Cyber Security
As a leading provider of Business Compliance eLearning, our experts are often asked about Cyber Security. We’ve collected some of those questions and answered them for you below…
Frequently asked questions
- What is a data breach? A data breach occurs when a company’s cyber security measures are compromised which allows unauthorised access of information. It can be incredibly damaging to a businesses reputation as well as consumers if their information has been taken. Companies are legally required to have measures in place to protect personal data and must notify anyone that may be affected by a possible breach.
- What is a phishing email? Criminals want to trick you into giving your information to them – this is known as phishing. They’re hoping that you’ll click on fake links to sites or open attachments, so they can steal data or install malicious software. Malicious emails account for nearly three quarters of security breaches or attacks. It’s often a good idea to pass round screenshots of any phishing emails that have been received by staff to make sure everyone is aware of them and can more easily identify any future suspicious emails.
- How should you dispose of storage devices which no longer work, but which contain restricted or sensitive information? They should be disposed of securely to ensure that it’s impossible to retrieve any data they hold. You may need to use a professional data disposal service to do this for you. Storage devices include laptops, smartphones, USB devices, portable storage, servers and digital recorders for example.
- What is two-factor authentication? Where sensitive data is involved, such as with online financial transactions or for physical access to secure areas, two-factor authentication (or 2FA) is often needed. Two-factor authentication requires a second security measure to confirm your identity. The second security measure could be voice or face recognition or your fingerprint (biometrics). Or, it could be a one-time password (OTP) which is a code that’s either sent to a secure authentication application on your device or computer or sent by text message to your smartphone. The code must then be repeated back to authenticate your transaction. OTP’s are randomly generated at the moment they’re required, are only valid for one use and usually time-out if not used within a certain, short, period of time.
- How do you know you’ve been hacked? Unfortunately, cyber threats are common and it isn’t always obvious that your cyber security has been compromised. However, the following may indicate that you have been hacked and you should immediately take action to prevent any further misuse or damage.
- Inability to log in to an account (that isn’t a result of forgetting your password)
- The start-up of unknown programmes when switching your computer on
- Emails being sent from your account to others, that you didn’t send
- Social media posts from your account that you did not create
- Appearance of pop-up windows (that may encourage you to visit a particular site or download software)
- Your computer isn’t performing as it usually does – e.g. it appears to have slowed down/crashes more frequently.
- How does cyber security affect remote workers? When working away from the office you shouldn’t use internet cafes, public Wi-Fi or shared computers when accessing sensitive or restricted information. If possible, it’s best not to use personal laptops or home computers for this type of work. It’s better to use a company laptop with all the necessary security controls installed. It’s good practice to make sure that restricted information is password protected and that laptop hard drives and memory devices are encrypted. When working remotely it’s important to connect to the office network using a secure connection, especially in public areas using a wireless connection. Remote workers can be vulnerable to scams and data breaches. It is important that every company includes cyber security considerations in their remote working policy. For example: Do employees use company laptops and phones? What access do they have to sensitive data? Do they know who to contact regarding any cyber security issues or concerns?
- How do you protect your business from cyber attacks? It is important to regularly review your cyber security policies and procedures, to ensure that they are still effective and up-to-date and you are not vulnerable to an attack. Our Cyber Security checklist can be downloaded below to help you identify any gaps or areas for review in your practices. In particular, cyber security training can help staff understand their responsibilities in protecting a business’s systems and data, in order to minimise the threat of a cyber attack.&
- What is the Cyber Essentials Scheme? The Government has also endorsed a Cyber Essentials scheme. It allows businesses of all sizes to be independently certified for having met a good practice standard in 5 areas of computer security:
- Boundary firewalls and internet gateways
- Secure configurations
- User access controls
- Malware protection
- Patch management
- Am I a DSE user? If you use display screen equipment for at least an hour or more every day – or a significant proportion of your work – then this would class you as DSE user. The DSE Regulations apply to you regardless of whether you’re at a fixed workstation, a mobile worker, work from home, or if you’re a hot-desker. There are some situations where the regulations don’t apply, these are:
- Driver’s/control cabs for vehicles or machinery
- Screens on board any form of transport
- Display screens that are intended for public use, e.g. electronic information display in a shopping centre
- Portable devices that are not used for prolonged periods of time
- Calculators, cash registers, or any other equipment with a small data or measurement screen, or
- Typewriters of traditional design – “window typewriters”
- How often and long should breaks be from your desk? Although there is no fixed time between breaks or length of breaks stated in the Health and Safety (Display Screen Equipment) Regulations 1992, the regulations do suggest that breaks should be ‘periodically’ taken. The regulations suggest that each person’s work should be designed to include a mix of tasks, some screen-based and some non-screen based, to allow natural breaks from concentrating on the screen, sitting in the same position or repetitive input work, for example. Sometimes, due to the nature of your work, this is not possible, and in this case, deliberate breaks must be introduced. We suggest as a minimum guideline at least 5 minutes in every hour should be spent away from the screen, but it’s also important to make sure you change posture regularly and refocus your eyes; doing some simple stretching exercises at your desk can be very useful too. Try the 20-20-20 rule – every 20 minutes, look up from your screen at something about 20 feet away for about 20 seconds. This gives the muscles in your eyes a chance to relax.
- Why does working with PC’s make my eyes hurt? Computer eye strain has become a major job-related complaint due to the length of time many employees are required to be at their desks on their PC’s. Problems can range from physical tiredness, increased number of errors to eye twitching or red eyes. The first thing you should do is book an eye test to make sure that nothing is seriously wrong. Your optician should then be able to advise the best solution for you whether that is to use computer eyewear, modify your workstation, take more breaks or exercise your eyes.
Documents & other resources
White Papers/Guides
Cyber Security Checklist
Use our checklist to help you review your cyber security practices. Keeping your systems and data safe is crucial.
Sign up to download
