As part of November’s Hazard of the Month, Cyber Threats, we’re highlighting three key areas: Cyber Security, Internet, Email & Social Media, and Phishing Awareness.
Cyber Security
Cyber security is how both individuals and businesses can reduce the risk of a cyber attack.
The main purpose of cyber security is to protect our devices, such as smartphones, laptops, tablets and computers, the services we access both at work and at home, and the personal information we store on these devices from theft or damage.
To protect your business, all organisations should implement cyber security measures in order to protect the important data within the business. Actions you can take to improve your cyber security include:
- Creating separate passwords for your organisation critical accounts.
- Creating strong passwords using three random words.
- Saving your passwords in your browser.
- Turning on Two-Factor Authentication.
- Keeping your organisation device up to date.
- Backing up important organisation data and key contacts.
There are many types of cyber attacks, but the two that businesses are the most at risk from are:
- Untargeted attacks – indiscriminate attacks that target as many devices, services or users as possible, such as phishing. More on this later!
- Targeted attacks – these attacks have the potential to be the most damaging as your organisation has been specifically chosen as a target. Attacks like this may include a DDOS attack or spear-phishing, which are emails to specific individuals in the business that contain malicious software (either through an attachment or a link).
Make sure your cyber security is up to scratch with out Cyber Security Online Training Course. This course is suitable for anyone who uses the internet in any capacity. Get 10% off this course with the code ‘cyber10’!
Internet, Email and Social Media
Many employees may use social media using work facilities and equipment, either as part of their job role or recreationally during breaks. When using company devices, or referencing the business on social media, it is vital that employees act responsibility in order to minimise risks to the business.
Actions that could harm the business include using social media to:
- Defame the company, customers, or staff
- Bully, harass or discriminate against staff or third parties
- Express opinions on behalf of the company (barring instances where this falls under the job role, e.g. marketing, or direct permission has been given)
- Sharing business-related topics such as performance, trade secrets, confidential information or intellectual property
- Share the contact details of professional connections
Employees have a responsibility to use social media reasonably – which should be set out clearly in an employee handbook or policy, and communicated to all staff.
Give your employees the information they need to follow internet, email and social media use guidelines with our Internet, Email and Social Media Online Training. This course is suitable for both employees and the managers responsible for them. Get 10% off this course with the code ‘cyber10’!
Phishing Awareness
Phishing is a technique used by cyber attackers to attempt to trick users into following links that will take them to a dangerous website, or download malware. The most common form of phishing, especially in a work environment, is via email, which may come in the form of a mass campaign where many businesses are affected, or a targeted campaign, where the attacker may use information about your employees or company to appear more realistic.
The best defence against phishing attacks is a multi-layered approach. Guidance from the National Cyber Security Centre suggests four layers of mitigations:
- Make it difficult for attackers to reach your users – this could include blocking or filtering phishing emails, implementing anti-spoofing controls, or considering the information available to attackers online.
- Help users identify and report suspected phishing emails – provide relevant training, review processes that could be exploited, make reporting a clear process and develop a no-blame culture.
- Protect your organisation from the effects of undetected phishing emails – set up two-factor authentication, use proxy servers and up-to-date browsers, protect your devices from malware.
- Respond quickly to incidents – encourage users to report suspicious activity, define incident response plans for different types of incidents.
Improve your digital defences with our Phishing Awareness Online Training. This course is suitable for anyone who uses the Internet at work. Get 10% off this course with the code ‘cyber10’!
Cyber Security, Internet, Email & Social Media, and Phishing Awareness training courses are essential tools in protecting your organisation from digital threats. Make sure you don’t miss out on our 10% off deal on these courses, available until the end of December. Simply enter the code ‘cyber10’ at checkout to save!
Read more Safety Spotlight blogs here
To keep up to date with the latest health & safety news and advice, follow us on social media: