Information Security Awareness: An introduction for UK SMEs
5.0 (3 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
12 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Information Security Awareness: An introduction for UK SMEs to your Wishlist.

Add to Wishlist

Information Security Awareness: An introduction for UK SMEs

Recognise the main UK SME cyber security breaches and learn how to protect yourself and your company from common attacks
New
5.0 (3 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
12 students enrolled
Created by David Chapman
Last updated 8/2017
English
English
Current price: $10 Original price: $100 Discount: 90% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 2 hours on-demand video
  • 33 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Recognise the main UK SME cyber security threats including viruses, malware, impersonation, hacking, identity theft and corporate identity fraud.
  • Protect yourself from social engineering attacks through cautious behaviour, call verification and email precautions.
  • Safely handle email attachments and follow hyperlinks, identify fake emails, and recognise common business scams.
  • Avoid social media dangers including identity theft, social engineering attacks and malware, and adopt sound social media practices.
  • Securely manage your passwords.
View Curriculum
Requirements
  • An appreciation of UK small business and its environment.
  • A general familiarity with internet browsing and typical office applications.
Description

What Will I Learn?

  • The value of stolen information and how to recognise UK SME cyber security threats including viruses, spyware, malware, impersonation, denial-of-service, hacking, identity theft and corporate identity fraud,
  • How social engineering attacks operate and how to protect yourself through cautious behaviour, call verification and by applying email precautions,
  • Sound practices to safely handle email attachments and follow hyperlinks, identify fake emails, and recognise common business scams,
  • To recognise and avoid social media dangers including identity theft, social engineering attacks and malware, by adopting sound social media practices,
  • To securely manage your passwords.

 

Requirements

  • An appreciation of the small business workplace,
  • A general familiarity with internet browsing and common office applications.


Description

UK SMEs are at risk of cyber-attack.  Security awareness training helps SMEs defend themselves.  This introductory, non-technical information security awareness course, avoids (almost all) jargon to outline key SME workplace security threats and give you actionable solutions.

 

Develop a security-mindset based on a realistic, evidence-based UK SME threat awareness

  • Know who the attackers target and why,
  • Minimise your user-enabled security attacks,
  • Defend yourself and your company against phishing and other lure-based attacks,
  • Adopt safe, and avoid unsafe workplace social media practices,
  • Improve your password management.


Protect yourself and your SME

SMEs with a security-aware culture are less likely to suffer an expensive cyber-attack.  Educating yourself about workplace information security threats and adopting secure practices will help protect your company.  This course introduces end-user focused, straightforward, non-technical security awareness topics.


The course is particularly suited to micro (0-9 employees) and small (10-49 employees) SMEs.  Some medium (50-249 employees) SMEs will benefit from parts of the course.  Most examples and many references in the course are UK sourced.


Individuals, families, small businesses and large organisations share many information security threats.  How SMEs should prepare for and respond to these threats differs from the other categories of user.  Defensive techniques and tips offered in this course are UK SME oriented.


Key information security awareness topics are presented in a straightforward, accessible and practical manner.


At the end of each topic, use the workbooks to determine further security awareness actions.


Course content and overview

Actionable end-user security awareness training is structured around five key, standalone topics:

  • You are a target,
  • Social engineering,
  • Dangerous email and links,
  • Social media issues,
  • Password risks.


This course comprises of 33 lectures and around 2 hours of lecture content.  Each topic divides into several short lectures.  Lectures typically last 4-8 minutes.  Following each topic, are practice activities and resources: e.g. a downloadable lecture pdf, an online quiz providing immediate feedback, a downloadable workbook and a topic bibliography.


A course completion certificate is also available.


Course topics

 

You are a target

This topic considers the value of personal or company information and how it is sold on darknet markets.  It introduces identity theft, highlighting the type of people deliberately targeted.  Corporate identity fraud and basic protection approaches are addressed.  Common workplace information security threats, as identified by a UK government survey, are introduced.

 

Social engineering

This topic introduces social engineering is and explains its popularity amongst attackers.  Three main malicious social engineering techniques are introduced.  Mainly UK social engineering examples are given.  Defensive techniques against social engineering attacks are outlined.

 

Dangerous email and links

This topic considers email attachment dangers.  The reasons attackers favour email are given.  Email protection steps are provided.  Hyperlinks and their dangers are explained.  How to distinguish between real and fake email is explored.  Scams targeting UK SMEs and protection advice are introduced.  A specific attack type – spear phishing – is also considered.


Social media issues

This topic introduces workplace social media.  SME social media concerns are outlined.  Key social media dangers including identity theft, social engineering attacks, malware infection, plus employee and employer risks are discussed.  Social media advice for UK SME employees and employers is provided.

 

Password risks

This topic considers key password issues including the ‘worst’ passwords, too many passwords, forgotten passwords and main types of password attack.  Technical security controls for passwords and their limitations are outlined.  The contrast between how users manage passwords and how they should manage their passwords is explored.  Poor password hygiene practice is demonstrated.  Good practice password hygiene is explained.  Two-factor authentication is outlined.  SME password security – managing multiple logins and passwords plus security tips for passwords are introduced.


Who is the target audience?
  • This course is designed for:
  • UK-based SME employers and employees, especially those working with office computing or mobile applications including browsers, email, word processors and spreadsheets.
  • Computing and business students interested in UK small business.
  • This course is not designed for:
  • UK SME employees not using computers, mobile devices or accessing the internet.
  • People without a UK SME interest or awareness.
  • This is a non-technical course focussed on small business security awareness. Except for evaluation purposes, this course is not appropriate for.
  • Information security professionals.
  • Technical IT staff.
  • Government or large organisation staff.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
33 Lectures
02:01:07
+
Introduction
1 Lecture 03:55

This lecture introduces the Information Security Awareness: An introduction for UK SMEs course

  • Why this curriculum?
  • What’s in it for you?
  • Who is this course for?
  • Course structure and content
  • Information security awareness – topics introduced
  • Practice activities
  • Resources
Preview 03:55
+
You are a target
6 Lectures 21:06

These you are a target lectures are structured as follows

  • Context – sets the scene and estimates the annual number of computer misuse incidents in England and Wales
  • Main concepts – introduces the stolen information market, outlines identity theft and presents common SME information security threats
  • Practical implications – argues that SMEs should consider the accidental harm caused by uninformed users and think about conducting security awareness training
  • Summary and conclusions – presents a summary of key points plus final comments
Preview 02:24

This lecture discusses

  • Is your personal or company information valuable?
  • Stolen information is sold on darknet markets
The stolen information market
04:59


Stolen information market quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


The stolen information market
4 questions

This lecture discusses

  • What is identity theft and who is most at risk?
  • Corporate identity fraud
  • Protecting corporate identity
  • Example: corporate identity phishing email
Preview 05:31


Identity theft quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Identity theft
5 questions

This lecture discusses

  • Common workplace information security threats
  • Example: malware laced Companies House email
SME information security threats
05:32


SME information security threats quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


SME information security threats
4 questions

This lecture explains

  • Why it matters

And asks

  • Where might this lead?
Practical implications
01:11

This lecture summarises the you are a target topic and draws conclusions

Summary and conclusions
01:29
+
Social engineering
6 Lectures 20:10

These social engineering lectures are structured as follows

  • Context – understanding common social engineering techniques may help you to protect yourself
  • Main concepts – introduces social engineering, provides some examples and offers some defensive tips
  • Practical implications – social engineering turns our own human nature against us – technology cannot fully protect us, so please remain wary Summary and conclusions – presents a summary of key points plus final comments
Preview 02:01

This lecture discusses

  • Social engineering: definition
  • Malicious social engineering
  • Phishing
  • Vishing (voice + fishing) & Smishing (SMS + fishing)
  • Impersonation
Preview 06:44


What is social engineering quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


What is social engineering?
4 questions

This lecture discusses

  • Phishing examples: UK HMRC
  • Vishing example: Businesswoman Emma Watson
  • Impersonation example: fake LinkedIn profiles
Social engineering examples
05:00

This lecture discusses

  • Being generally cautious
  • Verify calls made to you
  • Email precautions
Defending yourself
03:06


Defending yourself quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Defending yourself
3 questions

This lecture explains

  • Why it matters

And asks

  • Where might this lead?
Practical implications
01:46

This lecture summarises the social engineering topic and draws conclusions

Summary and conclusions
01:33
+
Dangerous email and links
7 Lectures 29:42

These dangerous email and links lectures are structured as follows

  • Context – many UK SMEs are cybercrime victims with estimated costs running into billions
  • Main concepts – considers the dangers of email attachments and hyperlinks, introduces some common scams targeting small business and outlines spear phishing
  • Practical implications – SMEs are especially vulnerable to email borne threats and staff need to be aware of them
  • Summary and conclusions – presents a summary of key points plus final comments
Preview 02:22

This lecture discusses

  • Why are email attachments dangerous?
  • Email attachment dangers
  • US-CERT email attachment protection steps
Email attachments
05:14


Email attachments quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Email attachments
3 questions

This lecture discusses

  • What are hyperlinks?
  • The dangers of clicking email links
  • Real vs. fake emails
  • Example: phishing email ‘from’ NatWest bank
  • Safe vs. unsafe email links: general advice
Hyperlinks
06:10


Hyperlinks quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Hyperlinks
3 questions

This lecture discusses

  • Fake invoice fraud
  • Ransomware demand
  • Example: UK company ransomware victim
  • Data theft
  • Protecting a small business from attacks
Preview 08:10


Common scams quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Common scams
3 questions

This lecture discusses

  • Spear phishing characteristics
  • Detecting spear phishing attempts
Spear phishing
04:08


Spear phishing quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Spear phishing
3 questions

This lecture explains

  • Why it matters
  • Where might this lead?

And asks

Practical implications
01:44

This lecture summarises the dangerous emails and links topic and draws conclusions

Summary and conclusions
01:54
+
Social media security issues
5 Lectures 15:04

These social media security issues lectures are structured as follows

  • Context – social media is increasingly used by SMEs, despite legitimate workplace concerns
  • Main concepts – introduces workplace social media dangers and discusses protecting SMEs and their staff
  • Practical implications – social media is here to stay, employees and customers demand it, so SMEs need to embrace it Summary and conclusions – presents a summary of key points plus final comments
Preview 02:49

This lecture discusses

  • Social media dangers: identity theft
  • Social media dangers: social engineering attacks
  • Social media dangers: malware
  • Social media dangers: personal
  • Employer’s social media risks
Social media dangers
06:12


Social media dangers quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Social media dangers
3 questions

This lecture discusses

  • Advice for employees
  • Advice for employers
Preview 03:40


Workplace social media protection quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Workplace social media protection
3 questions

This lecture explains

  • Why it matters
  • Where might this lead?


Practical implications
01:07

This lecture summarises the social media security issues topic and draws conclusions

Summary and conclusions
01:16
+
Password risks
7 Lectures 24:31

These password risks lectures are structured as follows

  • Context – people are fed up with passwords and their associated problems
  • Main concepts – introduces password issues, discusses password management, demonstrates poor and good password hygiene, and offers tips to improve SME password security
  • Practical implications –  SME employees may unknowingly be putting their organisations at risk
  • Summary and conclusions – presents a summary of key points plus final comments
Preview 01:49

This lecture discusses

  • Common password problems
  • Convenience vs. security
  • The worst passwords
  • Too many passwords
  • Forgotten passwords
  • Password attacks
  • Password attacks: brute-force
Preview 06:12


Password issues quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Password issues
3 questions

This lecture discusses

  • Technical security controls: password strength
  • User password management issues Password strength
Managing passwords
04:34


Managing passwords quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Managing passwords
3 questions

This lecture discusses

  • Password hygiene: what is it?
  • Example: poor password hygiene
  • Good password hygiene practice
  • Two-factor authentication
Password hygiene
05:30


Password hygiene quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


Password hygiene
3 questions

This lecture discusses

  • Keeping track of multiple logins and passwords
  • Password managers
  • SME password tips
SME password security
03:37

SME password security quiz.  Select the answer option that best reflects your view or understanding.


Note: some questions are opinion rather than fact based.  For these questions, more than one answer is ‘acceptable’.  However, the platform requires a single ‘correct’ answer.  You may disagree with my opinions!  That’s OK.  Please focus on reviewing the answer explanation rather than attaining ‘correct’ answers.


SME password security
3 questions

This lecture explains

  • Why it matters
  • Where might this lead?

And asks

Practical implications
01:18

This lecture summarises the password risks topic and draws conclusions

Summary and conclusions
01:31
+
Course summary and conclusions
1 Lecture 06:39
Course summary and conclusions
06:39
About the Instructor
David Chapman
5.0 Average rating
3 Reviews
12 Students
1 Course
Information Security trainer

I am the co-founder of CHL, a small company providing online information security and programming skills training.


I hold a BSc in computer science from Leicester Polytechnic and a PhD in small firm information security from Coventry University.


As a practitioner, I am actively involved in cloud-based platform-as-a-service application deployment.  I have project managed – classically and increasingly through Agile - many small and medium information system implementations.  I have also developed and delivered many face-to-face technical IT developer-focussed and information security commercial training courses.


As an academic, I develop and deliver information security-related university undergraduate and postgraduate courses in the UK and abroad.  As well as student teaching, my interest in pedagogy has led me to develop and deliver several university-staff teach-the-teacher programmes.


Combining practitioner and academic activity benefits industry clients and students alike.  As a practitioner, I am more reflective and better informed by current research.  As a teaching academic, practitioner activity keeps me up-to-date about current industry practices.


CHL clients include:

  • University of West England
  • Lancaster University
  • Education and Skills Funding Agency


Why the small business focus?  I just like small business.  I value its human scale.  My partner and I enjoy providing high-quality solutions.  It’s an honourable, decent way to make a living.  I am a fourth-generation small business owner.   


I’m Australian and proud of it.  But, despite the weather, I have lived in the UK for nearly forty years.