To get started, choose your business type from the three options below. Then click on the circles to reveal the different workplace cyber-security threats, with advice and solutions to keep you protected.
To explore, rotate your phone
ClickTap to explore
Remote working
Public wi-fi hotspots are easy targets for cyber-criminals, because many of them don’t use any kind of encryption. One of the most common threats on these networks is called a MITM (man-in-the-middle) attack. It’s a form of digital eavesdropping where hackers secretly intercept your connection and steal information. They can even trick you into connecting to fake a wi-fi access point to retrieve company data.
Avoid connecting to public wi-fi hotspots whenever possible. If it’s absolutely necessary, a VPN can help keep your privacy protected and connection secure. It encrypts any data you send or receive, allowing you to access your files safely, from anywhere. So even if a criminal were to take a look, they wouldn’t be able to decipher it.
While the freedom of working from anywhere on any device can boost productivity, it can leave you more open to cyber-attacks. If a device is left unlocked and unattended, a cyber-criminal will use the opportunity to steal your data.
Always set strong passcodes for any devices you use, and set them to automatically lock after two minutes or less. Mobile Device Management (MDM) solutions allow you to secure, monitor and manage multiple devices. You can even lock and wipe them remotely if they’re lost or stolen, for complete peace of mind.
Voice phishing specifically targets individuals and businesses over the phone to trick them into handing over confidential company information. The attacker usually imitates a legitimate organisation, informing the caller that some form of suspicious activity has taken place relating to their bank account or other financial accounts.
Social engineering attacks are not only becoming more common, but they’re also increasingly sophisticated. Educating employees through online security training programmes, like Skills for Tomorrow, will help make them aware of the risks. And never give out any company data to unauthorised persons. A seemingly innocent conversation, may be a hacker targeting you for access or information.
Malware accounts for 29% of reported cyber-crime1. It’s malicious software you install inadvertently, usually by visiting a malware-infected (but otherwise genuine) website, or by opening an attachment from a phishing email.
Never download media, software, or files from untrusted websites. Avoid opening attachments and clicking links in suspicious emails or popups. And keep your devices and software up to date. One of the best ways to protect yourself is to download anti-malware software. It offers an extra layer of security when you download something, while protecting your data.
SME
Email phishing is one the most common types of social engineering attack. The hacker sends an email from what appears to be a legitimate organisation, informing you that there’s been a compromise to your account and you need to respond immediately by clicking on a specific link or downloading an attachment. By doing so, the hacker can steal private information or install malware on your device.
Email (or spam) filters are a simple yet effective defence against phishing attacks. Check your spam regularly, and if you spot a phishing email, report it to the relevant person within your company immediately, to protect your colleagues from falling victim to the same scam. Online security training programmes, like Skills for Tomorrow, are also a great way of educating staff on the importance of cyber-security.
Microsoft's 2021 Security Signals report reveals that 83% of enterprises have experienced a firmware attack1. It targets firmware (permanently installed software) in your systems and devices, allowing hackers to bypass a mobile or computer’s operating system. And worryingly, they compromise devices before they’ve even had a chance to boot up.
By having outdated software, you’re not only missing out on new features or improved performance. You’re also exposing your business to cyber-security attacks – so always keep your firmware up-to-date. Most software can be set up to prompt users to install updates. And you can even set updates to happen automatically across all of your company’s devices, so employees don’t even have to think about it.
Weak passwords are the third most common cause of ransomware attacks globally, with research from Google revealing that two in three individuals recycle the same password across multiple accounts1.
Don’t use passwords that are easy to guess, like names of family members or pets – and never write them down. Try to use a different password for every site and include a mix of letters, numbers and symbols. If you have trouble remembering them, use a password manager. It offers a secure way to store, share and manage passwords in a single location.
Ransomware attacks are a big problem for small businesses. It’s a type of malware that prevents you from accessing your device, or the data that’s stored on it – usually by encrypting it. The attacker demands a ransom from you, usually with a deadline, to restore access to the data upon payment.
Anti-virus software and email security solutions can often detect potential ransomware attacks. But there’s nothing more effective than turning on your human firewall. If you receive an email, no matter how legitimate or urgent, ask yourself – ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email?’ If something doesn’t seem right, it most probably isn’t. Having the right backup solution can also help you recover quickly from an attack. Allowing you to easily restore files, without having to pay up.
Large corporate
An insider threat is a security risk that comes from within your organisation. And that’s what makes them so hard to detect. Insiders have legitimate access to your systems and data. So it could be anyone – a current or former employee, or even a business associate, who deliberately steals sensitive information for personal gain, or accidentally leaks it.
While many security controls can detect unusual activity, threat management solutions help you predict, prevent, identify and respond to cyber-threats faster. Offering real-time insights, they’ll detect any accidental or malicious file uploads and downloads, identify unauthorised access, any misuse of your business applications, and more, to protect your organisation’s most critical data and assets.
Hackers search an organisation’s rubbish to find sensitive information that can be used to carry out an attack, or gain access to its network. Access codes, passwords, expense reports or even organisational charts and phone lists, can be used to assist a hacker using social engineering techniques.
Always dispose of sensitive information properly, using designated bins or shredders. Education is also key. So inform employees about any data retention policies and don’t allow them to take printouts home with them. Or step up your security by installing real-time surveillance and CCTV.
Spear phishing, or CEO fraud, is when an attacker impersonates a company executive. And they can be very difficult for employees to spot. Typically they use the CEO’s email account, or an email address that looks very similar, to trick an employee into revealing sensitive information. Or transferring money into a bank account owned by the attacker.
Never open emails from unknown senders. And if you recognise the email address, check the email and domain name for discrepancies, like a missing or changed letter. Security solutions will help protect your organisation from cyber-threats. But to truly safeguard your business, a cyber-security strategy is key. And to make it really work, everyone in your business needs to be on board.
DDoS attacks are on the rise. They overwhelm your servers, networks, devices or applications with a flood of internet traffic, preventing legitimate customers and users from accessing your online services and sites. Hackers are now increasingly using IoT devices, like security cameras, webcams and printers to launch DDoS attacks, because they often have weaker security.
To protect your organisation from DDoS attacks, you need an effective DDoS protection and mitigation solution. It cleans your internet traffic by sorting through normal and malicious requests. And if unusual or suspicious traffic is detected, the protection system is activated, neutralising the DDoS attack before it can impact critical services.