Activate Learning and Thames Valley Police join forces on cybercrime awareness

According to the latest government statistics, £4,180 is the average annual cost for businesses that lost data or assets after cybersecurity breaches. Among the 32% of businesses identifying a breach or attack, 19% had staff stopped from carrying out daily work.

Leading education group Activate Learning is collaborating with Thames Valley Police (TVP) to raise awareness of digital security threats. Our technology curriculum will help to protect businesses and livelihoods from this rapidly evolving crime by developing new cybersecurity experts.

Through co-created courses, the best industry expertise and our business-focused tutors, Activate Learning teaches what IT students will need to combat cybercrime when they enter the workforce.

The three most common forms of cyberattack are:
– Phishing, the practice of tricking people into providing personal or sensitive information
– Viruses, spyware or malware, including ransomware attacks that hold a company’s data hostage
– Impersonating a company online or in emails, including sending fraudulent invoices to customers.

Large scale data breaches affecting big names get the publicity, but smaller businesses where every penny counts, or who pride themselves on the personal touch with clients, are attractive targets for cyber criminals.

Activate Learning will link tutors with TVP specialists to identify the most up to date cybersecurity threats and ensure that the very latest techniques to combat them are taught to learners. Security and encryption modules show students how to identify threats and how to implement effective strategies to protect valuable digital systems.

Mark Godsland, a Cyber Protect Officer and Police Cyber Security Advisor, explains more: “Digital security is a national and international threat.

“I recently worked on a case where a business owner visited Hong Kong and used what he thought was secure hotel Wi-Fi. He was a ripe target for data harvesting and by the time he returned home the attackers had access to his company’s financial data and had stolen money.

“If your company allows staff to work remotely, they may gravitate towards coffee shops or other outlets that provided free and non-secure public Wi-Fi facilities.

“Companies should implement device user policies, to prevent this and utilise either a corporate VPM (Virtual Private Network for all company networked devices) solution or utilise their corporate mobile data connections such as 4G.

“Where Two Factor authentication (2FA) is offered by a service provider, such as email, social media, banking, enable 2FA as standard.”

Mark recommends the following first steps to protect against cybercrime: “Train your staff about the threat, but as part of a no blame culture, explain what to do if they have been targeted. Regularly back up your data via separate means, cloud, physical and off site, and make sure it works as a recovery back up. If you are hit today would you be able to trade again tomorrow? Avoid sharing too much information about your company on social media and encourage your staff to be mindful of their own social media footprint.”

Activate Learning creates talent for business by working with organisations like TVP and across the private, public and third sectors. It has recently launched the Thames Valley Talent Transfer Programme (TVTTP), an initiative where teachers swap the classroom for the workplace to gain first-hand experience within their sectors.

Any businesses that want to get involved in the programme can do so by contacting Alice Eardley at alice.eardley@activatelearning.ac.uk

3 steps to protecting your business against cybercrime

Spread the word
Ensure that everyone in the company understands the threat. Remind staff that attachments from unknown sources should not be opened. Make sure that passwords are strong and separate. Implement procedures for the encryption, back up, sharing and disposal of sensitive data.

Minimise third party risk
Extend your cybersecurity diligence to all your suppliers and partners, large and small. Ensure that this forms part of your vetting and procurement process. How do they protect their data, networks and systems? How do they dispose of their data? You are only as strong as your weakest link. Make sure that a third party will not compromise your carefully managed cybersecurity.

Protect yourself if the worst happens
Have a company disaster plan to deal with response and recovery. However, no plan is 100% fail-safe. Cybersecurity insurance is there to lessen the financial impact of a security breach but should be used in conjunction with other protective measures. Speak to a specialist to assess your risk of attack.

More useful information
Nationally Accredited Cyber Essentials certification: www.cyberessentials.ncsc.gov.uk
Cybercrime and fraud should be reported via Action Fraud: www.actionfraud.police.uk
More information is available via the National Cyber Security Centre (NCSC): www.ncsc.gov.uk
Thames Valley Cyber Protect can be contacted for advice and free presentations via:
cyber.protect@thamesvalley.pnn.police.uk