Safety Spotlight: Cyber Security, GDPR & Phishing Awareness

As part of December’s Hazard of the MonthIT Security and GDPR, we’re highlighting three key areas: Cyber Security, GDPR & Phishing Awareness.

Cyber Security

Taking action to protect yourself and your business from cyber security risks is essential in this modern age of working.

However, it doesn’t need to be daunting – there are some simple steps you can take to reduce the risk of cyber attacks.

  1. Back up your data:
    • Identify the data you need to back up
    • Keep your backup and computer separate
    • Look into using cloud storage
    • Use automated backups to integrate backing up into your daily processes
  2. Protect yourself from malware:
    • Install antivirus software and ensure it is enabled
    • Prevent staff from downloading third party apps
    • Ensure equipment is kept up to date
    • Limit the use of USBs and memory cards
    • Switch on your firewall
  3. Make use of passwords:
    • Switch on password protection
    • Use 2-step verification
    • Use unique passwords
    • Consider using password managers, or provide secure storage where staff can keep written passwords
    • Do not keep default passwords

Learn more about keeping your business safe with our Cyber Security Online Training Course. Get 10% off this course with the code ‘cyber10’!


All businesses by nature will handle personal data, belonging both to customers and employees. To understand your role and obligations in relation to the personal data you are processing, you first need to identify whether you are a controller, joint controller or processor.

Look at the following criteria. You are more likely to be a controller if you:

  • decided to collect or process the personal data
  • decided the purpose of processing data
  • decided what personal data should be collected
  • decided which individuals to collect personal data about
  • benefit from processing the data
  • process data as part of a contract with the data subject
  • process the data of employees
  • make decisions about the individuals concerned
  • exercise professional judgement in the processing of the personal data
  • have a direct relationship with the data subjects
  • have complete autonomy as to how you process the data
  • have appointed the processors to process the personal data on your behalf

You are more likely to be a joint controller if you:

  • have a common objective with others regarding data processing
  • process personal data for the same purpose as another controller
  • the same set of personal data as another controller
  • have designed this process with another controller
  • have common information management rules with another controller

You are more likely to be a processor if you:

  • are following instructions from someone else
  • were given the personal data by a customer or third party
  • were told what data to collect
  • do not decide to collect individuals’ personal data
  • do not decide what personal data should be collected
  • do not decide the lawful basis for data usage
  • do not decide the purposes of the data
  •  do not decide whether to disclose the data
  • do not decide how long to retain the data
  • make some data processing decisions, but implement these under a contract with someone else
  • have no interest in the end result of the processing

Learn more about regulations for handing data with our GDPR Online Training Course. Get 10% off this course with the code ‘cyber10’!

Phishing Awareness

No matter the size or type of your business, you will receive attempts at phishing attacks at some point. These might try to trick you our your employees into sending money, access your company details, or to threaten.

By following these tips, you can learn how to identify and prevent some of the most common attacks:

  1. Examine your digital footprint:
    • Is there unnecessary detail present on your social media and website that might be useful to scammers?
    • Check what information your partners, contractors and suppliers share online
    • Help staff to manage their personal presences online
  2. Know the signs of phishing scams:
    • Poor spelling, grammar and punctuation
    • Does not address you by name
    • Contains a threat urging you to act quickly
    • Unlikely requests e.g. a high-ranking person in your business requesting a payment you wouldn’t expect
  3. Manage your accounts:
    • Use two-factor authentication on all important accounts
    • Give staff the lowest level of user rights required to perform their jobs – this will minimise the damage should an attack be successful
  4. Report all attacks:
    • Encourage staff to ask for help if they think they have fallen victim to a scam
    • Make reporting processes clear
    • Do not punish staff for falling for scam

Learn more about protecting your business from phishing attacked with our Phishing Awareness Online Training Course. Get 10% off this course with the code ‘cyber10’!

Cyber Security, GDPR & Phishing Awareness training courses are essential tools in protecting your business from cyber and data risks. Make sure you don’t miss out on our 10% off deal on these courses, available until the end of December. Simply enter the code ‘cyber10’ at checkout to save!

Read more Safety Spotlight blogs here

To keep up to date with the latest health & safety news and advice, follow us on social media:

Facebook | Instagram | Twitter | LinkedIn