FOR Cardiff’s Project Support Officer, Abbie Dix, tells us how she found her recent WCRC cyber security training! (We always love to hear feedback from our clients.)

FOR Cardiff is Cardiff’s Business Improvement District (BID) and is currently made up of 13 employees, who work to deliver improvements for the 750+ city centre businesses who fund us, as well as to the wider community in Cardiff.

Our team recently received cyber security training from the WCRC. Prior to the training, we felt we had a good understanding of cyber security but were eager to learn what more we could do to help protect our business from cyber-attacks.

Like many organisations, we are occasionally subject to phishing emails. Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. These emails are often from attackers purporting to be members of staff, mostly management, asking for us to urgently contact them via a Whatsapp link.

As a team, we were able to identify these emails as scams due to some tell-tail factors such as incorrect email addresses, spelling and grammar errors, and the tone in which they are written. What we didn’t know was how to report them. The training taught us that, once you have received and identified a phishing email, you must then report it by forwarding it to report@phishing.gov.uk. A few days after the training, we were sent a phishing email and were able to quickly identify and report it.

During the training, we were also shown how strong our passwords were. It is no surprise that, the longer and more complex a password is, the stronger it is. However, we weren’t all aware just how long, complex and random our passwords needed to be in order to be defined as strong. We checked our work and personal passwords and were able to see how long it would take a hacker to crack them. For the more diligent members of the team, this ranged from days, to months, and even years. But for some of us, our passwords could be cracked in seconds. This opened our eyes to the risks of weak passwords, and we were sure to strengthen our passwords after the session.

The training also covered the issue of scam invoices. This is something our accounts team deals with regularly. We learned a few identifying factors to spot if an invoice is from a scammer. These include: an attachment with a blank body of text, a generically named html file attached, and the email address not matching the name it is purporting to be.

As a team, we found the cyber security training relevant, helpful, and informative. It was very clear and easy to follow, with a lack of jargon and a ‘non-tech’ approach.

To summarise, the three top tips we came away with were:

1. If you suspect a phishing email, look for the identifying factors and report it to report@phishing.gov.uk.

2. To lower the risk of hacking, all passwords should be long, complex and random.

3. Security is everyone’s responsibility! If you spot something that doesn’t look right, take action.

The WCRC delivers a range of services using industry standard tools and techniques to help SMEs better protect themselves and their supply chain against cybercrime. Among the services offered are security awareness training, vulnerability assessments and security policy reviews.