According to a 2017 Economist article, data has overtaken oil as the most valuable resource the world has to offer. It’s a startling claim, but not an untrue one.

In the modern age, virtually everything we do produces data. From the journeys we take every day to the websites we browse as we sit in front of the TV at night, everything is recorded in vast data sets, which are extremely valuable to the organisations that hold them.

Naturally, where there’s value, criminals will always attempt to cause damage. However, that’s not the only threat. Human error can result in massive data loss too so backing up data is absolutely essential.

In this blog post, we will take you through everything you need to know about backing up data, including what it is, why it is important, and how to do it.

What is a Data Backup?

A backup is simply a copy of your information that can be accessed in the event of the original information being lost or compromised. Think of it as a snapshot of your system, which you can go back to if something happens.

If you have Cloud storage on your phone, then you may already be familiar with how this works, and its benefits. For example, if you had an album of sentimental, baby photos on a phone that used Cloud storage, you would be able to access the photos online if you were to lose your phone.

Backing up your organisation’s data would enable the same protection from loss.

Why Backup Your Data?

Storing sensitive data without a backup is a bit like having a football team with no subs.

From a financial point of view, losing data can be catastrophic. This could be because customers no longer trust that you can protect their personal information, or because you have physically lost customer data and are unable to re-establish the relationships.

On top of all this, the Information Commissioner’s Office (ICO) can impose cut-throat fines for data protection non-compliance, which is the last thing you need after a data breach.

How to Backup Securely?

Bob’s Business has spent years helping organisations instil a cyber secure culture, including how to backup sensitive information. Below is a selection of Bob’s Top Tips, taken from our NCSC-accredited Cyber Security Awareness module, which boasts engagement rates of over 90%.

• Your backup storage should be at an external site. This would mean that if your primary site was compromised, your information wouldn’t be.
• Many Cloud-based storage systems offer an auto-save option, which saves work as it’s being done and lowers the risk of loss. You can implement automatic saving into your work software, or introduce a daily backup policy for your staff.
• Remember not to power off any device that is performing a backup as this could result in the data not being saved correctly.
• Use multiple backups in multiple locations to drastically reduce the risk of data loss.

To learn more about Cyber Security Awareness or any of our other innovative cyber security awareness eLearning courses, click here or get in touch.

2019 was a big year for cyber security breaches, and even Christmas couldn’t slow that train, with one last story yet to hit, one that included the breach of personal details for over a thousand new years honours recipients.

The list included the likes of Sir Elton John, TV Cook Nadiya Hussian along with senior police officers and Ministry of Defence staff, making this a major data breach and putting the government’s data protection policies and staff cyber training under serious scrutiny.

The New Years honours list was only supposed to contain the names of individuals, their roles and the honours awarded to them. However, the list mistakenly included their full home addresses and postcodes.

It was published on the Gov.uk website on Friday 27th December instantly generating comments on social media probing the data provided on the list. Although quickly removed by the Cabinet Office within an hour of its publication, the list had been copied and widely shared.

The government could now face legal action from those whose addresses were published, as well as further sanctions from the Information Commissioner Office (ICO).

What should have been a proud and momentous moment in the lives of those to be honoured has now been overshadowed and dampened by the breach of their personal details.

Indeed, any individual who was on the list and is thought to be a raised threat will be visited by the police to offer security advice. It not only tarnishes what should be a truly wonderful day, but it has also caused immense reputational damage to the involved parties too, something that could take months, if not years to rebuild.

Human Error to Blame?

When interviewed on Radio 4, Lord Kerslake, former head of the civil service, suggested ‘human error’ was to blame, questioning whether employees had been given sufficient training on data regulations.

Despite this, lawyers who specialise in data protection believe the ICO will regard this as a less serious case of human error and may let the Cabinet Office escape with a warning about improving its practices. If, however, the ICO decides to make an example of the Cabinet office, they could face a fine of up to £17million under GDPR regulations.

The story is another example of how one thoughtless click of a button can lead to front-page news.

More than individual error though, organisations must do much more from the top downwards to secure their data. Without education and awareness of data protection and regulation, can employees really be made responsible for their cybersecurity habits and attitudes?

It’s easy to point the finger at the individual who published the data, yet if more awareness and training had been instilled throughout the Cabinet Office, the individual responsible may have taken that little step back and thought twice about their actions before they clicked the publish button.

What Needs to Be Done?

Despite most employees striving to do their best, mistakes do happen, and unfortunately, in cases such as this, they can have disastrous consequences for both the organisation and those directly affected. The mistake may not feel like a ‘big deal’ for those unaffected but the same can not be said for the victims.

The information was personal, intruding on the recipients home and family lives. More training and education on data handling is pivotal and individuals need to think more seriously and deeply about how would they feel if personal information about them was made available to the general public.

If employees are unaware or have a lack of education on the risks involved in the handling and protection of data then ultimately it’s not a matter of if a breach will happen, but when a breach will happen.

With over 90% of data breaches occurring as a result of human error, awareness training and education on cyber security has never been as important as it is now.

Disappointingly, investment in awareness training remains at critically low levels in many organisations, despite the fact that the cost of awareness training is a drop in the ocean compared to that of a data breach. In 2019 the average cost of a data breach was £4,180 for small firms, £9,270 for medium firms and £22,700 for large firms in 2019.

The damage doesn’t stop there, however. With data breaches now more publicly reported in the media, organisations also face the footprint of reputational damage, putting doubt and uncertainty amongst the mindset of both current and potential clients.

Want to Avoid Your Organisation Falling Foul of Human Error?

At Bob’s Business, we believe in small changes making big differences.

We’re here to bring cultural change to your organisation so that your workforce is always vigilant to the ever-growing landscape of cyber security threats and can protect business-critical information.

Our cyber security courses:

• Are uniquely designed to help change cyber security cultures within your organisation and reduce the likelihood of your organisation falling victim to cybercrime
• Increase accountability within your organisation
• Offer advanced reporting and help deliver measurable progress

Find out more about our award-winning cyber security awareness training and how we can help instil a culture of cyber security throughout your organisation.

A Personal Note

On a personal note, Bob’s Business would like to express our delight that Nicola Whiting from Titania has been awarded an MBE for her services to International Trade and Diversity, whilst Dr. Emma Philpott, IASME’s Chief Executive Officer, was also awarded an MBE in 2019 for her services to cyber security.

Thee Data Protection Act, originally signed into law in 1998, has had a profound impact since its introduction over 20 years ago.

Rewriting the rulebook for how businesses process data, the Data Protection Act 1998 ensured that customer data is given appropriate value within organisations. In 2018, it was brought up to date to incorporate GDPR and ensure that it meets the demands of the digital world we live in.

Far from an abstract threat to an organisation, the Data Protection Act is actively pursued by the ICO, and can result in massive financial and reputational damage if not closely adhered to.

In July 2019, the ICO served an £80,000 fine to a London-based property company for failing to implement access restrictions when transferring financial data of both landlords and tenants.

They aren’t the only organisation to recently fall foul to the Data Protection Act 2018, either. In October 2018, Bupa was fined £175,000 for failing to prevent a massive data breach, which compromised the personal information of up to 108,000 international health insurance companies.

What Should Businesses Do to Protect Themselves from Falling Foul of the Data Protection Act 2018?

Inevitably, information will have to be shared within an organisation, so simply not handling data isn’t an option.

Instead, organisations should ensure that everyone within the organisation is aware of the kind of data being handled and the repercussions if this data is breached. No one wants a Data Protection scandal lingering over their heads.

First and foremost, businesses need to be aware of the seven principles of the Data Protection Act. These principles are the cornerstones of data protection and ensuring that data is not lost, stolen or copied without consent.

If those at the top of the tree aren’t aware of and on board with these principles, then it will be impossible to spread the message down to employees. This is where many companies fail.

Data Protection needs to be seen as a serious issue and not an afterthought to fill quotas.

The human factor should not be underestimated. With this in mind, businesses must ensure that their staff are trained in the principles of Data Protection. Failure to do so could lead to sensitive information being leaked, which will damage the organisation’s reputation and could lead to financial consequences.

Bob’s Top Data Protection Tips:

• Make sure that whoever is in possession of the data understands they are responsible for it.
• Do not throw away data in the bin unless it is securely locked or it has been shredded.
• Encrypt all your sensitive data – use two-step authentication to add an extra layer.
• Always verify a customer’s identity when a request for personal information is made.

Our Data Protection training module ensures all staff are aware of every principle of the Data Protection Act so they handle data with care.

The module walks users through different types of data, the precautions that need to be in place and how they should dispose of information once they have finished with it. End-users must be aware of the principles that make up the backbone of the Data Protection act, so our bite-sized module is the perfect solution.

To learn more, get in touch with a member of our team or buy our data protection course online.

How would your office function without email? Ever since its popularisation in the 90s, offices have made email an indispensable part of their everyday workflow. From arranging meetings and placing orders to organising the annual secret Santa, email has proven vital.

Whilst email has undoubtedly been a force for good, it isn’t without its perils. From emails sent to the wrong recipient to data leaks, there’s plenty of ways the humble email can turn dangerous.

It’s why good email etiquette is essential within an organisation. Oftentimes, breaches are as a direct result of uneducated email habits. It’s an under-appreciated piece of the cyber security puzzle, which is why we launched our Email Etiquette course to help shape workforce behaviour.

But what are the biggest contributors to email fails?

What Is the Biggest Contributor to Bad Email Etiquette?

Ask anyone about their email pain-points and you’ll hear one issue above all others: CCing (especially when it involves people who do not know each other).

The issue of when to CC and when to BCC is a crucial one for workplace security and, if you ask around your office, you’ll find that at least one of your colleagues has accidentally copied unrelated recipients into an email using the ‘to’ or ‘CC’ functions rather than the ‘BCC’ function.

What makes it such a common issue in the workplace? Well, there are a few theories.

One theory suggests that long days in the office mean lower concentration levels, resulting in seemingly innocuous mistakes. It’s a great case for regular breaks, even if it’s just a quick stroll across the office to chat with somebody!

That will certainly play a part, but the larger issue is training. Quite simply, few organisations train their employees on the correct way to handle emails. In fact, many people don’t even know that these functions exist.

What’s the Problem with Failing to BCC?

When you send emails without hiding personal email addresses with BCC, it allows those in the chain to access everyone’s information. From there, it’s trivial to launch spam, chain mail or even phishing attacks.

The knock-on effect from BCC misuse can be catastrophic to the reputation of a business. If not dealt with care, reputational and financial damage are realistic outcomes.

How to Avoid Email Disaster

Next time you send an email, make sure you follow Bob’s tips to avoid a potential disaster:

• Make sure you use the ‘BCC’ function to hide email addresses when sending emails to unrelated individuals.
• Make sure you proofread your emails more than once before sending them.
• If you do send an email that contains personal details that it shouldn’t, then make sure you are sensitive to the victims and apologise straight away.
• Enable a delay on emails so you can retrieve them within a set time limit in case you have realised you have made a mistake.
• Note that emails have the same legal status as letters, so pay attention to any disclaimers or legal notices on emails sent to you – they can be actioned.

What Makes a Professional Email?

There is no science to writing an email that’s perfect for an office environment, but there are a few tips to making sure an email looks friendly, yet professional.

A few things to consider include:

• Never start an email with the word ‘Hey’.
• Try to avoid humour because it tends not to translate well in text.
• Avoid using emojis.
• Maintain a clear and serious tone.
• Try to limit your use of exclamation marks, it can look unprofessional.
• Proofread your emails more than once before sending.
• Include a meaningful and straightforward subject.
• Avoid the use of caps-lock, as this can come off as aggressive.

Good email etiquette isn’t something that can be mastered in a day, however. That’s why we recommend rolling out our Email Etiquette module across your workforce to help protect your valuable data and your reputation amongst the business community.

The festive season is upon us – a time of the year that some love whilst others loathe.

Millions of people online will be rushing to bag themselves 60% off the latest tech gadgets or get two for one on their friend’s favourite gift set. With all the hype and rush that surrounds Christmas shopping, we can easily be drawn into making impulsive decisions that feel great at the time, but we later live on to regret.

To help you shop safely online this Christmas, we’ve put together a quick 7 part guide to ensure that you don’t bite on the bait that’s feeding cyber criminals.

How To Be Safe When Shopping Online

1. Be vigilant when using public WiFi networks

Mobile shopping is now part of the mainstream retail experience, so much so that mobile sales accounted for 34.5% of total ecommerce sales in 2017, with this figure set to rise to 54% by 2021.

If you’re sat in the coffee shop browsing online catalogues, it is sometimes tempting to connect to free public WiFi hotspots to get a faster, more reliable connection and save on mobile data.

But be AWARE. Public WiFi has significant security vulnerabilities. Cyber criminals are easily able to position themselves between you and the router, meaning that when you go to put the all-important payment details in, they are able to intercept all of your personal information.

To find out more about using Public Wi-Fi, take a read of our guide here.

2. Look out for the SSL

When visiting a website, make sure to look out for an SSL certificate and padlock in the web address bar of your browser.

An SSL certificate shows that data you are sending to a website and the data a website is sending back to you is encrypted and secure. Just remember though, this doesn’t mean the website isn’t malicious!

3. Avoid phishing attacks

When Christmas shopping deals are coming at you thick and fast, it’s easy for security to slip your mind.

Cyber criminals know this so they look forward to this time of year because they see the average consumer rushing around to snatch deals as easy pickings.

Phishing attacks can take all sorts of forms, but the ones to watch out for are spear-phishing attacks. These are when phishing emails are tailored made increasing the likelihood of deceiving the target into giving away sensitive information or clicking a link containing malware such as keyloggers.

For instance, if a cybercriminal knows that you’re either in the market for a new laptop, or if your laptop is 3-4 years old, they might create a fictitious offer for the latest HP Envy so it has an increased chance of drawing you in.

Some things you can do to spot the signs of a phishing email are:

• Check the sender’s email address. Has the email come from who it says it’s from?
• Check the spelling and grammar in the email. Large scale organisations will have staff dedicated to making sure that all their communications are error-free.
• Make sure that the links in the email aren’t taking you elsewhere. You can see where a link is going by hovering over it without clicking.

So, if you receive an email from Amazon with an amazing offer that you think is too good to be true, just remember, that’s because it probably is!

4. Check user reviews
If you are uncertain about the authenticity of a website that has a Christmas deal that tickles your fancy, it is good practice to do an online search for that company.

If there are plenty of reviews shouting praises about the brand, great! Shop to your heart’s content! (don’t let your guard down too much though!)

If there are lots of negative reviews, or even none at all, you should probably think twice about that offer.

5. Keep your anti-virus software up to date

Having anti-virus on your computer and smart device is highly recommended, as it can protect you from a wide range of attacks, basic or complex. Keeping anti-virus up to date is almost as important as having some in the first place. Keeping it up to date can keep your devices protected and keep your data safe!

If you don’t have any form of anti-virus protection, go get some now and come back to this blog later.

6. Pay by Credit Card

Before you enter any payment details, make sure to use some of the tips in this guide to ensure you are buying from a genuine and secure site.

When buying online, we would advise using a credit card opposed to a debit card. Credit cards offer much more protection against fraudulent charges, in that debit cards are NOT automatically covered by payment protection insurance but credit cards are.

Under Section 75 of the Consumer Credit Act, credit cards must provide protection for any purchases that are above £100 and below £30,000.

7. Train yourself

Taking the time out to make sure that you’re knowledgeable on how to keep yourself safe online in the first place can save you a lot of anguish later on.

Our online cyber security training courses are packed full of useful tips and presented in a concise and entertaining way, making best practices accessible to all.

Having read this blog, you should now be much better prepared and vigilant when it comes to shopping safely online.

Here at Bob’s Business, we are the experts when it comes to training your organisation on how to be more cyber resilient against the growing rise of cyber threats.

Want to find out more about how our award-winning cyber security training can help you and your organisation? Try our free demo course today to get a taste of the action.

Most people would claim that they could spot a bribe if they saw one. But not all bribes in business are as obvious as handing over a big briefcase filled with money. 

In the UK, bribery in the workplace is a serious problem with 71% of citizens considering corruption to be a major issue. There is a need to bring awareness to the differences between kindness and bribery, and to distinguish the very fine line between a gift and a bribe.

What is Bribery?

Bribery is a gesture intended to sway an individual’s decisions or actions by offering something of value. Bribes are often business-motivated and used to:

• Keep or secure a contract or order with a business.
• Gain an advantage over a competitor.
• Secure a contract with a national, local or foreign official.
• Make someone turn a blind eye to health and safety, poor performance, the substitution of materials or false labour chargers.
• Falsify an inspection report to gain a certificate/accreditation.

As you can see a bribe can come in many forms, and for many reasons. By knowing what a bribe looks like, and why they are bribing you, you’ll be able to spot and stop it.

Unfortunately, even though you know what a bribe looks like, bribery within the workplace is often a grey area. After all, who’s to say what is a kind act and what is malicious?

A bribe can be more than just a monetary payment. For example, if an employer offers to fast-track a promotion, but only if you do something for them in return, then that is a bribe even though no money is changing hands.

What is the Bribery Act (2010)?

Since bribery is such a major problem, the Bribery Act (2010) was introduced to enhance and amend UK law on bribery, including foreign bribery, in order to better address the requirements of the 1997 OECD anti-bribery Convention. 

Internationally, the Bribery Act (2010) is among the most rigid legislation, introducing a tough liability offence for companies and partnerships who fail to prevent bribery.

The Bribery Act (2010) covers four prime offences:

• Two general offences covering the promising or giving of an advantage, and requesting, agreeing to receive or accepting of an advantage.
• A discrete offence of bribery of a foreign public official.
• A new offence of failure by a commercial organisation to prevent a bribe being paid to obtain or retain business, or gain a business advantage (should an offence be committed it will be a defence that the organisation has adequate procedures in place to prevent bribery).

Some of these offences might be more applicable to your organisation than others, but this doesn’t mean that you shouldn’t have an understanding of them.

What Are Anti-Bribery Best Practices?

Bribes can find their way to your staff at every level of your organisation, from giving a gift to a decision-maker on a deal to bribing a cleaner to stick an infected USB drive into your network. 

Preventing bribery and corruption in your organisation starts by raising awareness amongst your staff, teaching them best practices and what to do if they ever receive a bribe. Here are our top tips: 

• If you receive a bribe, the first thing you should do is report it to your manager. Bribery relies on you keeping information to yourself, so don’t forget that your colleagues are around to help.
• Remember, not all free things are bribes, free tea and coffee at a networking event isn’t a bribe. Bribery tends to be an illicit act, you needn’t worry about taking a free branded pen from a potential supplier or partner. 
• Be suspicious of deals that are struck without correct oversight. Deals that are completed without discussion or approval can be a hotbed for corruption. 
• Keep a keen eye out for red flags like payments offered in cash, and unusually high commissions or fees, which far exceed typical rates. Internal auditing of suspicious payments can avoid significant damage further down the line. 

To educate your staff about how to avoid bribery and corruption in your organisation, enrol your workforce on our Anti-Bribery course today.

For most businesses, ransomware is the great boogeyman, always lurking around the corner.

The prospect of walking into work one day to find all your data locked behind a paywall is a terrifying one, and worst of all, it’s far from a remote possibility.

Ransomware attacks in 2018 reached 204 million, a figure which is expected to be significantly higher in 2019. Indeed, 2019 has been a bumper year for ransomware attacks, with Q3 seeing a 37% increase in attacks over the previous quarter, according to Beazley.

From reputational damage to data loss, the costs associated with ransomware attacks are numerous, resulting in a hugely perilous situation for businesses of all sizes.

Curiously though, there is today a general comfort around ransomware attacks. Businesses are increasingly adapting to the reality of impending ransomware attacks by deploying backup software.

By regularly backing up your data, the idea goes, you can simply roll back your system to a point before it was locked down by a ransomware attack. Simple and effective, right? Well, not anymore.

Cybercriminals are many things, but lazy isn’t one of them. More recent strains of ransomware like Samas, MongoLock and Zenis – to name just a few – go the extra mile and actively search & destroy backup files, leaving businesses completely vulnerable to ransomware attacks once again.

That’s not all though, because some ransomware strains have been adapted to hide on a network for months at a time before becoming active. This means that any attempt to roll back to older (supposedly safe) backups results in an ‘attack loop’, where backing up only restarts the attack.

Far from breaking news, reports of Ransomware attacks deleting backups date back as far as April 2017, with one Veeam user posting:

“On 2/7 we were hit with Samas Ransomware. Of course I freaked but I felt confident driving into work that I was ok with backups… The server itself got wiped with Samas, but I still felt confident. I looked in the Veeam_Backups folder a few times on both Drobos and both were empty… I knew at that point they were gone.”

This evolving, ever-escalating threat is exactly why businesses should never stop adapting.

The approach to this new ransomware environment should be a two-pronged one: effective phishing training and backup software that is designed to manage advanced ransomware attacks.

Tackling the Modern Ransomware Environment

How Can Phishing Training Help Protect Organisations from Ransomware Threats?

Phishing attempts are, by far, the most common way for ransomware to enter a system. Although often considered separate threats, phishing and ransomware are typically found as a couple, with phishing emails directing people to files and web pages that will then install ransomware onto their system.

But how commonly is ransomware tied into phishing attempts? Well, an estimated 90% of cyber attacks begin with a phishing or spear-phishing email.

It’s a startling statistic and one which can’t be ignored in the battle against ransomware. Whilst hardware and software barriers offer some protection against phishing emails, they lose efficacy as soon as an email finds its way through.

That’s why it’s vital that your staff are trained to spot the signs of phishing emails before they click. Our award-winning Think Before You Click simulated phishing training measures your workforces susceptibility to phishing attacks, before directing affected members of staff to our unique training environment.

Think Before You Click can lower click rates by 74%, dramatically reducing an organisation’s susceptibility to phishing emails and ransomware. However, no single solution can completely remove the potential of a member of your workforce falling victim to a phishing attack.

That’s where advanced backup support comes in to play.

How Can An Advanced Backup Provider Help Protect Organisations from Ransomware Threats?

When – not if – ransomware finds its way past your workforce, you need a backup solution to handle ransomware that finds its way past well-trained staff.

Solutions like Data2Vault’s Attack Loop prevention service, Powered by Asigra tackles increasingly intelligent ransomware viruses by offering multiple layers of protection, including:

• Two-factor authentication for volume backup deletion, protecting from automated mass-deletion.
• Variable naming for backup files to avoid auto-deletion.
• Automatic scanning of files during backup and recovery.

By utilising these three protective layers, solutions like Asigra can help curb the effectiveness of ransomware attacks.

Together with effective workforce phishing training, the threat from ransomware attacks is almost completely curtailed, helping to protect your organisation’s reputation and financial future.

There’s a lot of money in information, which is why threats from cybercriminals are growing increasingly common.

Cyber security is arguably the most important measure modern organisations can take to keep their clients’ information safe. However, what cyber security actually entails is often misconstrued by key decision-makers within organisations.

In this article, we’ll be giving you a total overview on cyber security, including: what it is, what it focuses on, what it protects you from and why it’s important.

What is Cyber Security?

Cyber security focuses on protecting computer systems and digital infrastructures from online attack. This includes components such as hardware, software, and data.

People often confuse cyber security with information security, which is a much broader concept that is concerned with protecting all aspects of information including hard and digital copies.

Thankfully, some organisations are waking up to the alarming threat that cybercrime poses and have begun investing in staff training to better prepare and arm themselves against new-age digital threats.

Unfortunately, not everyone’s up to speed. Only 51% of businesses and 29% of charities have installed the five basic technical controls of cyber security, as defined by the NCSC. It’s great news for cybercriminals, especially when you consider the number of data breaches and successful attacks occurring every year.

While your organisation might seem secure, ask yourself, is it doing enough to mitigate threats and protect both monetary and informational assets?

Why is Cyber Security Important?

Cyber security awareness is at an all-time high, owing to the hundreds of high-profile cyber attacks every single year. Shockingly, 2018 saw nearly half of all UK businesses fall victim to cyber attacks. If these had all been physical robberies, we’d be talking about an unprecedented crime wave.

The reason for those attacks is simple: there’s money in cyber crime. Just this week, news hit that the UN is set to investigate North Korea for a series of alleged cyber attacks that are thought to have raised over $2bn for nuclear weapons.

When it comes to your organisation, effective cyber security could be the difference between success and failure.

A data breach can damage everything from your finances to your reputation, the latter being much harder to earn back. You don’t need to look too far for an example. Last year, the infamous Cambridge Analytica and Facebook data breach resulted in 5% of Brits deleting their accounts – and that’s Facebook!

It’s crucial to understand these threats so that you are in the best position to protect yourself and your organisation. In order to do this, you need to learn the three pillars of cyber security and the types of threats that are out there.

What are the Three Pillars of Cyber Security?

We believe there are three key pillars of cyber security. By addressing these pillars, organisations can protect themselves from both impulsive and premeditated attacks. They are:

1. People

The most advanced technology in the world is powerless if the people in your organisation are vulnerable to exploitation. Most data breaches are the result of human error or malicious intervention. From an organisational point of view, it only takes one person to fall for a phishing email to compromise your whole system.

We believe that staff awareness training is by far the most effective way to instil a cyber security culture within your organisation.

2. Processes

Processes are like a checklist and guide you can follow to make sure you’re employing the best practices for cyber security. It is also a great way of communicating with your employees exactly what is expected of them.

These processes can be far-reaching, from employees’ roles and responsibilities when processing information to reporting suspect emails. Certifications such as ISO 27001, which is covered by our cyber security training courses, can help you develop cyber-safe processes that best suit your organisation.

3. Technology

Technology is your initial defence against cyber attacks.

Cybercriminals are constantly changing their tactics and your antivirus software needs to match this. This is not to say that you should look to install new software, but rather to keep on top of new versions and updates as these could protect you from a new threat that the old version would not recognise.

Whilst we at Bob’s Business think too much emphasis is placed on technological solutions compared to the human factor, it’s vital that software is kept up to date.

What are the Different Types of Cyber Security Threat?

There are a host of cyber security threats that could damage your organisation. We have identified the three most common avenues cybercriminals explore when attacking an organisations finances or data.

Social Engineering

Social engineering uses psychological tactics to prey on people, rather than technology. Using ultimatums and evoking urgency to make victims act rashly and give away information. The most common and successful method for this is email phishing.

We have written extensively on how to spot phishing emails but an example might be an email which demands you: ‘pay £50 now to avoid being charged £1,000’ or says ‘we believe your account has been hacked, please enter your login details to avoid your account being deleted’.

Malware

This is a broad term that describes any software that is designed to harm a computer system. This can include trojans, worms, viruses and more. Each of these can be downloaded by following a link in an email or using an illegitimate website.

Staff training is crucial to stopping malware from infecting your system. Quite simply, your employees need to know what they’re looking for.

For example, many people look at the lock icon and ‘HTTPS’ next to a web address and assume it’s safe. However, cybercriminals can recreate this with ease and goad victims into thinking they’re using the internet safely.

Ransomware

Ransomware is a type of malware that is an extremely popular choice of attack for cybercriminals. After installing harmful software onto your computer system, cybercriminals will encrypt all the data on the device and demand payment to allow the organisation to use the system again.

Notorious ransomware attacks include the Wannacry attack, which infected over 300,000 devices and caused untold financial and reputational damage to organisations as large as the NHS, FedEx, Renault and Hitachi.

For businesses, the most effective solutions to combat ever-evolving cyber security threats is to keep your software up to date and implement staff training in cyber security awareness to create a secure culture.

Learn more about how we can help educate your staff in cyber security awareness here.

Read our updated guide to 2020’s most common passwords here!

Let’s face it – few of us enjoy the process of picking a password. We’re often marooned between a simple yet memorable password and a truly secure one.

The result? An epidemic of poor choices which means that, when it comes to choosing passwords, many of us are falling into the same traps. They’re traps which can compromise your personal data, finances and even your organisation’s cyber security.

Cybercriminals and the software they utilise are growing more sophisticated by the day, so there’s never been a better time to brush up on how to write a secure password.

Thanks to work by the National Cyber Security Council (NCSC), we finally have an idea of what the most common passwords in the world are. The passwords were scraped from hacks in the Have I Been Pwned? database and reveal some serious flaws in common password design.

Join Bob’s Business below as we share with you the most common passwords, explain why you shouldn’t reuse your password and much, much more.

What were 2019s most Common Passwords?

The top five most commonly used passwords in 2019 were:

• 123456 (23.2m)
• 123456789 (7.7m)
• qwerty (3.8m)
• password (3.6m)
• 111111 (3.1m)

What unites each of these passwords? Simplicity. They’re super simple to think up and remember, which is good. On the other hand, they’re so easy to crack that they’re basically useless.

What Does the Password List Tell Us?

There are a number of themes that recur time and time again in the NCSC’s password list.

Numerical patterns are a very common theme, with passwords like ‘000000’ or ‘654123’ appearing constantly in the NCSC’s list of the 100,000 most hacked passwords. In fact, out of the top twenty passwords, numerical patterns appear twelve times, highlighting just how common they are.

Another theme that appears time and time again in the list is names. The NCSC’s data found that ‘ashley’, ‘michael’, ‘daniel’, ‘jessica’ and ‘charlie’ were the five most commonly used names as passwords, but there are hundreds of examples on the list.

Other popular common passwords are football teams, musicians, superheroes and swear words, which appear shockingly often.

So, what do all these patterns tell us? When we’re building passwords, most of us just choose something that’s easy to remember. Whether it’s the football club we love, our favourite band, an easy to recall set of numbers or even our own name – many of us are choosing passwords that don’t require us to memorise anything complicated.

All of which brings us to…

How to Make a Good Password (and Remember It!)

There are countless ways to create good, secure passwords, but many methods ignore the fact that it takes a monumental effort to remember ‘C7sf3LU!6w’ instead of ‘leedsutd’.

That’s why at Bob’s Business, we recommend the ‘three words’ method of password creation. Simply pick three random, unconnected words and put them together. Passwords like ‘laminateboomtag’ are easy to remember and, crucially, unique.

Aren’t sure just how secure your password is? Type it into How Secure is my Password and discover just how quickly your password could be cracked.

How Often Should You Change your Password?

There are plenty of myths out there about how often you should change your password. Some schools of thought suggest every month, others once every quarter.

The problem with mandatory password changes is that they tend to encourage superficial changes to passwords – a capitalised letter here or a new number there. For hackers, those small changes are easy to adapt to.

Instead, you should simply choose a unique password for every website or service you sign up to.

Dedicated password manager software will keep track of your passwords and automatically input them across your devices, whilst browsers like Chrome now support built-in password management, so you don’t even need to remember your passwords.

Of course, if any service you use is hacked, you should change your password immediately to stop criminals accessing your private information. Finding out whether an account you use has been hacked is simple, just use a website like Have I Been Pwned?

Our top Password Tips

Creating a secure and memorable password doesn’t need to be difficult. In fact, it can be easy. Just follow our top password tips below and you’ll never need to worry about your password security again.

• Build your passwords from three random yet memorable words. Try to choose words which aren’t related to your life, so no favourite bands or teams and certainly not your name. That way no automated hacking system or individual can figure out your password.
• Use different passwords for every website or service you use. The temptation to use the same password everywhere is strong, but doing so means that a single breach on any service could compromise all of your accounts.
• Check to see if any of your accounts have been breached. By inputting your email address into a website like Have I Been Pwned? you can see whether any of your details have been breached and released. Companies will also email you to alert you if their service has been breached.
• Always change any passwords you have on breached services. It should go without saying, but if your information has been breached, you should change your password as soon as possible, alongside updating your password on any websites that share the breached password.
• If in doubt, check the strength of your password. There are plenty of services that will show how strong your password is, but our favourite is How Secure is my Password, which instantly reveals how long it would take a computer to crack your password.

How Can Businesses Educate Their Employees?

It’s no secret good password practice is essential to ensuring that businesses aren’t put at unnecessary risk.

A single employee with their password in the public domain can compromise the security of your entire organisation, opening the door to all manner of cybercriminals.

At Bob’s Business, we understand that when it comes to the cyber security health of your business, your employees are the most valuable weapon in your arsenal. They’re the front line of your battle against cyber crime and, without proper training, can be manipulated to grant access to confidential and valuable information.

Our cyber security eLearning courses cover everything from how to make the perfect password to GDPR compliance, phishing detection and data protection. They’re designed to help you staff understand the threats posed by cyber crime and reshape their behaviour to protect your organisation.

It will come as little surprise to anyone who’s ever received a suspect looking invoice, but the major technology firms – including Apple, Google and Microsoft – are failing to protect users from phishing email threats.

The confirmatory news-flash comes from Plymouths Centre for Security, Communications and Network (CSCAN), who set about finding what action the big tech firms were taking to protect users and businesses from phishing threats.

Their research reveals shocking flaws in the automatic detection software employed across the major email service providers, but first, it’s vital to understand what ‘phishing’ actually is.

What is Phishing?

Phishing emails are, quite simply, the most common way for cybercriminals to steal your personal information like credit card details or password information.

Phishing attacks are conducted through emails which are carefully designed to look just like the real thing. Oftentimes, they’ll use urgent language to force you through to a page which is designed to harvest your personal information. From there, compromising your accounts is as simple as inputting the details you provided.

The threats are even more significant to businesses, with phishing emails posing one of the biggest threats to any organisation.

What did the Study Find?

Plymouth’s Centre for Security, Communications and Network started by sending two sets of messages to ‘victim accounts’, using email templates pulled from the archives of reported phishing attacks.

The first of those emails was simply plain text, with no links included. The second set of emails had all the original links in place, pointing to their original destination.

Researchers then studied which emails made it through to users inboxes and whether users were warned that these emails were malicious. The result? Well, it certainly doesn’t reflect well on the big tech firms.

75% of the phishing emails without links and 64% of those with links made their way into the target inboxes. Even worse, only 6% of those emails were marked as malicious.

Commenting on the findings, Bob’s Business CEO Melanie Oldman said: “This study only further illustrates how, when it comes to phishing, we can’t trust technology alone to protect us. With instances of ever-more sophisticated phishing attacks on the rise, all businesses should implement simulated phishing training to educate staff on the risks associated with phishing emails before they cause significant harm”.

What can you do to Avoid Phishing Attacks?

The key to avoiding phishing attacks is raising awareness and creating a secure culture. Whether in your personal life or in a business environment, being aware of the telltale signs of a phishing email can make all the difference.

We’ve written extensively on how to spot a phishing email in the past. For those short on time though, we’ve included seven ways to spot a phishing email here:

1. Check the sender’s email address – Phishing email addresses often give themselves away with misspellings or odd strings of letters and numbers.
2. Check the spelling and grammar of the email – Phishing emails commonly feature spelling or grammatical errors. No serious business would send out an email with a grammatical error.
3. Look for odd use of imagery – Blurry, old or oddly laid out imagery might be a giveaway that an email isn’t from a legitimate source.
4. The email is designed to push you into a rash decision – Many phishing emails are designed to encourage you to make a decision you’ll later regret. Always take time to carefully read an email before you do anything.
5. The email sounds too good to be true – Much like phishing emails designed to cause panic, many phishing emails are built around good news, hoping you won’t think clearly about what you’re doing until it’s too late.
6. Check the links – Most phishing emails try to get you to click on a link. Look closely at these links to spot fakery.
7. Compare emails to legitimate versions – If the email is from a company you’ve interacted with in the past, compare the new email to the old one to look for discrepancies.

For businesses, the fastest and most reliable way of ensuring your staff are aware of the serious risks that phishing emails pose and how to mitigate them is to combine our award-winning eLearning course with our phishing simulation solution.

Learn more about how Bob’s Business can help your staff protect you from phishing attacks here.