Cyber breaches are relentless and pose ongoing challenges for organisations to protect their data.

The reality is that no organisation, regardless of size or industry, is immune to the potential consequences of a data breach (we hate to be the ones to tell you!).

In this blog, we will focus on learning from real-life examples of businesses that navigated and recovered from cyber breaches.

Examining their experiences gives us insights into practical strategies for enhancing resilience and security.

Let’s get into it!

Activision

In early December 2022, Activision, a prominent video game maker, fell victim to a data breach.

Hackers exploited an employee through SMS phishing, gaining unauthorised access to the company’s internal systems.

An in-depth analysis of the leaked data by ‘Insider Gaming,’ a respected video game publication, revealed that the breach exposed extensive employee details such as full names, email addresses, phone numbers, salaries, and work locations.

Following an investigation, it was determined that no sensitive employee data, game code, or player data was accessed.

Notably, a Slack account owned by an Activision employee provided hackers an entry point, enabling them to deceive other employees into clicking malicious links.

This breach was attributed to human error, as an unwitting employee clicked on malicious links within an SMS phishing text, inadvertently enabling the breach.

Upon discovering the breach, Activision’s dedicated information security team swiftly initiated countermeasures to address the SMS phishing attempt and rectify the situation.

Activision’s rapid response and comprehensive investigation effectively curtailed the breach’s impact.

This incident shows the importance of addressing human error and rapidly securing sensitive information.

It serves as a reminder that continuous cybersecurity training and vigilant practices are essential within organisations to avoid similar breaches.

Cathay Pacific

In October 2018, Cathay Pacific, Hong Kong-headquartered airline, unveiled a security breach that had occurred in 2014 yet had remained completely undetected.

This incident involved unauthorised entry by hackers into their systems, compromising sensitive passenger data, which included personal information like names, contact details, and passport information.

A hacking group had utilised password-stealing malware to breach administrative systems, affecting 9.4 million global passengers.

The breach was attributed to human error, as a lack of robust password security measures allowed hackers to exploit cyber vulnerabilities and gain access to the airline’s systems.

In response to this breach, Cathay Pacific undertook a series of comprehensive measures to enhance their cybersecurity.

These measures included a dedicated focus on data governance, network security protocols, stringent access controls, comprehensive cybersecurity education programs for employees, and an advanced incident response framework.

Cathay Pacific also acknowledged the ongoing need to invest in evolving IT security systems due to the continuously escalating landscape of cyber threats.

As a consequence of this breach, the UK Information Commissioner’s Office (ICO) imposed a fine of £500,000.

This incident prompted the company to reiterate its commitment to collaborating with authorities and emphasise its dedication to protecting personal data.

This case highlights the crucial significance of proactive cybersecurity measures and the persistent drive for continuous enhancements to mitigate evolving cyber threats effectively.

Marriott Hotel & Resorts

In January 2020, Marriott Hotel & Resorts experienced a significant security breach caused by hackers exploiting vulnerabilities in a third-party application used for guest services.

The breach resulted from the compromised credentials of two Marriott employees, granting unauthorised access to 5.2 million guest records.

A human error led to records containing sensitive data such as passport details, contact information, gender, birthdates, loyalty account specifics, and preferences being compromised.

Marriott’s security team promptly intervened after detecting irregular activities and resolved the breach by the end of February 2020.

Subsequently, Marriott Hotels & Resorts faced a fine of £18.4 million.

The hotel chain contacted affected guests through emails, established a dedicated website, and introduced a call centre to assist guests.

These resources included a step-by-step guide to respond to the breach and details about enrolling in a personal information monitoring service for those affected.

A spokesperson from Marriott stated “Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems.” The U.K.’s Information Commissioner’s Office (ICO) subsequently reduced the data breach penalty for Marriott to £14.4 million.

This adjustment underscores Marriott’s commitment to prioritising the security and privacy of guest data going forward.

How you can protect your business from cyber attacks

1. Implement strong password policies:
   Enforce complex passwords and regular updates for all accounts. Consider multi-factor authentication to add an extra layer of security.
2. Regular employee training:
   Educate your employees about the latest cyber threats, phishing scams, and best practices for identifying and reporting suspicious activities.
3. Update software and systems:
   Keep all software, applications, and systems updated with the latest security patches. Outdated software can be vulnerable to known exploits.
4. Network security measures:
   Employ firewalls, intrusion detection systems, and encryption protocols to safeguard your network and data from unauthorised access.
5. Data backups and recovery plans:
   Regularly back up your critical data to secure locations. Develop a robust data recovery plan to ensure business continuity in case of a cyber attack.

By adopting these proactive measures, your organisation can significantly reduce the risk of falling victim to cyber-attacks and protect sensitive information from potential breaches.

How Bob’s Business can help you

At Bob’s Business, we understand human error’s vital role in cyber attacks and the critical importance of protecting your organisation against potential breaches.

Our comprehensive cybersecurity awareness training empowers your employees with the knowledge and skills they need to become the first line of defence against cyber attacks.

Get in touch with us today to learn how Bob’s Business can partner with your organisation to enhance cybersecurity awareness and ensure a safer digital environment for your business.

The kids might be on their break, but cybercriminals and scammers haven’t slowed down, with August witnessing multiple notable data breaches with widespread implications for organisations like yours.

Let’s take a closer look at the causes of these breaches, the promptness of their handling, and explore potential strategies that could have averted these data breaches.

August’s biggest data breaches

Northern Ireland Police

On the 8th of August, the Northern Ireland Police encountered a data breach, exposing sensitive information.

For three hours, names, ranks, grades, work locations, and departments of nearly 10,000 PSNI staff were made public.

This breach, stemming from human error, has been deemed “monumental,” given the elevated terror threat level in the region.

The fallout from this breach is profound, directly impacting thousands of officers’ safety.

PSNI Assistant Chief Constable Chris Todd has confirmed steps have been identified to avoid similar errors from happening again.

John Edwards, the Information Commissioner at the ICO, emphasised that this incident’s gravity lies in demonstrating the substantial consequences that minor human errors can trigger.

This serves as a reminder of the importance of implementing robust measures for protecting personal data, especially in sensitive contexts.

The ICO is actively investigating the situation, collaborating with the PSNI to gauge the extent of data accessed during the exposure and devise effective mitigation strategies.

This event highlights the importance of ongoing, comprehensive personnel training to minimise the risk of human errors that can trigger such incidents.

The Electoral Commission

The Electoral Commission recently admitted to a security breach that originally took place in in 2021 that only came to public attention ten months later.

The breach, attributed to a hostile cyber attack, went unnoticed for a year, compromising data from 40 million votes, including names and addresses of registered voters from 2014 to 2022.

The breach’s origin, whether connected to a hostile state or a criminal cyber gang, remains uncertain.

Notably, private safety-related information and overseas voter addresses were untouched. The National Crime Agency is now prioritising efforts to bolster the electoral system’s cyber resilience.

This incident underlines the vulnerability of sensitive research data.

The breach’s prolonged invisibility highlights the necessity for secure monitoring and management practices.

It serves as a reminder that comprehensive cybersecurity measures are paramount for protecting against breaches and data compromises.

Discord.io

Discord.io, an online service facilitating customised links for Discord channels, has fallen victim to a data breach effecting an estimated 760,000 users.

Sensitive details, including passwords, usernames, Discord IDs, and billing addresses, are believed to have been exposed.

The third-party service has now shut down as a result. The breach was discovered when data was offered for sale by a Discord user on a hacking forum.

The exposure of billing addresses is relevant only to those who purchased before the service adopted Stripe.

While the compromised passwords were encrypted to industry standards, users with non-unique passwords are advised to update them across other platforms where similar passwords are used.

This incident underscores the importance of robust cybersecurity practices and the need to ensure password uniqueness to minimise risks stemming from breaches.

For guidance on creating the perfect password, click to read our comprehensive guide.

What can your organisation learn from these breaches?

By understanding the underlying causes of these breaches and implementing preventive measures, organisations can significantly mitigate their exposure to such risks.

1. Prioritise ongoing personnel training to minimise the risk of human errors.
2. Maintain consistent security monitoring and management practices.
3. Ensure password uniqueness to minimise risks stemming from breaches.
4. Implement robust cybersecurity measures such as firewalls, intrusion detection systems, and encryption protocols.
5. Develop a comprehensive incident response plan and conduct drills for effective breach mitigation.

How Bob’s Business can help protect your organisation

As cyber threats intensify, ensuring that your employees receive effective cybersecurity training is more critical than ever.

As the UK’s Most Trusted Cybersecurity Awareness Training Provider, we offer your organisation engaging and interactive eLearning modules perfectly created to empower your employees with the expertise to secure your organisation.

Get in touch today to learn more about how we can help protect your organisation.

Whether they know it or not, leaders play a pivotal role in shaping an organisation’s cybersecurity culture.

A leader’s guidance protects a company’s cybersecurity and cultivates a team-wide mindset dedicated to effectively safeguarding the company.

Cybersecurity culture encompasses the shared attitudes, behaviours, and practices that an organisation adopts to safeguard its digital assets.

As the landscape evolves with increasingly sophisticated cyber threats, establishing a cybersecurity culture becomes essential for mitigating these risks and protecting the organisation’s overall success.

This blog will provide insights into how leaders like you can effectively create a strong cybersecurity culture in your organisation.

4 ways to create a robust cybersecurity culture

Awareness and education

Within an organisation, navigating the complex terrain of cybersecurity demands a comprehensive understanding.

The first brick in our cybersecurity culture foundation is awareness and education.

Every individual, from the C-suite to the intern, must grasp cybersecurity’s significance and its repercussions.

But it’s not just about knowing the theory; it’s about a continuous journey of learning and implementation.

Regular training, webinars, and resources should light the path to cyber literacy, keeping everyone informed about the latest threats and best practices.

Continuous learning and adaptation

Cybersecurity is a realm of perpetual turbulence, with new threats constantly emerging.

To stand strong, your cybersecurity culture must embrace continuous learning and adaptation.

Regularly levelling up skills and knowledge and promptly adjusting strategies to counter emerging challenges become paramount.

By fostering a culture that thrives on agility and preparedness, an organisation equips itself to navigate the digital realm confidently.

Overcoming challenges

Leaders are at the forefront of guiding their organisations through challenges to establish a resilient cybersecurity culture.

Maintaining clear and consistent communication about cybersecurity’s significance is crucial when addressing resistance to change.

To bridge knowledge gaps and alleviate concerns, tailored training programmes can boost everyone’s confidence.

Encouraging open conversations and providing straightforward ways to report concerns builds trust and fosters active participation in creating a secure environment.

Organisations can overcome challenges and nurture a robust cybersecurity culture with dedicated leadership.

The role of leadership – Setting the tone from the top

Leadership’s role in shaping a strong cybersecurity culture cannot be overstated.

Their commitment, communication, and ability to foster transparency set the foundation for a collective dedication to safeguarding digital assets.

Leading by example

Effective leadership starts with leading by example.

A leader’s role is to showcase the cybersecurity practices they expect from their team.

This demonstrates a commitment to maintaining a secure environment.

Demonstrating commitment to cybersecurity

Emphasising the significance of cybersecurity is crucial, with a leader’s dedication to security protocols, the importance of safeguarding digital assets is highlighted.

Communication and transparency

Leaders should establish open communication and transparency to ensure team members have easy access to information, promoting effortless engagement in cybersecurity matters.

Regularly communicating security policies and updates

Regular communication of security policies and updates is essential.

This practice ensures that all team members are informed and aligned with the organisation’s security objectives, promoting consistency.

Fostering an open environment for reporting concerns

Leaders should create an environment where team members feel comfortable reporting security concerns without fear of consequences.

This promotes a proactive threat response and a culture of collaboration.

How can Bob’s Business help?

Leaders need to prioritise awareness, accountability, adaptability, and effectively overcoming challenges within a company to protect its digital assets.

It’s essential to recognise that a cybersecurity culture is not a static goal but a continuous improvement journey.

As cyber threats constantly evolve, education and adaptation become imperative.

That’s where Bob’s Business comes in.

Bob’s Business offers specialised training programmes for employees, tailored to every organisation and designed to be effective from the CEO down to interns.

Click here to explore our training solutions and start discovering how we can help you build the strong foundation your employees need from you.

Join our CTO, Tanmoy & Wigan Council’s CTO, Dave, as they unravel the secrets to turbocharging your organisation’s cybersecurity practices.

📅 When: October 11th, 2023, 3:00 PM (UK Time)
🎙️ Host: Tanmoy Hossain, CTO, Bob’s Business
🎤 Guest Speaker: Dave Pearce, CTO, Wigan Council
💷 Cost: Free

Who should attend?

This webinar is perfect for individuals like you; whether you’re already running cybersecurity awareness campaigns or looking to get one off the ground, this event is designed with your needs in mind.

Why attend?

• Discover innovative ways to integrate cybersecurity into your company culture effectively.
• Learn from real-world experiences and insights shared by industry experts.
• Get valuable tips and strategies to enhance your existing training initiatives.
• Network with like-minded professionals from various industries.
• Explore success stories and best practices from Wigan Council, a satisfied Bob’s Business client.

Secure your free ticket HERE.

As organisations harness the power of the digital realm to drive growth and efficiency, they must also acknowledge the lurking threats that support this progress.

The truth is no system is resistant to cyber attacks.

But rather than creating a blame game around employee behaviour or sweeping mistakes under the carpet, the key path to cyber resilience lies in cultivating a culture of learning, adaptation, and growth.

In this blog, we will dive deep into the world of cyber resilience and cover the five pillars of high-quality cyber resilience. Let’s get started.

Embracing the learning curve

In the world of cybersecurity, mistakes are not merely setbacks; they are growth opportunities.

Organisations that understand this fundamental truth can evolve from a reactive stance to a proactive one.

When an employee falls victim to a phishing email or accidentally exposes sensitive information, the natural instinct might be to assign blame.

However, forward-thinking organisations understand that blame does not breed resilience; education does.

By viewing these incidents as teachable moments, companies can elevate their cybersecurity awareness to new heights.

Instead of punishing an employee who clicked on a malicious link, they can choose to educate them about the telltale signs of phishing scams.

By doing so, not only does the individual become more vigilant, but the entire organisation becomes more fortified against similar attacks in the future.

Cultivating a culture of accountability

The blame game serves no one in the realm of cybersecurity.

When employees fear punitive measures for making mistakes, they are more likely to hide errors rather than address them.

This creates a dangerous environment where vulnerabilities remain unaddressed, waiting to be exploited by cybercriminals.

Organisations can break this cycle by fostering a culture of accountability.

This starts from the top, with leadership setting an example by openly acknowledging their own mistakes and demonstrating a commitment to learning from them.

When employees see that even the highest-ranking individuals are not immune to errors, they are more likely to come forward with their own missteps.

Learn from near misses

Near misses are meticulously studied in the aviation industry to prevent future accidents.

Similarly, in the world of cybersecurity, near misses or close calls can provide valuable insights into potential vulnerabilities.

Organisations should commend them for vigilance rather than disciplining an employee who narrowly averted a cyber attack and then delve into the details of the incident.

Organisations can identify weak points in their defence systems by dissecting what went wrong and what factors contributed to the near miss.

This proactive approach allows for corrective measures to be put in place before a real attack occurs.

Just as pilots analyse near misses to enhance aviation safety, organisations can turn close calls into opportunities to fortify their cybersecurity.

The power of continuous learning

Cyber threats are constantly in flux, with attackers devising new strategies and techniques regularly.

To keep pace with this ever-changing landscape, organisations must adopt a mindset of continuous learning.

This means staying updated on the latest threats and vulnerabilities and consistently educating employees about best practices and safe behaviours.

Organisations should embrace ongoing cybersecurity awareness programs rather than relying on a one-time training session.

These programs can include interactive workshops, simulated phishing exercises, and real-world case studies.

By making cybersecurity education engaging and relevant, employees are more likely to retain and apply the information in their day-to-day activities.

Turning mistakes into milestones

It’s important to reframe the concept of mistakes within the realm of cybersecurity.

Instead of viewing them as failures, organisations should see them as milestones on the path to becoming more resilient.

When properly analysed and addressed, each mistake brings the organisation closer to a stronger defence against cyber threats.

In this journey, transparency is key.

Rather than hiding breaches or incidents, organisations should openly communicate with employees about what occurred, what steps were taken to rectify the situation, and what lessons were learned.

This instils trust within the workforce and encourages a sense of collective responsibility for cybersecurity.

In conclusion…

Organisations must abandon the outdated notions of blame and shame and embrace a culture of learning and adaptation.

By recognising mistakes as opportunities for growth, cultivating a culture of accountability, and adopting a mindset of continuous learning, organisations can build a robust defence against cyber threats.

How can Bob’s Business help your organisation?

At Bob’s Business, we are dedicated to helping organisations like yours in addressing the dynamic realm of cybersecurity and compliance risk.

Recognising that 90% of breaches stem from human error, we empower your workforce with the knowledge and resources required to recognize and minimise potential threats.

Designed to foster cybersecurity-conscious environments within businesses, our cost-effective and accessible training options are carefully crafted to deliver enjoyable and effective learning experiences.

If you’re ready to kick-start your cyber secure journey, click here to check out our range of products.

Everyone knows that training your team is essential, and most know that when a new starter joins your company, onboarding is the ideal time to embed positive security practices. We even wrote a free guide about it!

But what about when a staff member is about to leave? That’s where cybersecurity offboarding comes into play.

As employees bid farewell to your company, it’s essential to focus not only on heartfelt goodbyes but also on securing your valuable digital assets.

In this blog, we’ll delve into the best methods to ensure that your data remains safe and sound when employees leave.

So, buckle up and get ready to explore the world of cybersecurity offboarding. Let’s dive in!

Understanding the importance of cybersecurity offboarding

When an employee decides to move on from your organisation, it’s more than just a personnel change; it’s a critical moment for your data security.

Failing to prioritise cybersecurity offboarding can have severe consequences, ranging from data breaches to unauthorised access, potentially leading to financial losses and reputational damage.

Think about it: an ex-employee with access to sensitive information could pose a significant threat if their departure wasn’t handled correctly. It’s not a matter of mistrust; it’s about being proactive and protecting your organisation’s assets.

By embracing cybersecurity offboarding, you demonstrate a commitment to protecting your business, employees, and customers.

This practice reflects responsible corporate governance, compliance with data protection regulations, and a dedication to maintaining the trust placed in your organisation.

Building a robust offboarding process

Creating a solid offboarding process should be as important as creating an onboarding procedure.

The process should be well-documented and comprehensive, leaving no room for oversights.

It starts with clear communication among relevant departments, such as HR, IT, and management.

HR plays a vital role in initiating the offboarding process as soon as an employee gives notice. This allows ample time for all necessary steps to be carried out efficiently.

The IT department then removes access rights, deactivates accounts, and retrieves company-issued devices.

Having a clear checklist and timeline in place ensures that no crucial steps are missed, minimising the risk of potential data breaches.

A well-coordinated offboarding process protects your organisation and ensures that departing employees leave on a positive note, feeling respected and valued.

Securing devices and data

Employees use various devices and platforms to perform their duties, making it crucial to secure these assets during the offboarding process.

Company-issued laptops, smartphones, and access credentials can act as gateways for unauthorised individuals to gain access to sensitive information.

To address this, ensure that all company devices are returned and thoroughly inspected before being assigned to new employees.

Devices should be wiped of company data and applications, leaving them clean for the following user.

Additionally, data stored on cloud platforms and other shared repositories must be reviewed and restricted appropriately.

By controlling access to company data, you maintain a strong line of defence against potential security breaches.

Educating employees about offboarding

Your employees are your organisation’s first line of defence, and educating them about the offboarding process is essential.

While it’s natural to focus on the technical aspects, it’s equally vital to create awareness among employees about their role in data security during offboarding.

Encourage employees to report any suspicious activity related to departing colleagues, such as unusual login attempts or unauthorised access to resources.

By fostering a culture of vigilance, you strengthen your organisation’s security posture.

Offer training sessions or workshops highlighting data protection’s importance during offboarding.

Make it engaging and relatable, using real-life examples and scenarios.

This approach ensures that your employees understand the potential risks and are actively invested in keeping your data safe.

The offboarding checklist

Here’s a comprehensive offboarding checklist to guide you through this crucial process:

1. Initiate the offboarding process: HR should kickstart the offboarding process as soon as an employee announces their departure, ensuring ample time for all necessary steps.
2. Notify relevant departments: Inform IT, security, and management about the upcoming offboarding to coordinate efforts effectively.
3. Account and access review: Review and revoke access rights to company systems, databases, and applications. Ensure that accounts are disabled promptly.
4. Retrieve company devices: Collect and thoroughly inspect all company-issued devices to erase data and prepare them for reassignment.
5. Transfer knowledge: Encourage departing employees to share knowledge and documentation, facilitating a smooth transition for their successors.
6. Conduct exit interviews: Use exit interviews to gather feedback and understand why the employee departed.
7. Update employee records: Ensure that all employee records and documentation are updated to reflect the departure.
8. Communicate with team members: Notify the team about the employee’s departure, providing clear information about who will assume their responsibilities.
9. Maintain professionalism: Encourage a positive atmosphere during the offboarding process, allowing departing employees to leave on a good note.
10. Monitor for anomalies: Keep an eye on account activities after the employee’s departure to detect any unauthorised access attempts.

With this comprehensive guide and checklist, you now have the tools to bid farewell to departing team members securely and confidently.

Let this practice be a cornerstone of your organisation’s commitment to data protection and trustworthiness.

How can Bob’s Business help?

Recall our discussion on the importance of the human factor? That’s what Bob’s Business specialises in. Educating your employees to become your first line of defence.

With a wealth of expertise in cybersecurity and data protection, Bob’s Business offers eLearning courses that transform cybersecurity awareness within your organisation.

Through interactive and immersive modules, employees can grasp complex security concepts easily, and learn how to identify and respond to potential threats effectively.

We are committed to creating a cyber-smart culture, equipping your workforce with the knowledge and skills to protect sensitive data and your organisation from evolving cyber risks.

Explore our range of products today.

Since its launch in 2003, LinkedIn has grown to become not only the largest professional social network but also a vital cog in the marketing machinery of companies and one of the world’s biggest recruitment platforms.

With over 930 million users across 200 countries, there’s no denying that it’s an incredibly valuable platform, but as with any social media – it isn’t without its risks to cyber health.

In this blog, we’re going to take a deep dive into the cybersecurity threats posed by Linkedin and share what you (and your team!) can do to mitigate those threats. Let’s get started.

The five LinkedIn threats you need to look out for

Hacking and account takeover

By far the most common threat on LinkedIn is that of hacking and account takeover. Where weak or reused passwords appear, so do cybercriminals looking to take advantage.

Once a cybercriminal has access to your account, they can utilise your network to spread spam, launch phishing attacks, spread misinformation or even impersonate you for their own financial gain. Remember, only some voices on LinkedIn can be trusted!

Protecting against hacking and account takeovers:

• Use strong passwords: Create strong and unique passwords for every website you use. Utilise a combination of upper and lower case letters, numbers and special characters.
• Turn on two-factor authentication (2FA): LinkedIn supports 2FA as standard, ensuring that even if your password is compromised, a criminal would still need a secondary authentication method to get into your account.
• Update old passwords: That old faithful password may not be so faithful anymore. Use websites like haveibeenpwned.com to see whether it has been revealed in a breach, and make sure you replace old passwords when possible.

Phishing scams

Once a cybercriminal gains access to a LinkedIn account, they’re able to make use of it in any way they please. Oftentimes, that means deploying phishing scams.

Phishing scams are deceptive attempts to trick users into revealing sensitive information, such as login credentials, financial data, or personal details.

LinkedIn users may encounter phishing attacks through emails, messages, or even fake LinkedIn profiles that appear authentic.

These cyber-threats can be particularly dangerous as they exploit human trust and curiosity. For example, posing as a senior manager in your organisation may contact a new starter requesting confidential information.

How to stay protected from phishing scams:

• Remain vigilant: Always keep a close eye out for unusual activity on an account, and if you aren’t sure you trust the person you’re talking to – don’t reply.
• Avoid clicking unknown links: Phishing attempts often trick you into clicking through fear or reward. Avoid clicking unknown links, especially if they ask you to log in or provide personal information.
• Train your team: Phishing attacks are the most common type of attack. Through effective phishing training, you raise the resilience level within your organisation.

Identity theft

LinkedIn profiles contain a staggering amount of information about both our personal and private lives. Your LinkedIn profile contains a huge digital footprint, whether it’s your location, job role, employer, personal achievements, hobbies or interests.

With just a single LinkedIn profile, it’s astonishingly simple for a cybercriminal to commit identity fraud.

How to safeguard against identity theft:

• Limit sensitive information: Avoid including excessive personal details on your LinkedIn profile that could be used for identity theft.
• Monitor account activity: Regularly review your LinkedIn account activity to ensure unauthorised individuals make no suspicious changes or posts.
• Report fake profiles: If you come across a fake profile using your identity, report it immediately to LinkedIn.

Job offer scams

LinkedIn’s success as a recruitment tool has led to an increase in job offer scams, in which scammers post fake job offers or internships to lure job seekers. Such offers may lead to financial losses or identity theft.

How to spot job offer scams:

• Verify the listing: Go to the company’s LinkedIn page and check to see if the listing is legitimate.
• Apply directly: Consider visiting the company’s website directly to apply.
• Check the listing: Look out for odd use of language and imagery, as these can be tip-offs of an illegitimate job posting.

Malware distribution

LinkedIn users may unknowingly encounter malware distribution, where cybercriminals disseminate malicious software through seemingly harmless links or attachments. Malware can infect your device and grant hackers unauthorised access to your data or use your device for illegal activities.

Protecting against malware:

• Use updated antivirus software: Ensure your device has reputable antivirus software installed and kept up to date.
• Scan attachments: Before downloading any attachments from LinkedIn messages, scan them for malware using your antivirus software.
• Be cautious with third-party links: Avoid clicking on links shared by unknown or untrustworthy sources.

How training helps protect you and your team online

While social networks like LinkedIn have proven their value for organisations time and time again, it’s clear that they aren’t without their risks.

With 90% of data breaches occurring as a result of human error, the only certainty in business is that it’s only a matter of time before an employee makes a mistake.

At Bob’s Business, we help organisations of all sizes slash their cyber risk with cybersecurity eLearning that leverages proven psychological principles and engaging content.

Curious to learn more? Click here to discover our cyber awareness product range.

In recent years, artificial intelligence (AI) has advanced remarkably to the point where it can answer in a human-like manner, support advanced search functions, and even create astonishingly realistic media.

That latter advancement includes videos designed to deceive viewers into believing something that never actually happened.

These deceptive videos are commonly known as deepfakes, and they have become a significant concern due to their potential to cause harm, spread misinformation, and facilitate various scams.

In this blog post, we will explore what deepfakes are, how they are created, their applications, and most importantly, how organisations can detect and prevent employees from falling victim to them.

So without further ado, let’s get to it.

What are deepfakes?

Deepfakes are a form of manipulated media generated by AI using deep learning algorithms.

These algorithms train themselves on extensive datasets to create convincing fake content of real people, such as videos and audio, portraying them saying or doing things they never did in reality.

Unlike simple manipulations like photoshopping or CGI, deepfakes involve minimal human input.

Users only decide whether to accept or reject the AI-generated content after it is created.

This sets deepfakes apart from “shallowfakes,” which are AI-generated images combined with misleading information but still require human control during the entire process.

The most common method for creating deepfakes involves deep neural networks and face-swapping techniques.

A target video is chosen as the base, and a collection of video clips featuring the person to be inserted are used.

These clips can be unrelated, such as a Hollywood movie scene and random YouTube videos.

Deep learning algorithms then map the features of the person in the clips onto the target video, making the deepfake appear authentic.

Example of a deepfake scam

A recent troubling incident involved a deepfake video exploiting MoneySavingExpert.com founder Martin Lewis.

In this fraudulent video, AI was used to mimic both his facial expressions and voice, falsely promoting an app supposedly linked to Elon Musk, the owner of Tesla and Twitter.

The video depicted what seemed to be Martin sitting in his office discussing an investment opportunity named ‘Quantum AI,’ misleadingly labelled as ‘Elon Musk’s new project.’

The imitation was strikingly convincing, as the computer-generated version flawlessly replicated Martin’s voice, intensifying the deception. The scam even included branding similar to ITV’s This Morning, a show Martin frequently appears on.

Scary, right?

How to detect deepfakes

As deepfake technology evolves, detecting them becomes more challenging. However, there are some indicators to look out for:

1. Blurry details: Deepfakes may have blurry skin, hair, or faces that seem less detailed than their surroundings.
2. Unnatural lighting: The lighting in deepfakes might not match the lighting of the target video.
3. Mismatched audio: The audio in deepfakes may not sync perfectly with the person’s movements.
4. Source reliability: Verify the credibility of the source and consider performing reverse image searches to validate the content’s authenticity. Don’t take action the first time you see something.

How to prevent deepfakes

The responsibility of detecting deepfakes should not solely fall on individuals.

Organisations like yours can take proactive measures to combat deepfake scams:

Development of detection technology

Tech companies should invest in developing invisible watermarks or digital fingerprints that signal the source of the image or video.

AI-powered detection platforms

Utilise AI-powered detection platforms like Sensity, which alerts users when they encounter AI-generated media with telltale fingerprints. Be aware, however, that AI detection platforms are in their infancy and cannot be fully trusted.

Two-way verification for financial transactions

Implement a robust two-way verification process for financial transactions.

Require a phone call or face-to-face confirmation for significant transactions, especially those involving fund transfers or sensitive financial information.

Invest in education and awareness

In the long term, the most effective approach to combat deepfake scams involves education, awareness, and fostering a critical mindset among the public.

People should be encouraged to verify sources, seek corroborating evidence from reliable sources, and refrain from jumping to conclusions based solely on images or videos.

How Bob’s Business can help your organisation protect against deepfakes and generative AI

At Bob’s Business, we’re always on the front foot when it comes to emerging cybersecurity risks. That’s why we’ve built a brand new AI Safety module to give your employees a comprehensive understanding of modern AI systems and how they function.

From recognising potentially insecure AI interactions to grasping the benefits and potential risks of tools like chatbots, our course will empower your team to confidently navigate the world of AI.

By the end of the course, participants will be able to identify how AI tools function, exercise caution in AI applications and be well-versed in real-life AI threats.

Embrace the future with confidence and let Bob’s Business be your trusted partner in understanding and mitigating the risks of AI.

Both offline and online retailers have felt the impact of cyber-attacks targeting the sector.

Cybercriminals follow the money, and with the UK retail sector seeing a total of £403 billion worth of sales in 2020, it’s no surprise that the retail sector has long been in their sights.

It’s a reality that poses real issues for the sector. In this blog post, we’re going to discuss five challenges that fashion retailers specifically face when it comes to cybersecurity.

So grab a cup of coffee, and let’s get started!

The five cybersecurity challenges for fashion retailers

Challenge 1: Data breaches

Data breaches pose a significant threat to fashion retailers. Personal customer information can be compromised, including credit card details and contact information.

The financial impact can be eye-watering, with the average cost of a data breach reaching $2 million (£1.5 million).

These breaches occur when cyber-criminals gain unauthorised access to sensitive customer information like credit card details or personal data.

This can damage a retailer’s reputation. leading to financial losses and legal troubles.

However, there are ways to overcome this challenge!

• Firstly, tighten up security measures by using robust encryption techniques and implementing strong passwords.
• Regularly update your software to patch any vulnerabilities that hackers might exploit.
• Educate your employees about cybersecurity best practices to ensure they don’t fall for phishing scams or other trickery.
• Also, consider investing in a reliable and up-to-date cybersecurity solution to detect and prevent suspicious activities on your network.

Challenge 2: Phishing attacks and social engineering

Phishing attacks and social engineering are common tactics used by cybercriminals to gain access to retail operations.

These attacks target human vulnerabilities, aiming to steal login credentials and exploit employees.

Phishing attacks and social engineering are prevalent in retail, accounting for 77% of attacks.

To counter this challenge, retailers can begin preventing such attacks with these simple steps:

• First and foremost, educate your team about the telltale signs of phishing emails or suspicious phone calls through robust phishing training.
• Encourage them to think twice before clicking on any unfamiliar links or providing personal information to unknown sources.
• Implement email filters and firewalls to block phishing attempts, and regularly update your security software to stay one step ahead of these crafty fraudsters.
• Additionally, foster a culture of open communication where employees feel comfortable reporting any suspicious activities or incidents promptly.

Challenge 3: Point-of-Sale (POS) vulnerabilities

Hackers are constantly looking for weaknesses in POS systems to compromise customer payment information.

These vulnerabilities refer to weaknesses in the software or hardware used in the checkout systems, allowing hackers to steal sensitive payment information or manipulate transactions.

Firstly, ensure that your POS systems are regularly updated with the latest security patches and firmware updates. Use strong and unique passwords for each device, and enable multi-factor authentication for added protection.

Regularly monitor and analyse your system logs to detect any suspicious activities or anomalies. Implement encryption to protect data in transit and at rest, you should also restrict access to the POS systems to authorised personnel only.

Lastly, consider conducting regular vulnerability assessments and penetration testing to identify and address any potential weaknesses.

By implementing these measures, retailers can protect their customers and reputation.

Challenge 4: Balancing security and customer experience

Fashion retailers strive to provide seamless and enjoyable shopping experiences. However, cybersecurity measures can sometimes create friction for customers.

Finding the right balance between security and convenience is crucial.

On one hand, you want to provide your customers a seamless and convenient shopping experience. On the other hand, you need to ensure robust security measures to protect their sensitive information.

Implementing stringent security measures, such as multi-factor authentication or additional verification steps, may enhance protection but could potentially inconvenience customers.

Therefore, it’s important to find solutions that prioritise both security and user experience.

This could involve leveraging advanced technologies like biometric authentication and face ID to streamline security processes without compromising convenience.

Regularly gathering feedback from customers and conducting usability testing can also help identify areas where improvements can be made.

Challenge 5: Employee awareness and training

As 85% of all cyber-attacks have a human element, as highlighted by the Verizon Data Breach Investigations Report (DBIR), employees play a crucial role in the cybersecurity defences of fashion retailers.

Think of it as arming your team with the knowledge and skills they need to tackle cybercriminals’ tactics.

By educating your employees about cybersecurity best practices, such as identifying phishing emails, creating strong passwords, and recognising social engineering attempts, you empower them to be the first line of defence.

Invest in regular training or even fun quizzes to keep the information fresh in their minds.

Encourage open communication so employees feel comfortable reporting any suspicious activities promptly.

Investing in cybersecurity awareness training can create a united front against cyber threats and ensure everyone is equipped to protect your business and customer data.

How Bob’s Business can help your retail organisation

In the face of cybersecurity challenges in the retail industry, Bob’s Business is here to empower retailers and help them overcome these obstacles.

With our comprehensive cybersecurity awareness training programs and solutions, we transform your employees into cyber superheroes.

Our Human Vulnerability Assessment (HVA) assesses your organisation’s risks and customises the training rollout accordingly.

We go beyond traditional cybersecurity training. With animations, narratives, and humour to deliver engaging and bite-sized training modules that reflect the current and emerging threat landscape, we reinforce the importance of staying vigilant against social engineering attacks.

By choosing Bob’s Business, fashion retailers can build a cybersecurity culture, where every employee is equipped with the knowledge, confidence, and skills to protect your business and customers from cyber threats.

Let us help you become the cyber superheroes that protect your business, customers, and reputation in the digital world.