When you think of hacking, you may think of a stereotypical cyber-criminal sat in their basement remotely attacking organisations and servers in order to gain unauthorised access to systems. However, this isn’t always the case as most people seem to overlook one very basic security concern, shoulder surfing!

Shoulder surfing is technically another form of hacking as it allows users to “gain unauthorised access to data in a system or a computer”… But not everyone treats it the same as a full-scale attack where one remotely forces their way to your data.

What is Shoulder Surfing?

So what actually is shoulder surfing? The hint is in the name. It’s the act of hovering over someone’s shoulder whilst they are working on their computer. During this time, you may see what passwords they enter, how their network is configured and what sensitive files they have on their computer.

You no longer need fancy, expensive keyloggers or to spend thousands on deploying malware on websites, you just have to watch over their shoulder and see what they type.

Shoulder surfers can use physical tools such as binoculars, video cameras and some vision-enhancing devices to help them spy on your computer from a further away distance.

How can you avoid shoulder surfers?

Avoiding shoulder surfing attacks across an organisation requires concerted cyber security awareness efforts to change behaviour. However, on an individual level, it’s possible to follow these tips to dramatically reduce your chances of falling victim of shoulder surfing:

Install a privacy filter

One way to negate a shoulder surfer would be to install a device on your screen called a privacy filter. Most people tend to think this is some form of program or software that is installed on your machine, but instead, it’s almost like a screen protector like you would apply to your phone.

Privacy filters are made out of polarized sheets of plastic which removes all screen visibility except for users that are sat straight in front of the screen. All a shoulder surfer would see is a black screen, so rest assured they can only see your device if they’re sat in your place, which should be easy to spot.

Sit away from people or form a physical barrier

If privacy filters aren’t for you, you should also be mindful to tilt your screen away from people next to you so they don’t have an easy line of sight to your content. You may also want to create a physical barrier such as folders, binders or any other object to negate line of sight.

Another useful tip is to avoid doing work in crowded areas. Try to refrain from doing work in cafes, airports, hotel lobbies and other very popular public spaces. All of these locations make you an easy target and makes the shoulder surfer much harder to spot.

Use a password manager

Criminals like to watch you input passwords or follow your keystrokes when on a sensitive page. But how can you stop their eyes from tracking the credentials that you enter? One popular solution for storing passwords would be a password manager. Using one of those, you’ll no longer have to manually enter your password as the fields autocomplete themselves. Say goodbye to key watchers as you’ll no longer have to enter your information.

Always be under the assumption that you’re on camera. I’m not saying be paranoid in public all the time, but imagine that your every move whilst on a computer is being recorded. It’ll help you be more cautious with what you do on your machine to help negate shoulder surfers.

Use two-factor authentication 

We would also recommend having some form of 2 Factor Authentication setup on all of your accounts. Therefore, if they do manage to spy on your password or login details, they’ll still need your mobile or another external device to approve the login.

One report shows that new technology has progressed to the point that an optical illusion can be implemented into smartphone logins which can easily thwart the plans of a shoulder surfer.

The new technology claims that by manipulating spatial frequency and several images, they can trick people into seeing different images depending on your distance from the device. Therefore, you may see someone entering ‘1234’ as their pin, but as the app randomises the order for each login attempt plus the different image, you probably entered something completely different to what they think.

In conclusion, shoulder surfing can be extremely effective and a much cheaper method of gaining sensitive information. Although difficult to spot, they can be deterred if you take our advice on board.

It’s that time of year again, some people at home are carving pumpkins and others will be sitting down to binge their favourite horror films.

Some of our personal film favourites include Friday the 13th, Nightmare on Elm Street and Shaun of the Dead, but one thing that makes us want to hide under the covers is the headlines about data breaches that we see on a day-to-day basis.

This year we’ve seen the likes of British Airways, Uber and even Facebook fall prey to cybercriminals and other parties looking to steal or misuse the crucial data of their customers/users.

To get into the spirit of Halloween this year, we’ve picked out 3 real cyber security horror stories that send chills down our spines.

Cyber security horror stories

1. Hackers remotely take control of a Jeep while somebody drives it

In 2015, Wired magazine carried out an experiment where they wanted to see what could be done if somebody was to wirelessly hijack a Jeep Cherokee – except they did this in a real-life environment, while the magazine’s editor was driving it down a highway!

The hackers got up to all sorts of mischief at first by switching the radio to different stations, turning on the windscreen wipers and blasting out cold air through the car’s air conditioning system.

Then, the experiment got took to the next level, the hackers cut the transmission as the Jeep was coming up to a long incline on the highway. The Editor said that he started to frantically press the accelerator, but to no avail, the car started to slow down with an 18-wheeler truck bearing down behind it.

Thankfully, the hackers didn’t put the Editor in much more danger and he finished his nightmare car journey unharmed. But it does raise the question about the world we’re entering with the Internet of Things.

If you want to read the full story about Wired magazine’s hacked Jeep experiment, you can do so here.

2. Wannacry attack on the NHS

In May 2017, around 40 National Health Service organisations and some GP practices were affected by a global ransomware attack that locked down computers containing patient data demanding payment of €300 (£230) in the virtual currency Bitcoin.

The malicious encryption program, named WannaCry, exploited a flaw in Microsoft Windows XP and spread throughout the organisation’s network after gaining access when an NHS employee clicked a link in a phishing email.

It is estimated that 6,900 appointments were cancelled as a result of the attack, but it’s not known the full extent of the disruption caused to GP appointments, ambulances and other NHS trusts.

The scariest part was how far the malware spread and it was reported to have infected organisations from more than 70 countries. As well as the NHS, other organisations were affected including US delivery company FedEx and car manufacturers Renault.

Microsoft released a patch that fixed the vulnerability before the attack, however people failing to update their Windows machines so the WannaCry encryptor was able to spread across the world like a zombie virus.

As well as creating a case for educating employees about avoiding the risks of phishing emails, it also demonstrates that organisations should make sure they have their own zombie survival/business continuity plan ready.

3. Cambridge Analytica and Facebook

Picture this, you’re scrolling through your Facebook feed and you come across one of your friends sharing a personality test, while you’ve got some time to kill you decide to take it.

Fast forward a few years and you find out that the personality test was just a way for an organisation to access not only your personal data, but your friend’s data as well.

This is the story of many people whose data was harvested in the Cambridge Analytica and Facebook scandal.

If you’d like to know more about the Facebook and Cambridge Analytica scandal, we covered the full story and the consequences of it in a blog post.

Reminiscent of something out of George Orwell’s 1984, Cambridge Analytica used a personality quiz to harvest the data of over 50 million Facebook users, most of those were in the US. This personal data was then allegedly used to influence the results of the US 2016 Presidential Election.

While this isn’t necessarily a cyber security story, it’s a data protection story that people need to be more vigilant about who has access to their personal data and what information can be put online.

If you want to make sure your organisation doesn’t become one of these horror stories, discover our cyber security training and begin the process of turning your employees from weakness to strength.

Imagine this scenario: It’s been a long day. The client visit went well, they seem happy with what you’ve presented. Later when on the train home, your attention gets drawn away from the client data on your laptop, so that you can play your favourite mobile game to pass time on your commute.

You hop up and step through the train door, and begin walking to the car park. As soon as you get to the ticket barrier you stop. You got on the train with a laptop but you got off it with only your phone in hand.

As the train leaves the station, you catch a glimpse of the open lid, unlocked laptop sat on the tray table of where you were just sitting.

The laptop you just left on the train contained an offline database of information for your clients’ employees who you have just visited. Luckily, the laptop has a password on it, right?

Well it does, but the laptop was left unlocked, therefore the password is pointless.

Why losing a laptop can seriously compromise your security

The information on the laptop contained email addresses, names, contact numbers and positions in the company. If a criminal manages to get their hands on this information, there’s no saying what they could do.

Targeted phishing, selling the information, blackmail, and much more. Worst of all, if the new client suffers a data breach as a result of this, YOUR company can be held responsible.

Not only that, the laptop can enable access to all of your company’s internal communications; including your emails, documents, downloads, and notes. Confidential client information, staff information, can all be accessed in seconds by anyone that finds the lost laptop just sitting there. This then becomes a big deal. The cost of replacing the laptop could become the least of the worries. A data breach can be costly, in not only money and time, but in the reputation for your company.

In 2018, the ICO (Information Commissioner’s Office) fined Heathrow Airport £120,000 when a member of staff lost a USB stick which contained sensitive information of up to 60 people in over 1000 files. The USB was found by a member of the public last October and was not encrypted or password protected.

How to work safely whilst on-the-go

It is the responsibility of the employer to make sure that the equipment they provide is safe and secure for those working remotely, however it is your responsibility (the employees) to make sure that any mobile working equipment is used in a secure manner. Your IT manager (or equivalent) should ensure that all devices are logged and up to date. Who has them, when they have had them from, and where the device will be.

This is where staff training becomes an essential part of your security strategy. If employees are made aware of best security practices through the reinforcement of key cyber security training messages, cyber security becomes second nature to employees, which means leaving the laptop unlocked or even worse, losing the laptop, becomes far less likely, in turn reducing ease of access for criminals to exploit.

Some companies install trackers in their devices and equipment to ensure that if they are stolen or lost, they can be easily traced. Something else IT managers and HR should do is ensure the staff are all up to date on the mobile working policy. This outlines to staff how they are expected to look after equipment when out and about, and how they can avoid mistakes such as those outlined above.

Our mobile working course outlines the importance of keeping your devices secure whilst working on the go, and how to do so in a clear and engaging way. Using interactable animations and videos, the course will talk you through key points, such as leaving devices unattended, correct storage procedures, connecting to unknown networks, and much more.

To get a taste of the action and find out in more detail of how our training can help your organisation, try our FREE demo course today.

Every year on the 5th of February, we help celebrate Safer Internet Day; a day to inspire a national conversation about using technology responsibly, respectfully, critically and creatively.

As the use of computers and other internet-enabled devices skyrocket, people are becoming more and more susceptible to cyber attacks than ever before. Criminals are figuring out new and impressive ways of stealing your data.

However, as criminals figure out new ways to circumvent existing defences, there are numerous dedicated individuals and organisations out there who are finding ways to protect and defend against attacks. At Bob’s Business, cyber security awareness is in our DNA. It’s what we do, what we love and what we believe everyone should be educated on.

Here’s a quick guide on how you and your organisation can combat cyber attacks and stay safe on the internet.

What is a cyber attack?

The term “cyber attack” is a very, very broad term. A cyber attack can range from something as simple as someone being tricked into having their Facebook password stolen, to total international warfare with the intention of destroying the infrastructure of an entire country.

In this blog we will be focusing on the different types of cyber attacks that your organisation, your colleagues and you personally may encounter and how you can prevent you and your organisation becoming a cyber criminal’s next victim.

What are the different types of cyber attack?

There are many types of cyber attacks, in fact there are far too many to list in this blog, so we’ll just list off a few of the more ‘popular’ ones.

• Denial of Service attack – An attack with the intent to shut down or cause  a web based service to go offline.
• Man in the middle attack – An attack carried out by intercepting communications between two unsuspecting parties, without either being aware. Often used to steal information such as passwords.
• Phishing – An attack that is often carried out by an email (Vishing and smishing can use phone calls and texts respectively), that pretends to be someone trustworthy to get you to hand over details or money.
• SQL Injection – An attack that takes advantage of an exploit in certain databases on the web to gain information from them.

How can I prevent cyber attacks?

Preventing a cyber attack from happening in the first place is often the best way to try to do things, simply because the risk is minimal to yourself or your organisation. There are a number of measures that can be taken regarding cyber attacks. These fall into 2 main categories:

• Prevention
• Detection

The best way of defending yourself against cyber attacks is to avoid making yourself a target. Though most people wouldn’t, it’s not a good idea to go around bragging on Facebook that you’ve just got a massive pay rise, or won a lot of money, as this can make you the ideal target for a criminal looking for their next victim.

Generally people that fall victim to targeted cyber attacks haven’t done anything particularly wrong, they may have fallen victim to a phishing email or another social engineering exploit. This is where training comes in.

Learning about what makes phishing emails stand out from a legitimate email is the best preventative measure. For instance, banks will NEVER send you an email asking you to divulge your password details.

The majority of companies who have an online presence have the capacity to trigger a password reset for you, and they can’t see your password. The way this is done is by using a one way “hash” of your password.

Effectively this scrambles your password into a string of random letters, numbers and symbols. Then, the system you’re logging in to just sees this hash, and if it matches the one they have on record, they let you log in. These hashes are often at least 128 characters long, and a completely random mix of numbers and letters, so there’s very little chance that somebody could guess it, and it would take an average modern computer an incredibly long time to crack (thousands of years in most cases).

A bank would already have all of your details, why would they need you to send them over? It’s small things like this that most people can miss, but it’s also small things like this that can give people access to your life savings.

If you do ever receive an email from a bank, or a company you have an online account with asking you to change a password, or “CLICK HERE TO CLAIM YOUR FREE 3 MONTHS SUBSCRIPTION!” chances are, it’s false.

Prevention of cyber attacks

Training is a large factor in business security, as there can be a lot of staff members, using a lot of machines, receiving a lot of emails at once. It’s easy to blame Gary from the sales department when he opens a malicious email, but if he isn’t aware of the threats and cyber security vulnerabilities that every employee now faces on a daily basis, then who is to blame?

Other methods businesses can take is simple network topology, or the way the network is physically laid out. For instance, you wouldn’t have your building’s router in the lobby where any person could walk up and plug into it, would you? You should have it behind a locked door, accessible only by those who need it.

Then comes the more technical aspect – Network Intrusion Prevention Systems. The way these systems work is by stopping unauthorised access to the network. There are many ways to go into detail but a great starting place would be using a series of whitelists and blacklists on your browser to decide who has access

Detection of cyber attacks

Finally we come to Detection of Cyber Attacks. There are two ways you could do this. The first is by using a Network Intrusion Detection System (NIDS). NIDS generally use “rules”, these rules can be custom written or installed as “prefabs” of sorts, rules that already look out for the most common types of attack. These will tell the program what should and shouldn’t be happening on the network, and in turn the program will notify whoever it needs to, and or take action automatically.

The second method is simply by observing, which is generally the way most people do it. This simply means frequently checking bank statements, keeping an eye on internet speeds. However, the results of this will only really be visible once the attack is in progress or completed and the damage has been done, whereas a NIDS can track an attack from start to finish, regardless of how long the attack takes.

 

On Friday it was announced that Facebook was hit by a cyber breach that attacked up to 50 million user accounts. The company indicated that criminals exploited a vulnerable feature due to a software bug which enabled the hackers to act like users on their profile; also referred to as the ‘View As’ option,  a privacy feature enabling users to see what their Facebook profile page looks like to visitors, including individuals who they are not ‘friends’ with on Facebook.

What happened in the facebook attack?

In 2017, Facebook inadvertently introduced three vulnerabilities in its video uploader. When using the “View As” feature that enables you to view your own profile from someone else’s perspective, the video uploader tool would occasionally display, when it shouldn’t at all. When it did appear, this generated an access token using the person who the profile page was being viewed as. If that token was obtained, an attacker would then have the credentials to login as that user.

Hackers exploited code associated with the feature that allowed them to steal “access tokens” that could be used to take over people’s accounts. Although the codes are not passwords, they allow individuals to sign into an account without the need for a password.  Access tokens are a set of codes generated once the user logs into an account for the first time. This saves the user from having to re-enter their login details every time they go to a new page. According to Facebook, users’ passwords were not revealed in the data breach, though impacted accounts did have to re-login into the social network on Friday.

How will the data breach affect Facebook?

The breach on Facebook comes in a string of recent attacks including British Airways, Equifax and Npower. Under new GDPR regulations it is reported that the breach could present Facebook with a monumental fine of up to £1.26billion.

This isn’t the first time that Facebook have hit news headlines for its cyber security vulnerabilities. In March it was reported that UK Based digital consultancy Cambridge Analytica harvested the personal information of 87 million Facebook users.

This affected not only the reputation and confidence of its users, but also those who advertise on the platform, including creators of the popular Firefox web-browser, Mozilla, who announced that it would stop advertising on Facebook following the controversy.

CEO Mark Zuckerberg, was quick to publicly respond in relation to last weeks breach, stating: “This is a really serious security issue. This underscores there are just constant attacks from people who are trying to take over accounts and steal information from our community. This is going to be an ongoing effort.”

According to Guy Rosen, the firm’s vice-president of product management, the fault in Facebook’s systems has now been fixed, adding that all affected accounts had been reset, as well as another 40 million “as a precautionary step”.

What can we learn from the Facebook data breach?

The data breach comes at an extremely bad time for Facebook, with them recently coming under scrutiny from the US and beyond, in relation to their capabilities of protecting user data.

Jeff Pollard, vice-president and principal analyst at Forresters, an American market research company that provides advice on existing and potential impact of technology, said “Attackers go where the data is, and that has made Facebook an obvious target.

“The main concern here is that one feature of the platform allowed attackers to harvest the data of tens of millions of users. This indicates that Facebook needs to make limiting access to data a priority for users, APIs, and features.”

You can find out if you were one of the 50 million users affected by the breach here.

Like most data breaches, this will have detrimental effects on the businesses reputation, image and in the longer run; more than likely its share value and profit levels. The company saw its share price drop more than 3% on Friday and has over 2 billion active monthly users.

With two attacks in the space of eight months,  Facebook will now be delving deep into their cyber security vulnerabilities to make sure they are robust against any further cyber attacks. However, it shouldn’t just be Facebook that are taking action. Facebook might have been the unfortunate ones this time around, but your organisation could be the next.

This attack was a technical exploit on Facebook’s systems. Organisations are encouraged to complete Cyber Essentials+; a scheme that showcases that an organisation has implemented the most important cyber security technical controls and carries out regularly checks for vulnerabilities within their security strategy.  To take cyber essentials in your own hands, take a look at our online cyber essentials course to find out how we can help you!

It is essential to understand that people are still the most vulnerable part to an organisation’s defence, and from the people perspective, for individuals worried about having their data compromised, make sure to visit our online courses to see what steps you can take to limit the chances of becoming a victim of online identity theft and know how to limit the effects.

How to create the perfect password

Passwords are like pants. You shouldn’t leave them out where people can see them and you shouldn’t hand them out to strangers!

Your password is often the only thing blocking a whole tidal wave of mischief and headaches (both for you personally, and the company you work for), so it might be a shock for you to learn that guessing a password is much, much easier than you might think.

Password Security is an integral part of securing your organisation. Information created, used, stored or transmitted by your organisation is valuable, both internally and externally which is why the passwords which protect this confidential information should be well thought out, secure and never shared with others.

One common way that online accounts are breached is through password spraying, whereby lists of a small number of common passwords are used to brute force large numbers of accounts.

These attacks are successful because for any given large set of users there will likely be some who are using very common passwords, and these attacks can slip under the radar of protective monitoring which only looks at each account in isolation.

To understand how much of a problem this is, the National Cyber Security Centre recently conducted a research study which allowed participating organisations to assess how vulnerable they would be to a password spraying attack.

From the study, they found that 75% of the participants’ organisations had accounts with passwords that featured in the top 1,000 most common passwords and 87% had accounts with passwords that featured in the top 10,000.

What’s the best way to create a strong password?

When choosing a password, the bare minimum you should be considering is that it’s a mixture of 8 or more upper and lower case letters, numbers, and symbols. You should also consider choosing at least 3 random dictionary words that are easy to remember or even using a secure password manager.

You can check to see how secure your password is at https://howsecureismypassword.net/ based around current guidelines.

We also recommend not updating your password by just simply changing a number. This does NOT make it harder for cyber criminals to guess your password, particularly if it’s been hacked before.

One of the worst, and sadly the most common, password habits we see is people reusing passwords. You should also avoid using the same passwords at home and at work.

You should also set up additional security steps like two-factor authentication (2FA) to ensure that you’re well on your way to securing your accounts from any data breaches or attacks as it provides an extra barrier of support if your password was to be stolen. Unless cyber criminals have access to both your password and the access token through 2FA then they would not be able to gain access to your accounts.

You can educate your staff on how to create the Perfect Password by enrolling them on our dedicated Perfect Passwords course, just one of our cybersecurity awareness courses.

We have always been told that the most effective way to protect ourselves online is to install some form of antivirus software, but this does not always track the data that’s leaving your organisation’s network and devices.

Although it is nothing new, fileless malware is extremely powerful and can have many detrimental effects if you fall victim to it.

Not many people know how it works, and with McAfee warning that fileless malware is a growing trend, the risks of being affected by one of these attacks are only going to rise. So, what is fileless malware?

What is fileless malware?

In most cases, traditional malware can be detected through a signature that your antivirus software will recognise. Your chosen antivirus software will have a bank of signatures that have been collected over the years which will be called upon every time it needs to scan a file.

Fileless malware doesn’t contain a form of any signature, so it bypasses even the most thorough antivirus software which is why it is important to train your workforce on how to look out for the signs of a cyber attack.

In this blog, we’ll explore the topic of fileless malware, how it works, and the best practices for preventing it from affecting you, or anybody else in your organisation.

How Does Fileless Malware Work?

So if the malware that has infected your machine isn’t even attached to a file, how can it work?

Instead of installing software on your machine, it piggybacks legitimate software that’s already installed and uses it against you.

How can fileless malware get into your computer in the first place? Well, it has a very sly way of infecting your machine, which would catch out a lot of people who aren’t vigilant.

It usually starts with a spam email, in which the user is tricked into clicking a link to a web page which will infect a users computer.

The most commonly exploited vulnerability is through the Flash plugin on your browser. As Flash is a trusted piece of software, your antivirus won’t flag it as malicious and the real virus will enter the user’s system unchecked.

What Kind of Damage Can Fileless Malware Do?

Fileless malware is as harmful as almost every other piece of traditional malware, it can steal sensitive information, lock down your computer, and hijack your computer to execute any function.

If a cyber criminal has gone through all the effort to gain full control over your systems, what would be one of the most valuable things to them? Your databases!

You will have databases which store user accounts, personal information, passwords and other company secrets. This is a goldmine for cyber criminals, as they could sell this information onto others who will use the information to commit identity theft.

They don’t always have to just steal and sell information on straight away, some may choose to harvest further credentials long after the fileless malware has worked its way onto your machine. With this access, cyber criminals can gain login credentials to email accounts which can then be used to create phishing emails.

Users are more inclined to click on links and follow dialogues from someone they know such as their boss or the CEO, whose information is available on websites like LinkedIn. This means that whilst they gain company data, they can also harvest personal information from employees which lines their pockets nicely after the initial attack happened.

Luckily, software exists in the field of cyber security that helps to identify patterns or behaviours in systems, software or code that may be the telltale signs of fileless malware.

What is SIEM and How Does It Work?

Security Information and Events Management (SIEM) services are behaviour detection systems that provide real-time analysis of any script ran by a computer or device.

As IT departments and company networks have to run their own scripts, there can be a fine line between what could be a legitimate or malicious script.

This is where behavioural detection systems come in, they analyse incoming scripts want to do and sort out what is malicious and what’s legitimate.

Behavioural detection automatically narrows down what could be thousands of suspicious logs to just a handful of potential threats which makes it more manageable. Behavioural detection software can be very costly as the technology is almost artificial intelligence, as there are almost infinite iterations that the program has to scan and classify scripts as they run.

If the type of attack used is fileless malware, cyber criminals would want to steal data to sell on for profit. Therefore, a handy way to tell if your computer has been infected with fileless malware is for the IT department to monitor outbound logs for suspicious data packets, as hackers will want to send data back home.

How Can I Stop a Fileless Malware Attack?

So how do you actually stop a fileless malware attack? Given that a fileless malware carries no signature, doesn’t install software or create a physical file, you may think it’s impossible to detect.

While it is difficult to recover from a fileless Malware attack, it is not impossible to prevent one from happening. The best way to stop one of these attacks is learning how to prevent attackers from gaining access to your organisation’s network.

Training your workforce to be vigilant to the ways that fileless malware can infect their networks, how it can be transferred through email, and how to spot the signs of a malicious email will go a long way in the fight to keep your organisation secure.

These breaches can happen to anyone and cyber criminals will blanket target your employees because they know that they only need one person to make a mistake to let them in.

Here are some key tips from our Virus Vigilance course to help you spot and prevent fileless Malware from getting into your computer.

• Delete emails from unknown sources and log any attempts with your company policy.
• Contact your IT department immediately if you suspect that your computer has been infected with a virus.
• Only download software and open attachments from trustworthy and reputable sources.
• Invest in good virus protection software and ensure it is updated regularly.

• Watch out for deletion or unexpected appearance of files, slowing down of computer operations, and unexpected or unpredictable behaviour of your systems as these can all be characteristics of a virus attack.

You could invest in costly software or you could train your staff to help mitigate these kinds of attacks happening in the first place – because prevention is better than cure! If you’re interested in engaging training that teaches a wide range of cyber essentials to your staff, book a web demonstration with us to find out how our cyber security training courses can help your organisation.

Here at Bob’s Business, we have noticed an increase in the amount of Malvertising cyber attacks as of late. Unfortunately, it is not common knowledge what malvertising is or how it can negatively affect organisations or individuals who fall into the trap. Below are some key pieces of information that will help give you a better understanding of malvertising.

What is Malvertising?

Malvertising is the act of placing harmful code into adverts which you often see when browsing the web. Criminals will place a small undetectable amount of code into an advert which means that when the advert loads, your computer or device will automatically download the malicious code.

The code in the advert essentially opens the door to your computer and can download additional files which usually contain much more harmful, malicious pieces of malware.

One of the programs that can be downloaded onto your machine is called a Keylogger, which records every letter you press on your keyboard. Keyloggers on your machine will wait until you enter login credentials for a website and steal them.

Who does Malvertising target?

Malvertising can target anyone but can be specifically targeted towards certain groups of people. Criminals may plant their malicious adverts on a website that covers golfing news – which subsequently means that their ideal target is golfers.

However, you may have to dig deeper into why that specific golfing site was chosen. Could it be because doctors or very high earners (CEOs) play golf and are more likely to visit the site? Or just because it’s a popular site and the security is pretty lackluster? It may not always be obvious at first but it can still affect anyone.

What to do if you fall victim to Malvertising?

Just like normal malware, your online account and bank login details can be harvested in the same way.

If you think you’ve fallen victim to Malvertising, it would be advisable to download anti-virus software to scan your PC to clear any potential malicious software.

If you logged into your email account at any point, ensure that it is the first password you change as otherwise hackers may still have access to that account.

It is our strong recommendation that you also change the passwords for any accounts that you may have accessed, including your online banking account. It will also be beneficial to add two-factor authentication onto those accounts.

How to avoid falling victim to Malvertising?

Adding an adblocker to your browser can prevent the threat Malvertising poses. An adblocker does exactly what the name says, it blocks all adverts on websites. If no ads are being displayed, you cannot download programs that infect your machine.

In addition, ensure that your browser and the corresponding plugins are updated, they often contain crucial software patches that can help prevent the malware from reaching your machine.

Make sure to have an up to date antivirus program installed on your computer system or device. Malvertising acts just like normal malware and can be detected then removed by any good antivirus program.

However, these should not be the only line of defence for your organisation as users still need to be aware of cyber threats like these, and organisations should not have to solely rely on software to save the day.

One recommendation from us is to have a robust training system implemented to make users aware of how to spot and protect against malware, prevention is better than a cure.

Our Cyber Security Awareness Training courses teach employees how to avoid malware, what to do in the event of a potential attack and what impact malware can have on your organisation.

If you’re interested in finding out about our cyber security training, click here for more information.

Bob’s Business has enjoyed every moment of over a decade of helping organisations to become more cyber secure, and we’ve loved building the relationships we have over many coffees, many phone calls and many emails. Our friendly, human and professional approach to cyber security training will never change, but our image is.

Meet our new brand image

We are thrilled to announce we are smartening up our image with a refreshed brand to suit the organisation. We are still the same knowledgeable team here to help guide you through the right training solutions to suit your organisation.

Bob’s Business has always used a unique approach to get key information across by teaching organisation employees how to stay cyber secure using relatable office based scenarios featuring a colourful cast of animated characters.

Our cyber security training has effectively engaged and changed the security behaviours of hundreds of thousands of users and hundreds of organisations across the country and beyond. We have loved being able to help both individuals and businesses to feel more secure online, and we will continue to do so under our new look.

This rebrand was conducted to help us showcase our broader training and product portfolio, also demonstrating our ability to cater our training to many different industries, disciplines, audiences and organisations.

Bob’s Business has used a unique method of engaging and communicating cyber security training to help employees across hundreds of organisations prevent becoming victim to cyber attacks. The new brand can be seen on our website where we also have our latest cyber security awareness, GDPR, and compliance training courses.

The new website features an easily navigable layout and a mobile-friendly design to help visitors get the vital information they need as smoothly as possible. As well as a clean and crisp design, the new Bob’s Business website supports a live chat service so users can get in touch with the company’s responsive team with any urgent enquiries.

Bob’s Business will continue posting regular cyber security blogs containing all sorts of handy tips and analysis of the latest industry news and trends with new monthly themes and series that cover the common FAQ’s of cyber security.

Founder and CEO of Bob’s Business, Melanie Oldham said: “We’ve worked hard over the last few months to modernise the Bob’s Business brand to make it reflect us more accurately and show that our courses can help organisations in any industry develop a more security conscious workforce.

When we would talk to industry decision makers about our courses, a lot of them thought that our image was too quirky for them. So with this rebrand, we’ve toned that down to make us more appealing to a broader market while still staying true to our values.

We placed a lot of importance on making the visitor journey on our new website as streamlined as possible and made it easy for users to get all the information they need about our courses.

“Our mission is to provide memorable and engaging educational content that bridges the gap between IT and end users, and produces positive long-term behavioural change for our clients.”

Over the past 10 years Bob’s Business has grown, and through our fantastic portfolio of products, amazing clients and our continued mission to change cyber security cultures we needed an identity that reflects not only our evolution but how we want to connect and communicate for the future.

While we still operate with the same established values, making informative, entertaining and jargon free training to positively change employee behaviour, we will encompass our products and services under a brand ethos that successfully communicates our fundamental character and spirit of our organisation.

We are ready for the next chapter at Bob’s Business, our brand refresh is the start of numerous exciting projects underway at Bob’s HQ and we can’t wait to share… watch this space.

This week at Bob’s Business, we take a look at what the Internet looks like three months on from the introduction of the much anticipated General Data Protection Regulation (GDPR) that came into effect in late May 2018.

GDPR’s effect: three months in

The regulation caused huge ripples across the world with many organisations preparing for it months before the regulation came into effect. Some predicted that the regulation would ‘break the internet’. Of course, as everyone knows, the internet imploded, everyone communicates by pre-agreed pigeon mail and no one dares to turn on their devices anymore.

The truth is the GDPR legislation has done none of that, but it has taken Europe and Britain a leap ahead of the rest of the world when it comes to personal data protection, privacy, transparency and accountability.

What was supposed to happen?

The GDPR was intended to bring a new, unprecedented level of data transparency and awareness to both data handlers and data owners and for every cry about GDPR deadline emails – consumers know more about their personal data rights than ever before.

Organisations are more accountable and our society will benefit massively from opening up the opportunity to counterbalance the information economy in a way that benefits organisations and consumers ethically and responsibly.

How can a business become GDPR compliant?

Here at Bob’s Business, we have been busy supplying all the latest training and information on the regulation through our short, informative GDPR eLearning courses that offer our signature sense of humour through office-based scenarios, which trains your staff to understand how GDPR affects their day-to-day jobs and what role they play to make the organisation compliant.

We have over a decade of experience developing an understanding of how learners take in information and guidance around cyber security training. We have used this knowledge to produce a collection of courses that cover all the key points of GDPR in a way that won’t bore your employees to death or waste precious hours at work.

Our courses, learning portals and policy management systems have become an accessible and robust resource for organisations who want to combat this new challenge in a way that helps them become more proactive, secure and profitable. GDPR isn’t the death sentence it was prophesied to be, so what’s next?

We know it can be hard work to stay on top of the workload sometimes, and life can get busy, so if you’re looking to host your GDPR training in-house we can provide a fully bespoke service supplying the entire GDPR eLearning catalogue in your organisation’s branding and cater the content to your organisation.

If you are looking for advice on how to arm your employees with more ways to protect your organisations data, consider getting in touch with our team to discuss our cyber security courses and engagement packages.

Our friendly staff are here to talk you through the different GDPR training we have available and advise you on the best packages to suit your needs.