To get started, choose your business type from the three options below. Then click on the circles to reveal the different workplace cyber-security threats, with advice and solutions to keep you protected.

To explore, rotate your phone

Change business type

ClickTap to explore

Remote working

Close

Remote working

The threat: Public wi-fi

Public wi-fi hotspots are easy targets for cyber-criminals, because many of them don’t use any kind of encryption. One of the most common threats on these networks is called a MITM (man-in-the-middle) attack. It’s a form of digital eavesdropping where hackers secretly intercept your connection and steal information. They can even trick you into connecting to fake a wi-fi access point to retrieve company data.

The solution: A Virtual Private Network (VPN)

Avoid connecting to public wi-fi hotspots whenever possible. If it’s absolutely necessary, a VPN can help keep your privacy protected and connection secure. It encrypts any data you send or receive, allowing you to access your files safely, from anywhere. So even if a criminal were to take a look, they wouldn’t be able to decipher it.

Remote working

The threat: Device loss or theft

While the freedom of working from anywhere on any device can boost productivity, it can leave you more open to cyber-attacks. If a device is left unlocked and unattended, a cyber-criminal will use the opportunity to steal your data.

The solution: Mobile protection

Always set strong passcodes for any devices you use, and set them to automatically lock after two minutes or less. Mobile Device Management (MDM) solutions allow you to secure, monitor and manage multiple devices. You can even lock and wipe them remotely if they’re lost or stolen, for complete peace of mind.

Remote working

The threat: Social engineering – voice phishing

Voice phishing specifically targets individuals and businesses over the phone to trick them into handing over confidential company information. The attacker usually imitates a legitimate organisation, informing the caller that some form of suspicious activity has taken place relating to their bank account or other financial accounts.

The solution: Education

Social engineering attacks are not only becoming more common, but they’re also increasingly sophisticated. Educating employees through online security training programmes, like Skills for Tomorrow, will help make them aware of the risks. And never give out any company data to unauthorised persons. A seemingly innocent conversation, may be a hacker targeting you for access or information.

Remote working

The threat: Malware

Malware accounts for 29% of reported cyber-crime1. It’s malicious software you install inadvertently, usually by visiting a malware-infected (but otherwise genuine) website, or by opening an attachment from a phishing email.

The solution: Anti-malware software

Never download media, software, or files from untrusted websites. Avoid opening attachments and clicking links in suspicious emails or popups. And keep your devices and software up to date. One of the best ways to protect yourself is to download anti-malware software. It offers an extra layer of security when you download something, while protecting your data.

1 Facts about cybersecurity

SME

Close

SME

The threat: Email phishing

Email phishing is one the most common types of social engineering attack. The hacker sends an email from what appears to be a legitimate organisation, informing you that there’s been a compromise to your account and you need to respond immediately by clicking on a specific link or downloading an attachment. By doing so, the hacker can steal private information or install malware on your device.

The solution: Email filters

Email (or spam) filters are a simple yet effective defence against phishing attacks. Check your spam regularly, and if you spot a phishing email, report it to the relevant person within your company immediately, to protect your colleagues from falling victim to the same scam. Online security training programmes, like Skills for Tomorrow, are also a great way of educating staff on the importance of cyber-security.

SME

The threat: Firmware attacks

Microsoft's 2021 Security Signals report reveals that 83% of enterprises have experienced a firmware attack1. It targets firmware (permanently installed software) in your systems and devices, allowing hackers to bypass a mobile or computer’s operating system. And worryingly, they compromise devices before they’ve even had a chance to boot up.

The solution: Keep your firmware up to date

By having outdated software, you’re not only missing out on new features or improved performance. You’re also exposing your business to cyber-security attacks – so always keep your firmware up-to-date. Most software can be set up to prompt users to install updates. And you can even set updates to happen automatically across all of your company’s devices, so employees don’t even have to think about it.

1 2021 Security Signals report, Microsoft

SME

The threat: Weak passwords

Weak passwords are the third most common cause of ransomware attacks globally, with research from Google revealing that two in three individuals recycle the same password across multiple accounts1.

The solution: A password manager

Don’t use passwords that are easy to guess, like names of family members or pets – and never write them down. Try to use a different password for every site and include a mix of letters, numbers and symbols. If you have trouble remembering them, use a password manager. It offers a secure way to store, share and manage passwords in a single location.

1 Online Security Survey Google / Harris Poll 2019

SME

The threat: Ransomware

Ransomware attacks are a big problem for small businesses. It’s a type of malware that prevents you from accessing your device, or the data that’s stored on it – usually by encrypting it. The attacker demands a ransom from you, usually with a deadline, to restore access to the data upon payment.

The solution: Turn on your human firewall

Anti-virus software and email security solutions can often detect potential ransomware attacks. But there’s nothing more effective than turning on your human firewall. If you receive an email, no matter how legitimate or urgent, ask yourself – ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email?’ If something doesn’t seem right, it most probably isn’t. Having the right backup solution can also help you recover quickly from an attack. Allowing you to easily restore files, without having to pay up.

Large corporate

Close

Large corporate

The threat: Insider threat

An insider threat is a security risk that comes from within your organisation. And that’s what makes them so hard to detect. Insiders have legitimate access to your systems and data. So it could be anyone – a current or former employee, or even a business associate, who deliberately steals sensitive information for personal gain, or accidentally leaks it.

The solution: Threat management

While many security controls can detect unusual activity, threat management solutions help you predict, prevent, identify and respond to cyber-threats faster. Offering real-time insights, they’ll detect any accidental or malicious file uploads and downloads, identify unauthorised access, any misuse of your business applications, and more, to protect your organisation’s most critical data and assets.

Large corporate

The threat: Bin diving

Hackers search an organisation’s rubbish to find sensitive information that can be used to carry out an attack, or gain access to its network. Access codes, passwords, expense reports or even organisational charts and phone lists, can be used to assist a hacker using social engineering techniques.

The solution: Document shredding

Always dispose of sensitive information properly, using designated bins or shredders. Education is also key. So inform employees about any data retention policies and don’t allow them to take printouts home with them. Or step up your security by installing real-time surveillance and CCTV.

Large corporate

The threat: Spear phishing

Spear phishing, or CEO fraud, is when an attacker impersonates a company executive. And they can be very difficult for employees to spot. Typically they use the CEO’s email account, or an email address that looks very similar, to trick an employee into revealing sensitive information. Or transferring money into a bank account owned by the attacker.

The solution: Design a cyber-security strategy

Never open emails from unknown senders. And if you recognise the email address, check the email and domain name for discrepancies, like a missing or changed letter. Security solutions will help protect your organisation from cyber-threats. But to truly safeguard your business, a cyber-security strategy is key. And to make it really work, everyone in your business needs to be on board.

Large corporate

The threat: Distributed Denial of Service (DDoS) attacks

DDoS attacks are on the rise. They overwhelm your servers, networks, devices or applications with a flood of internet traffic, preventing legitimate customers and users from accessing your online services and sites. Hackers are now increasingly using IoT devices, like security cameras, webcams and printers to launch DDoS attacks, because they often have weaker security.

The solution: DDoS protection and mitigation

To protect your organisation from DDoS attacks, you need an effective DDoS protection and mitigation solution. It cleans your internet traffic by sorting through normal and malicious requests. And if unusual or suspicious traffic is detected, the protection system is activated, neutralising the DDoS attack before it can impact critical services.