Numpty Nigel gets caught

Numpty Nigel likes to please. He likes to be helpful. He gets back to people quickly. Even people he doesn’t know. Especially if they need help. He also has an eye for a deal. If something seems too good to be true he is right in there like a rat up a drainpipe. As we know, Nigel is a numpty.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

Phishing

Each of the ‘Privacy Fails’ we discuss in this series of short articles are real.  They are based on things we have seen at the The Privacy Compliance Hub.  They are based on reports from regulators of the complaints they have received; the data breaches reported to them; and the fines and other enforcement actions they have levied.  These things do happen.  A lot.  Don’t let them happen to you.  Don’t be a numpty.

The privacy fail

This ‘Privacy Fail’ is caused by clicking on links in emails or text messages sent by criminals looking to extract sensitive information such as customer account details or passwords.  This ‘Privacy Fail’ relies on clever criminals and unsuspecting or naive members of staff.

A privacy statistic

Phishing just misses out on the top spot for most common data breach in the UK and Ireland.  In Ireland it comes in at number 3, behind unauthorised disclosure and just behind lost or stolen papers.  In the UK, it comes in at number 2, just behind data posted or faxed to the wrong recipient.

In this short Product Walkthrough Video we show you how The Privacy Compliance Hub enables you to do compliance, build your business and avoid data breach.

Watch video

Real life examples with real life consequences

We have not been able to find any fines issued for organisations that have fallen foul of phishing.  We know phishing happens a lot because the National Cyber Security Centre warns us against it and the regulators say that it is one of the most common data breaches.

In the absence of fines that we can tell you about, here are some things for your staff to look out for/avoid:

Does the sender look genuine?

  • Do you know the sender?
  • Is the sender using their usual email address?
  • Check the sender’s email address. Does its domain match the sender’s website domain?
  • Genuine organisations don’t use free email such as @gmail.com or @hotmail.com.

Does the content look odd?

  • Fraudsters often get your name wrong or spell it incorrectly.
  • Bad spelling, punctuation, or grammar are all signs that an email is a scam.
  • Be suspicious if an email addresses you in a generic way e.g “Dear valued customer”.

Do you feel rushed, worried, or threatened?

  • Only criminals try to rush, worry or threaten you.
  • Think before automatically doing what a sender asks you to do.
  • Be suspicious of threats or people telling you that you are at risk unless you do something.
  • These words are suspicious: “You must immediately”; or “The directors urgently require you to..”.

Is this how the sender usually communicates?

  • Familiarise yourself with how companies usually email you.
  • Note the style and branding of genuine emails from your bank and other online providers.
  • Use other channels to check what an email is asking you to do e.g call your bank.

Does it seem too good to be true?

  • If the email contains an offer that is too good to be true, it is probably a scam.
  • Reject offers that come out of the blue.

How to avoid this privacy fail

Train your staff on how to avoid this ‘Privacy Fail’.  Distribute posters.  Discuss the risk at team meetings.  Make people understand that security starts with them, not with the IT department.  And make them care.  This is all part of creating a culture of continuous privacy compliance which needs to be at the heart of any privacy compliance programme.

A culture of continuous privacy compliance

At The Privacy Compliance Hub, we help organisations establish and maintain a culture of continuous privacy compliance by making everyone in an organisation understand privacy, care about privacy and do their bit to protect personal information.  Our platform contains a structure, a programme, a route map, records, information, reporting and training to enable all organisations to build that culture and comply with privacy rules including the GDPR and the CCPA.  It reduces the risk of data breach.

Numpty Nigel

Numpty Nigel’ is fictional.  He is not based on any person living or dead.  Any resemblance or similarity to any person living or dead is purely coincidental.  It’s just that one of our Co Founders is called Nigel.  He is not a numpty.  But he does think that ‘Numpty Nigel’ sounds funny.  And the name Nigel is slowly dying out.  So this series of articles is for all the Nigels out there.

More to watch and read