Free Guide: AI, Safety and Your Organisation

Discover how to unlock AI’s potential in your organisation. Our complimentary guide explains everything you need to know to adopt AI confidently.

Artificial intelligence presents tremendous opportunities to streamline operations, gain insights and enhance customer experiences. However, without proper precautions, AI risks reinforcing biases, compromising data privacy, and enabling new cybersecurity threats.

Our new AI guide for businesses offers indispensable guidance to integrate AI securely and ethically, including:

  • Demystifying key AI concepts in plain English
  • Realising AI’s benefits for your business
  • Mitigating risks whilst maximising rewards
  • Implementing responsible AI policies and training
  • Ensuring transparency, oversight, and accountability

Whether you’re an AI novice or a seasoned expert, this guide shares practical advice to harness AI’s upsides whilst avoiding pitfalls. Equip your team to adopt AI as a force for good.

Ready to get started? Interact with the bot below to gain instant access now! 👇

What you need to know from Alianz’s ‘Cyber Security Trends’ report

With ransomware attacks surging globally, awareness of cyber threats is at an all-time high. Now, insurance provider Allianz has released its annual Cyber Security Trends report, providing crucial insights businesses need to know.

The report highlights developments across the cyber landscape from early 2022 through mid-2023, touching on the ongoing evolution of threats like ransomware, the role of human error in enabling breaches, the need for rapid detection and response capabilities, and more.

In this blog, we’ll summarise some of the top takeaways from the 31-page report. Key focus areas include the prevalence of supply chain attacks, the cybersecurity skills gap, the risks posed by mobile devices, and the importance of boosting employee security awareness.

Let’s get started.

The key takeaways from Alianz’s ‘Cyber Security Trends’ report.

Ransomware still dominates the threat landscape

Ransomware attacks surged 143% globally in early 2023, the report reveals.

These attacks are often successful because staff click on phishing links or fail to patch known software vulnerabilities.

Ongoing security awareness training is essential to avoid falling victim. Supply chain attacks, where hackers infiltrate vendor systems to steal customer data, are also increasing. Rigorous vendor risk assessments are crucial for managing your organisation’s level of risk.

Mobile devices are a growing target

Organisations are seeing more attacks aimed at mobile devices, according to Allianz. These endpoints often lack security controls, while employees commonly mix personal and corporate data on them. Implementing mobile device management policies helps secure these risky assets, and awareness should be raised among your team.

The cyber skills shortage increases exposure

With limited cybersecurity professionals available, many companies cannot adequately staff security teams.

Allianz advises focusing on employee training programs to fill the skills gap. Partnering with managed security providers can also help strengthen defences.

Human error contributes to breaches

Simple mistakes like misconfigured systems, inadequate system monitoring, and poor data management practices frequently contribute to breaches.

To reduce errors, organisations need proper cybersecurity awareness training, IT governance frameworks, internal auditing, and data retention policies.

Rapid detection and response is critical

Once attackers infiltrate systems, incidents often escalate rapidly into costly breaches. Allianz stresses early detection capabilities, like SIEMs and SOCs, are vital to spot intrusions quickly before major damage occurs.

Having an incident response plan, retaining specialist vendors, and conducting exercises also improves reaction time.

The top 10 findings from Alianz’s ‘Cyber Security Trends’ report.

  • Ransomware remains the top cyber threat, with attacks surging 143% globally in early 2023.
  • Supply chain attacks are increasing as hackers infiltrate vendor systems to access customer data.
  • Mobile devices are a growing target due to weak security controls and the mixing of personal and corporate data.
  • The cybersecurity skills shortage makes organisations more vulnerable to attacks.
  • Human errors like misconfigurations and poor data practices enable many breaches.
  • Early detection of attacks is critical to prevent escalation into major incidents.
  • Having an incident response plan and retaining specialist vendors improves reaction time.
  • Business email compromise scams are becoming more sophisticated using AI-generated content.
  • The Internet of Things and 5G networks will expand the threat landscape as more devices connect.
  • Data exfiltration attacks are surging, with stolen data leveraged to demand larger ransoms.

In short, while deploying robust technical controls remains important, continuously improving employee cybersecurity awareness and implementing governance procedures to avoid errors is fundamental.

Addressing the human element is key to reducing cyber risk. At Bob’s Business, that’s what we do.

Our NCSC-approved cybersecurity awareness training courses give your team the knowledge they need to protect your business, while our simulated phishing training gives your team hands-on experience in receiving and spotting phishing attacks.

Ready to learn more? Discover our range of solutions or chat with a member of our team.

This month in data breaches: October edition

This October, major corporations were hit with cyber tricks rather than treats!

Air Europa, 23andme, Sony, and Lyca Mobile faced the scary reality of data breaches.

Join us as we uncover how these companies were impacted and discover essential insights on how to protect your own business against similar cyber attacks.

Let’s get into it.

October’s biggest breaches

Air Europa

Air Europa, a Mallorca-based airline, fell victim to a data breach, exposing the private payment information of its customers.

The breach, discovered on October 10th, revealed that customer payment data, including credit card numbers, expiration dates, and CCV codes, had been accessed during the cyber attack.

Alarmingly, this breach occurred 41 days prior, on August 28, going undetected until suspicious activity was identified on one of the airline’s systems.

While the precise number of affected individuals remains undisclosed, the exposure of CCV codes is in violation of the PCI DSS regulations, which raises significant concerns.

Air Europa has advised customers who used credit cards for flight payments to cancel their cards as a precaution against potential fraudulent activities.

The Air Europa breach underscores the importance of adhering to PCI DSS regulations to minimise risks and mitigate the impact of breaches on customers’ payment data.

Learn more about how our compliance management tools help your business here.

23andme

Biotech company 23andMe faced a serious data breach where customer accounts were accessed through a credential-stuffing attack.

This led to the theft of genetic data, potentially including names, email addresses, birthdates, and genetic ancestry information.

The hackers seemed to focus on individuals of Ashkenazi Jewish and Chinese descent, causing concern within these specific communities.

A hacker claimed to possess and attempted to sell user details in an online forum, particularly emphasising Jewish individuals.

Upon detecting the breach, 23andMe involved digital forensics experts and law enforcement. They’ve taken steps, including requiring all users to reset their passwords as a precaution.

This incident adds to ongoing concerns about data privacy and security within genetic testing companies. This data information isn’t currently protected by HIPAA, the health privacy law, and 23andMe’s privacy policy still allows for third-party data sharing.

This breach stresses the need for unique and strong passwords for separate accounts to prevent unauthorised entry and protect your personal data.

Sony

In October, Sony informed nearly 6,800 employees about an earlier data breach that was linked to a prior security breach associated with the MOVEit transformation system.

Through this system, hackers gained unauthorised access to U.S.-based employee data stored on Sony’s servers.

As a response, Sony offered credit monitoring services to those affected and addressed the vulnerability to prevent any potential future data breaches.

These breaches highlight the persistent challenges in protecting personal data within large corporations, emphasising the critical need for updated security measures and continuous vigilance, regardless of a company’s size.

Lyca Mobile

Lyca Mobile, a London-based mobile operator, functioning on EE’s network, has faced a data breach, creating significant disruptions for millions of Lyca Mobile users.

Upon discovery, Lyca Mobile took swift measures to contain the breach by isolating and shutting down compromised systems.

Despite these efforts, the attackers gained access to various personal information stored within their systems, including names, birth dates, addresses, copies of identity documents, customer service interactions, and partial payment card information.

Although the specific details of the stolen data were not specified, concerns have arisen regarding compromised customer passwords and potential risks associated with phishing attempts, fraud, and unwanted marketing communications.

As the largest mobile virtual network operator (MVNO) with over 16 million customers globally, the magnitude of the breach poses a considerable risk.

This incident reminds us of the necessity of rapid and effective response strategies. A swift response can significantly reduce exposure and potential impact.

Preventive measures are a crucial aspect of cybersecurity planning.

What your organisation can learn from the October data breaches

Considering the recent breaches in October, it’s important to follow regulations and continuously review cybersecurity protocols.

Here are key points to consider when reviewing your cybersecurity measures to protect your organisation and customers:

  • Compliance with industry standards: Adhering to regulations like PCI DSS is vital to protect customer data and avoid severe consequences due to non-compliance.
  • Strengthening security measures: Implementing multi-factor authentication, encouraging strong passwords, and updating security systems can significantly reduce the risk of unauthorised access.
  • Incident response and preparedness: Develop and regularly test an incident response plan. This includes clear steps for swift action in case of a security breach to minimise its impact.
  • Clear communication: Timely and transparent communication with affected customers and regulatory bodies builds trust and helps contain the breach’s impact.
  • Customer data protection emphasis: Continuous evaluation and enhancement of security protocols are necessary to protect personal information, prevent misuse, and reduce the risks associated with breaches and fraud.
  • Third-party risk management: Assess and manage risks associated with third-party vendors, ensuring they maintain strong security practices to safeguard shared data.

How can Bob’s Business help your organisation

At Bob’s Business, we provide tailored compliance solutions and customised employee training to protect your organisation.

With our support, your organisation can proactively enhance its cybersecurity and prevent breaches like these from happening. Click here to explore courses tailored to your organisation.

Free Shopping Season pack

It’s November, which means that shopping season is well and truly underway. With Black Friday, Cyber Monday and Christmas just around the corner, global online shopping habits are about to go into overdrive.

To help you and your team stay safe, we’ve put together an indispensable resource pack designed to help you navigate the season, including:

  • Reusable Blog on Shopping Season Threats: Give your team the context and advice they need to safely shop throughout November and December with this reusable blog to use on your website or via email.
  • A Safe Shopping Email Template: Effortlessly communicate the importance of safe shopping with your team with this pre-made email template.
  • Shopping Season Wallpaper: Keep safe shopping habits at the front of your organisation’s mind with this stylish desktop wallpaper.
  • Shopping Season Email Footer: Maintain awareness with every email thanks to this email footer design.

Better yet? We’re also including a 30-day free trial of Bob’s Compliance with every download!

Ready to get started? Interact with the bot below to gain instant access now!

The cyber risks of the Black Friday & Cyber Monday sales

Black Friday and Cyber Monday are the perfect opportunities to grab someone special a unique gift at a discount.

However, it’s also prime time for scammers.

The rush to purchase presents under time pressure can also leave you more vulnerable, making you or your loved ones an easy target for cyber scams.

With the Black Friday sales fast approaching, it’s important to be aware of the potential cyber risks to stay safe online.

This blog will highlight the scams that may emerge and what you can do to stay safe while online shopping.

Let’s get into it.

Recognising cyber threats

Phishing attacks:

During the Black Friday sales, we often see an increase in phishing emails. Cybercriminals impersonate trusted brands, enticing you to click on malicious links or provide sensitive information.

For example, an ‘Amazan.com’ offer for iPads at outstandingly low prices.

Be cautious of unexpected email offers and verify their email addresses, also remember to pay close attention to spelling.

You’ve heard the saying, if it seems too good to be true it probably is! If you are unsure, you can look a company up on the Better Business Bureau website, and check their Scam Tracker for any reported issues.

Being vigilant with your emails allows you to benefit from genuine discounts and steer clear from the scams.

Fake websites:

Ever been on a website and thought something about it seemed a little off? Be aware of fake websites; hackers often create close clones of popular sites to trick users into handing over sensitive information or their hard-earned money.

Scammers typically start by copying the layout and design of a legitimate retailer’s website, making their fake site appear convincing at first glance.

They may also use domain deception, registering web addresses that closely resemble those of well-known brands.

These fake websites often dangle enticing offers that appear too good to pass up, drawing in unsuspecting shoppers.

Additionally, some of these deceitful sites may distribute malware. Clicking links or downloading files from them can infect your device with malicious software.

Staying informed and vigilant is your best defence against these online tricks, especially during events like the Black Friday sales.

Fake mobile apps:

Scammers create fake shopping apps that mimic popular brands. These apps can be found on unofficial app stores or through deceptive links.

Downloading these apps could lead to malware infections or theft of your personal information.

Stick to official app stores and read reviews before downloading any apps. Sometimes scammers will post fake reviews on their app to make it appear legitimate, so check the dates of reviews goes a long way.

Third-party sellers:

When purchasing from online marketplaces, exercise caution with third-party sellers.

Some sellers may not be as reputable as they appear, potentially leading to fake or flawed products.

Check reviews and seller ratings, and try to purchase from established retailers.

Social media scams:

Social media is a powerful tool for scammers.

They can dangle enticing offers or extravagant contests with the promise of winning valuable prizes.

However, it’s essential to remember that the price of these so-called “prizes” might be your valuable personal information, as scammers may request certain details to enter.

How to stay safe on Black Friday and Cyber Monday

Now that you’re aware of the potential cyber risks and the scams that could crop up during the sales, here are 10 practical steps to keep yourself safe:

  1. Verify website URLs: Always double-check the web address before making a purchase. Make sure it matches the retailer’s official website. Cybercriminals often use similar but slightly altered web addresses to trick shoppers.
  2. Look for ‘https://‘ and the padlock symbol: Ensure the website you’re using has ‘https://’ in the address bar, along with a padlock symbol. This indicates a secure connection and protects your data during transactions.
  3. Check for verification: When following deals or promotions from social media accounts, look for a verification badge on their profile. This confirms their authenticity. Beware of impersonators who lack this verification.
  4. Verify email offers: Don’t be tempted by unexpected email offers that seem too good to be true. Before clicking on any links or sharing personal information, verify the sender’s email address and double-check the spelling. Scammers often use slight variations to mimic legitimate brands.
  5. Official apps and websites: Stick to official app stores and trusted websites when purchasing or downloading apps. Read reviews and ratings to ensure you’re dealing with reputable sources.
  6. Two-factor authentication: Whenever possible, enable two-factor authentication (2FA) for your online shopping accounts. This additional layer of security ensures that even if your login details are compromised, your account remains protected.
  7. Bad spelling and writing: Real websites use proper words and sentences. If you see lots of mistakes, it’s likely a fake website.
  8. Blurry pictures: Genuine shops use clear pictures of their products. If the pictures are blurry or look otherwise strange, it’s a warning sign that the website might be fake.
  9. Beware of overly aggressive pop-up ads: Scammers often use aggressive and persistent pop-up ads that claim you’ve won something or offer unbelievable discounts. Legitimate websites typically don’t bombard you with constant pop-ups. If it seems too intrusive or too good to be true, it’s likely a scam. Close the pop-up and continue your shopping on trusted websites.
  10. Stay informed: Keep yourself informed about common online scams and cybersecurity best practices. Being aware of potential threats empowers you to recognise and avoid them.

How Bob’s Business can help your team build cyber awareness

Cyber deals can be attractive, but if your employees get trapped in online scams during these events, it can impact your company’s cybersecurity.

Some employees might not be too cautious with their passwords, and when their personal and work data blend, it poses a security challenge, especially for those who work remotely.

Bob’s Business is here to help with our cybersecurity awareness eLearning training, ensuring your employees can identify and address online threats efficiently and effectively.

We also offer tailored solutions to suit your unique business blindspots – Why not click here to explore our courses designed to ensure the safety and security of your business?

And happy shopping!

What you need to know from Microsoft’s ‘Digital Defense Report 2023’

It’s Cybersecurity Awareness Month, and, as is tradition, Microsoft has moved to release their Digital Defense Report. This year, they’re reporting on the period between July 2022 and June 2023, crunching the numbers and attempting to solidify an ever-changing threat landscape.

The report, across 131 pages, touches on the state of cybercrime, nation-state threats, the crucial cybersecurity challenges that all companies face and more.

In this blog, we’ll pull together some of the highlights and showcase some of the cybersecurity learnings that businesses need to know.

Let’s get started.

The key takeaways from Microsoft’s ‘Digital Defense Report 2023’

Good cyber hygiene is still the best defence against attacks

The report reveals that over 99% of successful cyberattacks could be prevented by following basic cyber hygiene practices.

Measures like enabling multi-factor authentication (MFA), applying zero trust principles, keeping systems patched and up-to-date, using endpoint detection and response solutions, and protecting data form a robust first line of defence for organisations of any size.

However, human error remains a primary enabler of cyberattacks.

Despite increasingly widespread security awareness training, phishing click rates have remained relatively stable.

This is largely down to the methods of training deployed by organisations. For example, the report found that video-based training only reduces phishing susceptibility by around 3% at best. More personalised, tailored training focused on actual behavioural change, like that offered by Bob’s Business, is required.

Sophisticated phishing attacks are surging

The report warns that adversary-in-the-middle (AiTM) phishing campaigns are surging dramatically.
These attacks involve threat actors using reverse proxy servers to intercept and steal login credentials and session cookies, bypassing traditional protections.

Attackers are also refining social engineering by exploiting trusted third-party communications alongside sending specially crafted phishing messages based on reconnaissance of individual targets.

Ransomware is still a top threat

Ransomware continues to plague organisations, with human-operated ransomware attacks doubling over the past year.

These intrusions often exploit unpatched systems and unmanaged devices. The report observes attackers increasingly using remote monitoring tools to conceal activity and make attribution more difficult.

Business email compromise (BEC) attacks have also skyrocketed, reaching 156,000 daily attempts globally. Threat actors hijack communication threads and leverage cloud infrastructure to conduct more sophisticated invoice and payment fraud.

Nation-states prioritise cyber espionage

The report highlights a shift amongst nation-state groups away from high-volume destructive attacks towards stealthy cyber espionage campaigns.

Key targets include critical infrastructure organisations and policymakers, alongside governments and governmental bodies.

State-sponsored groups are exploiting vulnerabilities faster, enhancing cloud operations, and increasingly using custom malware and “living off the land” techniques to hide activity.

How you can build organisational resilience

Facing this complex threat landscape, the report emphasises the importance of cyber awareness training and building organisational resilience through measures like:

  • Prioritising cyber hygiene and zero trust principles
  • Providing personalised, skills-focused security training
  • Leveraging emerging technologies like AI to analyse threats and automate response
  • Implementing robust identity management and phishing-resistant MFA
  • Ensuring devices and systems are kept fully patched and up-to-date

In short, Microsoft asserts that organisations that take a strategic, resilience-focused approach to cybersecurity are best positioned to protect themselves against both commoditised attacks and sophisticated, targeted threats.

At Bob’s Business, we’ve helped millions of employees to take responsibility for their organisations’ cybersecurity through effective, engaging and entertaining training.

With over 70 interactive and gamified courses, we give your team the knowledge they need to spot and stop attacks, alongside how to build good cyber hygiene.

Ready to learn more? Discover our range of solutions or chat with a member of our team.

Why online training is the most cost-effective way to train your staff

In business, success hinges on the delicate balance between income and expenses, and when it comes to expenses, there are few more debated than that of employee training.

In the current financial climate, it’s more important than ever to make employee training as cost-effective as possible whilst still regaining the same effectiveness.

However, traditional training methods can come with hefty costs, including travel expenses, facility rentals, and printing materials.

That is where online training steps in. It’s a cost-effective solution that not only reduces training expenses but also upskills your workforce.

Since the Covid-19 pandemic, the eLearning industry has seen exponential growth, with demand increasing by up to 400%. These factors have changed how we learn due to the ongoing change in technology. According to a recent study, an eLearning solution can save businesses up to 66% on training costs.

As one of the original online providers of cybersecurity courses for organisations, we’re uniquely qualified to explain why online training is the most cost-effective way to train your staff and why you should choose it over traditional training approaches.

Let’s get started.

Why is online training so cost-effective?

Employee time

In traditional training settings, employees often need to take significant time away from their regular work, including travel time, attending classes, and waiting for scheduled sessions to start.

This time away can result in productivity losses and additional expenses that businesses may not have accounted for. Online training, however, reduces these time-consuming factors.

Employees can access training materials from their desks, allowing them to learn at their own pace and during hours that suit them and the company.

This flexibility minimises downtime, maximises productivity, and ensures that important tasks are not delayed due to training requirements!

According to a Brandon-Hall Study, eLearning typically requires 40% to 60% less employee time than learning the same material in a traditional classroom setting.

With online training, businesses can capitalise on the hours that would have otherwise been spent on travel and idle waiting, making it a cost-effective solution for organisations of all sizes.

Travel costs

Travel expenses can quickly add up. Sending employees to off-site training locations often involves:

  • Train tickets
  • Hotel accommodation
  • Meal expenses
  • Transportation to and from the training venue

These costs can take a big chunk out of a company’s budget.

A study found that 85% of every pound spent on classroom training is spent delivering it, for example, on instructor time and travel.

Online training eliminates the need for these expenses. Employees can access training materials from their desk, homes or even during their journey into work!

The location of training becomes irrelevant. This not only saves on travel costs but, also, provides a more convenient and comfortable learning environment for employees.

With online training, travel costs are removed, making it a smart financial choice for organisations.

Scalability

Scalability is a key advantage of online training, for large, growing, and/or remote businesses.

Online platforms, however, can cater to a larger number of learners without the costs associated with gathering employees in a single location.

This online scalability guarantees consistent training across multiple locations, whether multiple offices or remote workers, without the need for several training sessions in different places – Pretty great, huh?

This cost-effective approach ensures that training can effectively scale with the organisation’s growth and changing needs.

Facility costs

In-person training often requires hiring a venue space. The expenses don’t stop here, it can include set-up costs, the cost of equipment, the venue might even charge for using their employees.

These logistics can be time-consuming and costly.

If, for example, the booking of a room is £300 for the day and you need 5 training sessions, that’s £1,500 spent on the venue.

That’s before any training has even started.

Online training eliminates the need for physical facilities altogether. Employees can access training materials from their own desks or devices.

This streamlined approach not only saves money but also removes the hassle of coordinating venue logistics.

By choosing online training, businesses can allocate their funds to more essential areas of employee development, making it a sensible financial decision.

Learning material costs

Think about it – when you enter a traditional training session, what is often handed out first? A notebook and pen, right?

Imagine providing this for multiple employees in numerous training sessions – those seemingly small costs start to add up.

And let’s not forget about all the other printed materials that often end up misplaced, forgotten, or simply, tossed aside once the session ends –a waste of money and resources.

Now, contrast that with online training. Online learning materials are neatly organised on online platforms accessible to all employees whenever they need them.

As well as this, any tweaks or updates to the content can be made in just a few clicks; no costly reprints needed.

This means employees always have easy access to the most up-to-date learning materials.

It’s a cost-effective choice that makes sense for businesses of all sizes.

New employees

Immediate online training for new employees is cost-effective due to its proactive approach to cybersecurity. Waiting for scheduled in-person sessions can leave new hires vulnerable, seen as potential weak links in security.

By providing instant online access to cybersecurity training, businesses can reduce their threat level.

Employees are immediately educated about security essentials, potential threats, protective measures, and reporting procedures.

This can enhance a company’s cybersecurity posture and minimise the potential costly consequences of successful attacks.

It is a wise investment in protecting your company from increasingly clever cyber threats, ultimately saving time associated with breaches and downtime.

Continuous learning

Online training offers the flexibility to adapt quickly. A training session can be created and delivered instantly online when a new threat emerges.
`
This ensures that employees stay up-to-date with the latest cybersecurity practices and aware of emerging threats.

By embracing continuous learning through online training, businesses can maintain a strong defence against increasing cyberattacks and reduce the potentially costly consequences of a successful attack.

As employers adopt online learning to develop their workforce, they are estimated to bring in 26% more revenue.

Online training is the new proactive and cost-effective approach to cybersecurity!

Flexible training

Online training provides a flexible approach tailored to your business’s specific requirements.

You have the freedom to customise the training content to meet the specific cyber needs of your employees or the internal policies.

Online platforms offer the opportunity to establish social forums, enabling employees to share their experiences, including raising awareness about recent phishing emails they’ve received.

This creates a strong cybersecurity culture within your organisation.

This adaptability ensures that your training aligns precisely with your business objectives, making it a valuable and cost-effective resource.

It empowers your employees to learn and grow in a manner that best benefits your organisation’s success.

Need more reasons to choose online training?

More reasons to choose online learning:

  • Gamification: Training is most effective when employees are motivated. Online training games can tap into natural competitiveness, which makes learning enjoyable.
  • Accessible to all: Online training is available to everyone, regardless of location, language, health or situational challenges.
  • The greener option: Studies show online courses use 90% less energy and emit 85% less CO2 per student compared to traditional in-person courses.
  • Time efficiency: Corporate eLearning typically requires 40–60% less time from employees than traditional classroom instruction.

If you’ve gotten this far, we assume you’re coming around to online learning as the most effective way to train your employees.

We agree. That’s why our training is 100% eLearning and hosted on our innovative in-house LMS. With over 15 years of experience, we’re here to help make your training beautifully simple. Discover our wide range of courses and get started today.

Bob’s Business announces CyberLearn, our innovative in-house LMS

At Bob’s Business, we’re always striving to deliver outstanding training experiences to our customers. It’s been our goal since we were founded in 2007, and it’s as accurate in 2023 as it was all those years ago.

Now, in what marks the sounding of the starting gun for our next phase of business evolution, we’re delighted to announce that our in-house Learning Management System’s full launch is complete.

That’s right – CyberLearn is live for all.

Developed in conjunction with Can Studios, CyberLearn is a customised version of their Training Post learning management system, tailored to our unique needs. This offers a host of benefits for organisations, including:

Tailored Learning Experience: With CyberLearn, we introduce a new era of personalised learning experiences. The platform’s versatile architecture allows for bespoke features and functionalities, ensuring that businesses receive training solutions tailored to their unique requirements.

Agile Development: Empowered by CyberLearn, we’re accelerating the pace of feature development and deployment. This agility translates to faster response times to customer needs and rapidly integrating new, value-driven features into the platform.

Scalability and Flexibility: CyberLearn has been architected to seamlessly scale with the evolving needs of businesses. The platform accommodates growth from small enterprises to large corporations while maintaining optimal performance and user experience.

Robust Data Security: By leveraging CyberLearn, we control data security measures completely. This ensures the utmost protection of organisational information, fostering an environment of trust and confidence.

“Our transition to CyberLearn is a testament to our dedication to innovation and customer-centric focus. This milestone reflects our commitment to equipping businesses with a dynamic learning platform that adapts to their needs and helps build positive cultures,” remarked Melanie Oldham, OBE, CEO at Bob’s Business.

“We are thrilled to collaborate with Bob’s Business in this endeavour. The specialised version of our Training Post LMS speaks to the flexibility and robustness of our platform. By joining forces, we are elevating the e-learning experience for Bob’s Business’s clients and showcasing the adaptability and power of Training Post.” commented Paul Hilton, CEO of Can Studios.

Ready to learn more about our Learning Management System? Contact a team member and discover how it can level-up your organisation’s training.

This month in data breaches: September edition

September has left the building, but while the kids are (finally!) back in school, for many businesses, the headaches have only just begun.

We speak, of course, about cybersecurity breaches. In this blog, we’ll look into how even the most security-conscious individuals and organisations can fall victim to cyberattacks – alongside sharing how your company can stay protected against similar threats.

Let’s get started.

September’s biggest data breaches

Topgolf Callaway

American sports equipment manufacturer giant Topgolf Callaway faced a significant data breach last month, putting the sensitive data of over a million customers at risk.

The company promptly emailed customers, explaining that a third party had breached their systems and accessed data, including names, shipping addresses, email addresses, phone numbers, order histories, passwords, and answers to security questions.

Fortunately, payment information remained secure and was not compromised in the breach.

This breach is particularly concerning because it also exposed data from affiliated brands under the Topgolf Callaway umbrella.

All affected customers were required to reset their passwords as a precautionary measure.

The identity of the party responsible for this breach remains unknown. However, the stolen data poses a serious threat, as it can be exploited for identity theft and phishing attacks.

This serves as a reminder of the necessity of a response plan.

By immediately informing those affected and enforcing a password reset, you can lessen the impact of an incident and heighten everyone’s awareness against potential follow-up attacks, such as a phishing email.

Digital ID and The Greater Manchester Police

Thousands of Greater Manchester police officers and staff have had their personal details compromised. This attack is linked to a third-party supplier, Digital ID, responsible for identity cards and lanyards for UK organisations.

The breach involved the theft of officers’ warrant card information, including names, ranks, photos, and serial numbers, through a ransomware attack.

While financial data remains secure, there are concerns regarding the safety of undercover officers and ongoing investigations.

The National Crime Agency (NCA) is actively investigating the Digital ID breach. Greater Manchester Police is working closely with the Information Commissioner’s Office (ICO), which will conduct its own enquiry.

This incident emphasises the risks of outsourcing sensitive data to third parties and highlights the pressing need for ongoing vigilance, especially in law enforcement and public safety organisations.

Pizza Hut Australia

Pizza Hut Australia also fell victim to a cyber-attack in September, exposing customer information and order details.

The breach came to light in early September, prompting immediate action from the company.

Phil Reed, the CEO of Pizza Hut Australia, informed customers via email about the incident. He stated that an ‘unauthorised third party’ had accessed some of the company’s data.

In response, Pizza Hut took swift action to secure its systems, engaged forensic and cybersecurity experts, and initiated an investigation to determine the extent of the breach.

The compromised data includes customer details and online order information, such as names, delivery addresses, email addresses, and contact numbers.

For registered accounts, encrypted credit card numbers and passwords were also accessed.

Approximately 193,000 customers were impacted and received guidance on avoiding potential future scams.

This incident highlights the importance of working with cybersecurity experts to minimise the impact of data breaches.

By collaborating with cybersecurity professionals, organisations can improve their overall security measures and decrease the likelihood of such incidents occurring in the first place.

What your organisation can learn from September’s data breaches

September’s data breaches stress a crucial lesson: cyber threats affect all.

Here are valuable lessons your organisation can take from these incidents to improve your cybersecurity systems.

  1. No one is exempt: Cyber threats spare no one. Regardless of the size or industry of your organisation, it’s important to remain alert to attacks. Regular assessments can help identify vulnerabilities and weaknesses before attackers do.
  2. Effective response planning: Developing and regularly updating an incident response plan is crucial. It enables swift and effective action during a breach to mitigate its impact.
  3. Third-party risk management: If your organisation relies on third-party suppliers like Digital ID, ensure they adhere to robust cybersecurity standards. Protecting your data is a shared responsibility.
  4. Education and awareness is key: Educate your employees on essential cybersecurity practices, including phishing awareness, password security, and defence against social engineering tactics.
  5. Invest in training: Invest in cybersecurity training for your employees. A well-informed employee is a critical defence against cyber threats.

How can Bob’s Business help you avoid cyber breaches

At Bob’s Business, we offer affordable awareness training solutions designed to give employees the knowledge they need to protect their data and their organisation.


As part of our dedication to supporting organisations in strengthening their cybersecurity, we’ve created a free Cybersecurity Awareness Month Pack for your organisation.

This resource pack is designed to help you improve your security and reduce the risk of cyberattacks. Click here to get your free pack.

Cybersecurity Awareness Month 2023 at Bob’s Business

October is Cybersecurity Awareness Month, and this year is particularly special as we mark the 20th anniversary.

Since 2003, the National Cyber Security Alliance has teamed up with the government and private industries to increase cybersecurity awareness in a bid to help users prevent cyber attacks.

This year’s theme is “Secure Our World”, as it aims to promote cybersecurity tips and best practices that are not restricted to October but can be followed throughout the year.

In this blog, we’ll take a closer look at some of the significant data breaches from the past year, and review the NCSA’s recommended best practices for cybersecurity going forward.

Let’s get into it!

What can we learn from the last 12 months of data breaches?

Northern Ireland Police (PSNI)

In August, a monumental data breach occurred when sensitive information, of nearly 10,000 PSNI staff, was exposed online for three hours.

This breach highlighted the importance for ongoing employee training and awareness initiatives, especially in large organisations where attacks can have a long tail and substantial impact.

MOVEit

June 2023 witnessed a widespread data breach affecting over 100 organisations. The Clop ransomware gang constructed the breach.

This incident has reminded us of how important it is to implement strong cybersecurity measures. This includes proactive security measures, keeping your security up to date, and having an incident response and reporting plan to respond to incidents like this.

NHS

During the year, thousands of NHS patients’ data leaked due to a phishing attack.

The attacker accessed an employee’s email account containing confidential patient information, highlighting the risks of phishing.

This stressed the importance of thorough employee training and regular security policy reviews.

Pepsi:

In February, Pepsi experienced a data breach from a malware attack on its payroll systems.

This breach exposed employee data, including names and social security numbers, stressing the need for continuous software monitoring and updates.

These 2023 data breaches provide a reminder of the significance of cybersecurity awareness and the best practices to follow to protect sensitive information.

Four key practices for year-round cybersecurity

Create strong passwords and use a password manager

We have all encountered a friend or colleague with a password that ends in the infamous “123.”

These kinds of passwords, while easy to remember, are also the first ones potential hackers might guess.

It’s no secret that they provide little protection.

Three tips to strengthen your password security:

  1. Use three random words: Picking three unconnected, random and memorable worlds will ensure your password is easy to recall but hard to crack.
  2. Mix in numbers and symbols: By incorporating a combination of numbers and symbols, you significantly increase the complexity of your password.
  3. Never use the same password twice: It’s a golden rule of password security – never reuse passwords across different accounts.

However, remembering unique and complex passwords for every service can be tricky, which is why using a secure password manager is recommended.

A password manager can safely store all your passwords with the only requirement of remembering one password.

Turn on Multi-Factor Authentication

Multi-Factor authentication (MFA) is like an extra lock for your digital doors, available to all and strongly recommended. If someone somehow guesses your password, MFA acts as a second line of defence.

Even with your password, they can’t access your information without your active involvement. Users should set up MFA in a way that requires a secondary code sent to another device when a password is entered.

This extra step helps to verify your identity.

Recognise and report phishing

Phishing attacks are a growing problem and have evolved significantly over the last 20 years, becoming increasingly sophisticated.

This Cyber Awareness Month aims to educate users on how to spot and report phishing attacks before any consequences occur.

Telltale signs of phishing:

  • Urgent or alarming language
  • Requests for personal and financial information
  • Poorly written or misspelt messages
  • Incorrect email addresses, domain names, or links (e.g., “facbook.com”)

Reporting protocols:

  1. If you suspect phishing, report it to protect yourself and others.
  2. When in doubt, forward the message to your security team.
  3. Don’t reply, click on attachments, or follow any links, including “unsubscribe” links. .

By following these simple steps, you can play a crucial role in staying safe from phishing attempts and keeping your information secure.

Update your software

Although that “new update available – click now” button might sometimes seem inconvenient, skipping these updates can leave you open to attacks.

Updates fix problems and patch security holes, preventing hackers easy access.

  • Check for notifications: Keep an eye on notifications from your devices and applications, and manually check for updates in web browsers and antivirus software. Install Updates
  • Act promptly: When software updates pop up, especially the important ones, don’t delay. Install them right away.
  • Turn on automatic updates: Protect your data further by turning on automatic updates. Your devices will handle updates as soon as they’re available.

How can Bob’s Business help you this cybersecurity month and beyond?

At Bob’s Business, we know that raising employee awareness is a year-round process!

That’s why we offer uniquely engaging training courses to enhance your security and truly effective phishing simulations for organisations of all sizes.

In addition, this Cybersecurity Awareness Month, we have created a free Cybersecurity Awareness Month Pack, especially for your organisation.

This pack will provide you with the resources to enhance your security, including checklists, email templates, and password guides! Interact with the bot below 👇