Cyber Security FAQs
What is a data breach?
A data breach occurs when a company’s cyber security measures are compromised which allows unauthorised access of information. It can be incredibly damaging to a businesses reputation as well as consumers if their information has been taken. Companies are legally required to have measures in place to protect personal data and must notify anyone that may be affected by a possible breach.
What is malware?
Malware is malicious software. Once into a system, malware can cause harm or disruption or steal information. It can get into your system if a user clicks on a link or opens a malicious attachment in an email for example.
What is a phishing email?
Criminals want to trick you into giving your information to them – this is known as phishing. They're hoping that you’ll click on fake links to sites or open attachments, so they can steal data or install malicious software. Malicious emails account for nearly three quarters of security breaches or attacks. It's often a good idea to pass round screenshots of any phishing emails that have been received by staff to make sure everyone is aware of them and can more easily identify any future suspicious emails.
How should you dispose of storage devices which no longer work, but which contain restricted or sensitive information?
They should be disposed of securely to ensure that it’s impossible to retrieve any data they hold. You may need to use a professional data disposal service to do this for you.
Storage devices include laptops, smartphones, USB devices, portable storage, servers and digital recorders for example.
What is two-factor authentication?
Where sensitive data is involved, such as with online financial transactions or for physical access to secure areas, two-factor authentication (or 2FA) is often needed. Two-factor authentication requires a second security measure to confirm your identity. The second security measure could be voice or face recognition or your fingerprint (biometrics). Or, it could be a one-time password (OTP) which is a code that’s either sent to a secure authentication application on your device or computer or sent by text message to your smartphone. The code must then be repeated back to authenticate your transaction. OTP’s are randomly generated at the moment they’re required, are only valid for one use and usually time-out if not used within a certain, short, period of time.
How do you know you’ve been hacked?
Unfortunately, cyber threats are common and it isn’t always obvious that your cyber security has been compromised. However, the following may indicate that you have been hacked and you should immediately take action to prevent any further misuse or damage.
- Inability to log in to an account (that isn’t a result of forgetting your password)
- The startup of unknown programmes when switching your computer on
- Emails being sent from your account to others, that you didn’t send
- Social media posts from your account that you did not create
- Appearance of pop-up windows (that may encourage you to visit a particular site or download software)
- Your computer isn't performing as it usually does - e.g. it appears to have slowed down/crashes more frequently
Read our blog on how to deal with a hacker for more information.
How does cyber security affect remote workers?
When working away from the office you shouldn’t use internet cafes, public Wi-Fi or shared computers when accessing sensitive or restricted information. If possible, it’s best not to use personal laptops or home computers for this type of work. It’s better to use a company laptop with all the necessary security controls installed. It’s good practice to make sure that restricted information is password protected and that laptop hard drives and memory devices are encrypted. When working remotely it’s important to connect to the office network using a secure connection, especially in public areas using a wireless connection.
Remote workers can be vulnerable to scams and data breaches. It is important that every company includes cyber security considerations in their remote working policy. For example: Do employees use company laptops and phones? What access do they have to sensitive data? Do they know who to contact regarding any cyber security issues or concerns?
How do you protect your business from cyber attacks?
It is important to regularly review your cyber security policies and procedures, to ensure that they are still effective and up-to-date and you are not vulnerable to an attack. Our Cyber Security checklist can be downloaded below to help you identify any gaps or areas for review in your practices.
In particular, cyber security training can help staff understand their responsibilities in protecting a business's systems and data, in order to minimise the threat of a cyber attack.
What is the Cyber Essentials Scheme?
The Government has also endorsed a Cyber Essentials scheme. It allows businesses of all sizes to be independently certified for having met a good practice standard in 5 areas of computer security:
- Boundary firewalls and internet gateways
- Secure configurations
- User access controls
- Malware protection
- Patch management
If you gain certification it will allow your organisation to advertise that it meets a Government-endorsed standard.
Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services. Holding a Cyber Essentials badge enables you to bid for these contracts.
FAQs regarding our Cyber Security Awareness course
How long does the course take?
The Cyber Security Awareness course, including the test, can be completed in as little as 35 minutes.
Why is this training important?
The Cyber Security Breaches Survey found that almost half of businesses (46%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the last 12 months. A breach is not only financially damaging but it can also have a disastrous effect on a businesses reputation. The main types of security breaches that organisations face tend to be those that take advantage of human error and flaws in computer security. Therefore by investing in cyber security awareness training you can minimise the risk of cyber threats across your organisation.
What approvals does this course have?
This course is CPD accredited.
How long is my certificate valid for?
It is up to the training administrator of the employee as to when training needs to be refreshed. However, to stay up-to-date with legislation, we recommend that training should be renewed every year.
What devices is this course available from?
Our courses can be completed on a range of devices, they’re compatible with desktops, laptops, mobile phones, iPads and other tablets.
Documents and resources
10 steps to cyber security
This resource outlines practical steps organisations can take to create an overall cyber security strategy.
Types of cyber crime
This PDF provides a brief overview of some of the most common types of cybercrime.
Dealing with a Ransomware Attack
Understand what you should do if you are subject to a ransomware attack compromising your systems and data, with this printable PDF.
Cyber Security Risk Assessment
Here we provide a handy summary of workplace considerations to help minimise the risk of security breaches and data loss.
Types of Information
There are 3 types of information an organisation may have. We list them here. Keeping this information safe and preventing unauthorised access to it is vital.
How to access the security certificate on your browser
Website security certificates are important to show that you are on a secure site. We explain how to access the security certificate from various browsers including Chrome and Safari.
Review your cyber security practices with our simple checklist...
Use our checklist to help you review your cyber security practices. Keeping your systems and data safe is crucial.
- This checklist takes you through 10 key questions to help you take a proactive approach to cyber security
- The printable pdf will allow you to make notes and mark completion dates so you can keep a record of your progress
- It includes explanation notes for each point to help you work your way through it