Frequently Asked Questions​

The protection of devices, services and networks — and the information on them — from theft or damage.

Download the Small Business Guide to Cyber Security.

The UK’s cybersecurity sector is now worth an estimated £8.9 billion.

It's important to understand the basics and why cyber security is important to all businesses regardless of size or sector. Download our Cyber Security Guide for Small Businesses and start your journey by becoming a free member of the Cyber Resilience Centre.

If you understand the basics of cyber security, but you're ready to learn more about the practical steps you can take next then we'd encourage you to become a member of the Cyber Resilience Centre or learn more about our affordable services.

A breach of the security rules for a system or service - most commonly;

• Attempts to gain unauthorised access to a system and/or to data.

• Unauthorised use of systems for the processing or storing of data.

• Changes to a systems firmware, software or hardware without the system owner's consent.

• Malicious disruption and/or denial of service.

We have created a Cyber Incident Response Pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.

At the Cyber Resilience Centre, we have access to trusted specialist cybercrime investigators who can support you during an attack and recover digital forensic evidence to help identify who is responsible.

We have created a Cyber Incident Response Pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to compliment any existing plans or assist you in creating one.

A vulnerability assessment is a process of identifying existing weaknesses within your network. It can be host-based, network-based, wireless, application, or within your database.

A Website Vulnerability Assessment (often referred to as Web Application Penetration Testing or Pentest) addresses the security of your website (Web application). Websites are mostly publicly available and are there to provide services for anyone with internet access. This makes them a primary target for attackers.

In the world of cybersecurity and cybercrime, there are a lot of myths, misconceptions and rumours shared between business owners and employees. The five biggest myths that we hear the most are:

• Small and medium-sized businesses aren’t targeted by hackers. Cybercriminals are more interested in larger companies.

• Businesses must buy expensive hardware or software solutions to implement effective cybersecurity.

• My business has nothing worth protecting from cyber-attacks.

• Password managers are unsafe and a risk to my business.

• Public Wi-Fi is safe to use. It’s just like any other wi-fi network.

Read our Cyber Security Mythbusting Guidance

Sensitive data management

A lot of the data that is stored in the recruitment is Personable Identifiable Information (salaries, gender, contact information, job description, previous employers, references etc.). Therefore it is critically important that only those who are authorised to do so can access it. This means ensuring all accounts have strong, unique passwords and Multi-Factor Authentication enabled. The best practice would also be implementing a data classification tool to prevent sensitive data from leaving your organisation intentionally or accidentally.

Phishing attacks / Malware (email attachments)

As a recruiter, you will receive vast amounts of CVs as email attachments. As any one of these could be disguised malware, you need to stay vigilant in checking them. The same goes for hiring managers and finance staff or recruitment businesses, as these staff and departments are also more likely to receive malicious email attachments

Remote working - lots of staff working remotely, high volume of client meetings

A lot of staff working remotely brings a lot of cyber security risks as senior leaders will have less tangible control over where their employees work, meaning they could be working from unsecured public wifi, they could be working on a crowded train leaking sensitive data to anyone closeby who happens to be shoulder surfing, they could be leaving devices unattended in public working spaces.

Learn more with our blogpost: The Cyber Security Dangers for Recruitment Agencies