Real life examples with real life consequences
We have not been able to find any fines issued for organisations that have fallen foul of phishing. We know phishing happens a lot because the National Cyber Security Centre warns us against it and the regulators say that it is one of the most common data breaches.
In the absence of fines that we can tell you about, here are some things for your staff to look out for/avoid:
Does the sender look genuine?
- Do you know the sender?
- Is the sender using their usual email address?
- Check the sender’s email address. Does its domain match the sender’s website domain?
- Genuine organisations don’t use free email such as @gmail.com or @hotmail.com.
Does the content look odd?
- Fraudsters often get your name wrong or spell it incorrectly.
- Bad spelling, punctuation, or grammar are all signs that an email is a scam.
- Be suspicious if an email addresses you in a generic way e.g “Dear valued customer”.
Do you feel rushed, worried, or threatened?
- Only criminals try to rush, worry or threaten you.
- Think before automatically doing what a sender asks you to do.
- Be suspicious of threats or people telling you that you are at risk unless you do something.
- These words are suspicious: “You must immediately”; or “The directors urgently require you to..”.
Is this how the sender usually communicates?
- Familiarise yourself with how companies usually email you.
- Note the style and branding of genuine emails from your bank and other online providers.
- Use other channels to check what an email is asking you to do e.g call your bank.
Does it seem too good to be true?
- If the email contains an offer that is too good to be true, it is probably a scam.
- Reject offers that come out of the blue.
How to avoid this privacy fail
Train your staff on how to avoid this ‘Privacy Fail’. Distribute posters. Discuss the risk at team meetings. Make people understand that security starts with them, not with the IT department. And make them care. This is all part of creating a culture of continuous privacy compliance which needs to be at the heart of any privacy compliance programme.
A culture of continuous privacy compliance
At The Privacy Compliance Hub, we help organisations establish and maintain a culture of continuous privacy compliance by making everyone in an organisation understand privacy, care about privacy and do their bit to protect personal information. Our platform contains a structure, a programme, a route map, records, information, reporting and training to enable all organisations to build that culture and comply with privacy rules including the GDPR and the CCPA. It reduces the risk of data breach.
‘Numpty Nigel’ is fictional. He is not based on any person living or dead. Any resemblance or similarity to any person living or dead is purely coincidental. It’s just that one of our Co Founders is called Nigel. He is not a numpty. But he does think that ‘Numpty Nigel’ sounds funny. And the name Nigel is slowly dying out. So this series of articles is for all the Nigels out there.