Information Security Awareness: An Introduction for UK SMEs

This section provides an overview of the You are a target lectures, discussing the context, main concepts, practical implications, and conclusions. 

This lecture explores the value of personal and company information, focusing on how stolen information is sold on darknet markets.

Identity theft and corporate identity fraud are explained in this lecture, along with strategies for protecting corporate identity and an example of a corporate identity phishing email.

Here, common workplace information security threats are examined, including an example of a malware-laced Companies House email.

This lecture highlights the importance of understanding the "You are a target" topic and ponders the potential consequences for SMEs.

The You are a target topic is summarised, and conclusions are drawn.

This section offers an overview of the Social engineering lectures, discussing the context, main concepts, practical implications, and conclusions.

In this lecture, the concept of social engineering is introduced, along with examples of malicious social engineering, phishing, vishing, smishing, and impersonation.

This lecture presents real-life examples of phishing, vishing, and impersonation, involving UK HMRC, businesswoman Emma Watson, and fake LinkedIn profiles.

Here, general advice on being cautious, verifying calls, and email precautions is provided to help defend against social engineering attacks.

The importance of understanding social engineering is emphasised, along with potential consequences for SMEs.

The social engineering topic is summarised, and conclusions are drawn.

This section introduces the Dangerous emails and links lectures, discussing the context, main concepts, practical implications, and conclusions.

This lecture highlights the dangers of email attachments, along with the US-CERT's recommended email attachment protection steps.

In this lecture, hyperlinks are explained, as well as the risks of clicking email links, the difference between real and fake emails, and general advice for safe and unsafe email links.

This lecture covers common scams targeting small businesses, such as fake invoice fraud, ransomware demands, data theft, and strategies for protecting SMEs from attacks.

Here, the characteristics of spear phishing are discussed, along with tips for detecting spear phishing attempts.

The importance of being aware of dangerous emails and links is emphasised, along with potential consequences for SMEs.

This lecture brings together key points from the dangerous emails and links topic and provides concluding remarks.

This section offers an overview of the Social media security issues lectures, covering the risks associated with social media in the workplace and strategies for SMEs and their staff to protect themselves.

In this lecture, various social media threats are explored, including identity theft, social engineering attacks, malware, and employer risks.

This lecture provides practical advice for both employees and employers on safeguarding against social media security risks in the workplace.

The importance of understanding social media security issues is highlighted, along with potential consequences for SMEs.

The social media security issues topic is summarised, and conclusions are drawn.

This section introduces the Password risks lectures, addressing password issues, password management, good and bad password hygiene, and tips for enhancing SME password security.

This lecture delves into common password problems, the trade-off between convenience and security, notorious passwords, password attacks, and brute-force attacks.

Here, technical security controls for password strength, user password management issues, and the significance of password strength are examined.

This lecture explains the concept of password hygiene, offers an example of poor password hygiene, and shares guidance on adopting good password hygiene practices and two-factor authentication.

In this lecture, strategies for handling multiple logins and passwords are presented, including the use of password managers and advice for boosting SME password security.

The importance of addressing password risks is emphasised, along with potential consequences for SMEs.  

The password risks topic is summarised, and conclusions are drawn.

This final lecture summarises the entire course and offers overall conclusions.