backup as this could result in the data not being saved correctly.
• Use multiple backups in multiple locations to drastically reduce the risk of data loss.

To learn more about Cyber Security Awareness or any of our other innovative cyber security awareness eLearning courses, click here or get in touch.

2019 was a big year for cyber security breaches, and even Christmas couldn’t slow that train, with one last story yet to hit, one that included the breach of personal details for over a thousand new years honours recipients.

The list included the likes of Sir Elton John, TV Cook Nadiya Hussian along with senior police officers and Ministry of Defence staff, making this a major data breach and putting the government’s data protection policies and staff cyber training under serious scrutiny.

The New Years honours list was only supposed to contain the names of individuals, their roles and the honours awarded to them. However, the list mistakenly included their full home addresses and postcodes.

It was published on the Gov.uk website on Friday 27th December instantly generating comments on social media probing the data provided on the list. Although quickly removed by the Cabinet Office within an hour of its publication, the list had been copied and widely shared.

The government could now face legal action from those whose addresses were published, as well as further sanctions from the Information Commissioner Office (ICO).

What should have been a proud and momentous moment in the lives of those to be honoured has now been overshadowed and dampened by the breach of their personal details.

Indeed, any individual who was on the list and is thought to be a raised threat will be visited by the police to offer security advice. It not only tarnishes what should be a truly wonderful day, but it has also caused immense reputational damage to the involved parties too, something that could take months, if not years to rebuild.

Human Error to Blame?

When interviewed on Radio 4, Lord Kerslake, former head of the civil service, suggested ‘human error’ was to blame, questioning whether employees had been given sufficient training on data regulations.

Despite this, lawyers who specialise in data protection believe the ICO will regard this as a less serious case of human error and may let the Cabinet Office escape with a warning about improving its practices. If, however, the ICO decides to make an example of the Cabinet office, they could face a fine of up to £17million under GDPR regulations.

The story is another example of how one thoughtless click of a button can lead to front-page news.

More than individual error though, organisations must do much more from the top downwards to secure their data. Without education and awareness of data protection and regulation, can employees really be made responsible for their cybersecurity habits and attitudes?

It’s easy to point the finger at the individual who published the data, yet if more awareness and training had been instilled throughout the Cabinet Office, the individual responsible may have taken that little step back and thought twice about their actions before they clicked the publish button.

What Needs to Be Done?

Despite most employees striving to do their best, mistakes do happen, and unfortunately, in cases such as this, they can have disastrous consequences for both the organisation and those directly affected. The mistake may not feel like a ‘big deal’ for those unaffected but the same can not be said for the victims.

The information was personal, intruding on the recipients home and family lives. More training and education on data handling is pivotal and individuals need to think more seriously and deeply about how would they feel if personal information about them was made available to the general public.

If employees are unaware or have a lack of education on the risks involved in the handling and protection of data then ultimately it’s not a matter of if a breach will happen, but when a breach will happen.

With over 90% of data breaches occurring as a result of human error, awareness training and education on cyber security has never been as important as it is now.

Disappointingly, investment in awareness training remains at critically low levels in many organisations, despite the fact that the cost of awareness training is a drop in the ocean compared to that of a data breach. In 2019 the average cost of a data breach was £4,180 for small firms, £9,270 for medium firms and £22,700 for large firms in 2019.

The damage doesn’t stop there, however. With data breaches now more publicly reported in the media, organisations also face the footprint of reputational damage, putting doubt and uncertainty amongst the mindset of both current and potential clients.

Want to Avoid Your Organisation Falling Foul of Human Error?

At Bob’s Business, we believe in small changes making big differences.

We’re here to bring cultural change to your organisation so that your workforce is always vigilant to the ever-growing landscape of cyber security threats and can protect business-critical information.

Our cyber security courses:

• Are uniquely designed to help change cyber security cultures within your organisation and reduce the likelihood of your organisation falling victim to cybercrime
• Increase accountability within your organisation
• Offer advanced reporting and help deliver measurable progress

Find out more about our award-winning cyber security awareness training and how we can help instil a culture of cyber security throughout your organisation.

A Personal Note

On a personal note, Bob’s Business would like to express our delight that Nicola Whiting from Titania has been awarded an MBE for her services to International Trade and Diversity, whilst Dr. Emma Philpott, IASME’s Chief Executive Officer, was also awarded an MBE in 2019 for her services to cyber security.

Thee Data Protection Act, originally signed into law in 1998, has had a profound impact since its introduction over 20 years ago.

Rewriting the rulebook for how businesses process data, the Data Protection Act 1998 ensured that customer data is given appropriate value within organisations. In 2018, it was brought up to date to incorporate GDPR and ensure that it meets the demands of the digital world we live in.

Far from an abstract threat to an organisation, the Data Protection Act is actively pursued by the ICO, and can result in massive financial and reputational damage if not closely adhered to.

In July 2019, the ICO served an £80,000 fine to a London-based property company for failing to implement access restrictions when transferring financial data of both landlords and tenants.

They aren’t the only organisation to recently fall foul to the Data Protection Act 2018, either. In October 2018, Bupa was fined £175,000 for failing to prevent a massive data breach, which compromised the personal information of up to 108,000 international health insurance companies.

What Should Businesses Do to Protect Themselves from Falling Foul of the Data Protection Act 2018?

Inevitably, information will have to be shared within an organisation, so simply not handling data isn’t an option.

Instead, organisations should ensure that everyone within the organisation is aware of the kind of data being handled and the repercussions if this data is breached. No one wants a Data Protection scandal lingering over their heads.

First and foremost, businesses need to be aware of the seven principles of the Data Protection Act. These principles are the cornerstones of data protection and ensuring that data is not lost, stolen or copied without consent.

If those at the top of the tree aren’t aware of and on board with these principles, then it will be impossible to spread the message down to employees. This is where many companies fail.

Data Protection needs to be seen as a serious issue and not an afterthought to fill quotas.

The human factor should not be underestimated. With this in mind, businesses must ensure that their staff are trained in the principles of Data Protection. Failure to do so could lead to sensitive information being leaked, which will damage the organisation’s reputation and could lead to financial consequences.

Bob’s Top Data Protection Tips:

• Make sure that whoever is in possession of the data understands they are responsible for it.
• Do not throw away data in the bin unless it is securely locked or it has been shredded.
• Encrypt all your sensitive data – use two-step authentication to add an extra layer.
• Always verify a customer’s identity when a request for personal information is made.

Our Data Protection training module ensures all staff are aware of every principle of the Data Protection Act so they handle data with care.

The module walks users through different types of data, the precautions that need to be in place and how they should dispose of information once they have finished with it. End-users must be aware of the principles that make up the backbone of the Data Protection act, so our bite-sized module is the perfect solution.

To learn more, get in touch with a member of our team or buy our data protection course online.

How would your office function without email? Ever since its popularisation in the 90s, offices have made email an indispensable part of their everyday workflow. From arranging meetings and placing orders to organising the annual secret Santa, email has proven vital.

Whilst email has undoubtedly been a force for good, it isn’t without its perils. From emails sent to the wrong recipient to data leaks, there’s plenty of ways the humble email can turn dangerous.

It’s why good email etiquette is essential within an organisation. Oftentimes, breaches are as a direct result of uneducated email habits. It’s an under-appreciated piece of the cyber security puzzle, which is why we launched our Email Etiquette course to help shape workforce behaviour.

But what are the biggest contributors to email fails?

What Is the Biggest Contributor to Bad Email Etiquette?

Ask anyone about their email pain-points and you’ll hear one issue above all others: CCing (especially when it involves people who do not know each other).

The issue of when to CC and when to BCC is a crucial one for workplace security and, if you ask around your office, you’ll find that at least one of your colleagues has accidentally copied unrelated recipients into an email using the ‘to’ or ‘CC’ functions rather than the ‘BCC’ function.

What makes it such a common issue in the workplace? Well, there are a few theories.

One theory suggests that long days in the office mean lower concentration levels, resulting in seemingly innocuous mistakes. It’s a great case for regular breaks, even if it’s just a quick stroll across the office to chat with somebody!

That will certainly play a part, but the larger issue is training. Quite simply, few organisations train their employees on the correct way to handle emails. In fact, many people don’t even know that these functions exist.

What’s the Problem with Failing to BCC?

When you send emails without hiding personal email addresses with BCC, it allows those in the chain to access everyone’s information. From there, it’s trivial to launch spam, chain mail or even phishing attacks.

The knock-on effect from BCC misuse can be catastrophic to the reputation of a business. If not dealt with care, reputational and financial damage are realistic outcomes.

How to Avoid Email Disaster

Next time you send an email, make sure you follow Bob’s tips to avoid a potential disaster:

• Make sure you use the ‘BCC’ function to hide email addresses when sending emails to unrelated individuals.
• Make sure you proofread your emails more than once before sending them.
• If you do send an email that contains personal details that it shouldn’t, then make sure you are sensitive to the victims and apologise straight away.
• Enable a delay on emails so you can retrieve them within a set time limit in case you have realised you have made a mistake.
• Note that emails have the same legal status as letters, so pay attention to any disclaimers or legal notices on emails sent to you – they can be actioned.

What Makes a Professional Email?

There is no science to writing an email that’s perfect for an office environment, but there are a few tips to making sure an email looks friendly, yet professional.

A few things to consider include:

• Never start an email with the word ‘Hey’.
• Try to avoid humour because it tends not to translate well in text.
• Avoid using emojis.
• Maintain a clear and serious tone.
• Try to limit your use of exclamation marks, it can look unprofessional.
• Proofread your emails more than once before sending.
• Include a meaningful and straightforward subject.
• Avoid the use of caps-lock, as this can come off as aggressive.

Good email etiquette isn’t something that can be mastered in a day, however. That’s why we recommend rolling out our Email Etiquette module across your workforce to help protect your valuable data and your reputation amongst the business community.

The festive season is upon us – a time of the year that some love whilst others loathe.

Millions of people online will be rushing to bag themselves 60% off the latest tech gadgets or get two for one on their friend’s favourite gift set. With all the hype and rush that surrounds Christmas shopping, we can easily be drawn into making impulsive decisions that feel great at the time, but we later live on to regret.

To help you shop safely online this Christmas, we’ve put together a quick 7 part guide to ensure that you don’t bite on the bait that’s feeding cyber criminals.

How To Be Safe When Shopping Online

1. Be vigilant when using public WiFi networks

Mobile shopping is now part of the mainstream retail experience, so much so that mobile sales accounted for 34.5% of total ecommerce sales in 2017, with this figure set to rise to 54% by 2021.

If you’re sat in the coffee shop browsing online catalogues, it is sometimes tempting to connect to free public WiFi hotspots to get a faster, more reliable connection and save on mobile data.

But be AWARE. Public WiFi has significant security vulnerabilities. Cyber criminals are easily able to position themselves between you and the router, meaning that when you go to put the all-important payment details in, they are able to intercept all of your personal information.

To find out more about using Public Wi-Fi, take a read of our guide here.

2. Look out for the SSL

When visiting a website, make sure to look out for an SSL certificate and padlock in the web address bar of your browser.

An SSL certificate shows that data you are sending to a website and the data a website is sending back to you is encrypted and secure. Just remember though, this doesn’t mean the website isn’t malicious!

3. Avoid phishing attacks

When Christmas shopping deals are coming at you thick and fast, it’s easy for security to slip your mind.

Cyber criminals know this so they look forward to this time of year because they see the average consumer rushing around to snatch deals as easy pickings.

Phishing attacks can take all sorts of forms, but the ones to watch out for are spear-phishing attacks. These are when phishing emails are tailored made increasing the likelihood of deceiving the target into giving away sensitive information or clicking a link containing malware such as keyloggers.

For instance, if a cybercriminal knows that you’re either in the market for a new laptop, or if your laptop is 3-4 years old, they might create a fictitious offer for the latest HP Envy so it has an increased chance of drawing you in.

Some things you can do to spot the signs of a phishing email are:

• Check the sender’s email address. Has the email come from who it says it’s from?
• Check the spelling and grammar in the email. Large scale organisations will have staff dedicated to making sure that all their communications are error-free.
• Make sure that the links in the email aren’t taking you elsewhere. You can see where a link is going by hovering over it without clicking.

So, if you receive an email from Amazon with an amazing offer that you think is too good to be true, just remember, that’s because it probably is!

4. Check user reviews
If you are uncertain about the authenticity of a website that has a Christmas deal that tickles your fancy, it is good practice to do an online search for that company.

If there are plenty of reviews shouting praises about the brand, great! Shop to your heart’s content! (don’t let your guard down too much though!)

If there are lots of negative reviews, or even none at all, you should probably think twice about that offer.

5. Keep your anti-virus software up to date

Having anti-virus on your computer and smart device is highly recommended, as it can protect you from a wide range of attacks, basic or complex. Keeping anti-virus up to date is almost as important as having some in the first place. Keeping it up to date can keep your devices protected and keep your data safe!

If you don’t have any form of anti-virus protection, go get some now and come back to this blog later.

6. Pay by Credit Card

Before you enter any payment details, make sure to use some of the tips in this guide to ensure you are buying from a genuine and secure site.

When buying online, we would advise using a credit card opposed to a debit card. Credit cards offer much more protection against fraudulent charges, in that debit cards are NOT automatically covered by payment protection insurance but credit cards are.

Under Section 75 of the Consumer Credit Act, credit cards must provide protection for any purchases that are above £100 and below £30,000.

7. Train yourself

Taking the time out to make sure that you’re knowledgeable on how to keep yourself safe online in the first place can save you a lot of anguish later on.

Our online cyber security training courses are packed full of useful tips and presented in a concise and entertaining way, making best practices accessible to all.

Having read this blog, you should now be much better prepared and vigilant when it comes to shopping safely online.

Here at Bob’s Business, we are the experts when it comes to training your organisation on how to be more cyber resilient against the growing rise of cyber threats.

Want to find out more about how our award-winning cyber security training can help you and your organisation? Try our free demo course today to get a taste of the action.