October is Cyber Security Month so it’s a great time to recap on the most common threats to our business, and what you can do to help.
As a business we see some of these threats almost every day. We’ve always worked hard to keep people’s data safe, and with new GDPR regulations and potentially millions of pounds in fines for breaches, it’s even more important to make sure that information doesn’t fall into the wrong hands.
“Information Security isn’t just management responsibility, it’s everyone’s responsibility”
Pippa Wicks, Deputy CEO
Here’s what you can do:
Protect information before you send it
This is usually accidental, for example, you might ‘hide’ columns in spreadsheets and send them in an email, forgetting this can easily be undone. Or you might email files to your own personal email address to work on at home, which is a security risk. If you need to send or share information, always password- protect it and send the password separately.
Beware of phishing tactics to steal your data
We block over 14,000 infected emails a day, but some will always slip through the net, so you need to be on your guard. Some common warning signs are – the email trying to make you worried, make you think that something is urgent, or make you click a link out of curiosity.
If you have any doubts, make sure the message is genuine by contacting the sender directly in another way, either through their official e-mail address or on the phone – don’t just reply to the email.
Don’t make your password easy to crack
Over half a million passwords are freely available on the internet from previous data thefts across the world. People sometimes use the same password for more than one account, so if attackers successfully discover one password, they can use it to break into other accounts.
Recent security research shows that a ten-character alphanumeric password takes two hours to crack – add a special character like !,&,% and it takes a week.
- Use a 12-character password wherever you can to make your account extra secure (attackers will move on to easier targets)
- Don’t use passwords that others can figure out from things you share on social media (like pets names, the football team you support, or your home town)
- Keep your password secret, and don’t write it down or send it in emails
- Use a different password for each account, and if you suspect that someone knows it, change it straight away
Make sure you do your information security training
As part of our commitment to keeping people’s data safe, all colleagues have annual information security training.
Retail colleagues did a joint InfoSec-GDPR module earlier in the year, depot colleagues are currently having team briefings, and Funeralcare homes and all office-based colleagues will do training in October and November.
Information Security Threat Intelligence Manager