Ocurrio utilises a range of products that utilise the “cloud” such as Axcelerate as the Training Management System. Axcelerate is a cloud based software package that is used extensively by many RTO’s such as Ocurrio. Axcelerate is independent of Ocurrio. Axcelerate provides a service to Ocurrio so that we can provide a high level of service to you.
For almost all training at Ocurrio you will be using a computer and logging into Axcelerate on a regular basis – The following provides useful information that you should consider and apply when using any of these types of systems including Axcelerate.
Ocurrio pays Axcelerate to provide a secure training management system to us in order to provide secure services to you. Axcelerate have many levels of data security including backups and disaster recovery. This is the responsibility and accountability of Axcelerate and not Ocurrio. Ocurrio cannot be held accountable for any loss, direct or consequential to you or your employer or other third parties in case of a loss of data on the Axcelerate platform.
However, you should always be aware of how to manage information on the cloud.
Whether you’re shopping, banking, doing your accounts, or simply checking your email, cyber criminals and scammers are always looking for ways to steal money or sensitive information.
There are precautions you can take to reduce the risks and help keep you safe from harm online. Take a few minutes to read below for information about how to identify and deal with scams and malicious phishing emails.
Phishing and malicious emails
A phishing email is a favoured way for cyber criminals to get access to your sensitive information, such as your usernames and passwords, credit card details, bank account numbers, etc. This kind of email may look as if it has come from a trustworthy source, but will attempt to trick you into:
- clicking on a link that will infect your computer with malicious software
- following a link to a fake (but convincing looking) website that will steal your login details
- opening an attachment that will infect your computer.
Once you are hooked, the cyber-criminal may be able to steal or extort money from you, or gather sensitive personal or business information that they can use for other attacks. However, you can protect yourself and your business by being aware of these scams, and by knowing what to look for that may help you identify a malicious email:
- Incorrect spelling or grammar: legitimate organisations don’t always get it 100% right, but be suspicious of emails with basic errors.
- The actual linked URL is different from the one displayed – hover your mouse over any links in an email (DON’T CLICK) to see if the actual URL is different.
- The email asks for personal information that they should already have, or information that isn’t relevant to your business with them.
- The email calls for urgent action. For example, “Your bank account will be closed if you don’t respond right away”. If you are not sure and want to check, then go directly to the bank’s website via the URL you would normally use, or phone them. Don’t click on the link in the email. The email says you’ve won a competition you didn’t enter, have a parcel waiting that you didn’t order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn’t true.
- There are changes to how information is usually presented, for example an email is addressed to “Dear Sirs” or “Hello” instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.
These are just a few of the things to watch out for. There’s a lot more information and tips available on the web. But even if there’s nothing specific you can point to, the email may just not feel right. Trust your instincts, and don’t get hooked.
If you suspect you’ve received a phishing or malicious email, and it says it’s from Ocurrio or uses Ocurrio’s logo, do not click on anything in the email – please report it by letting us know through the Ocurrio web site contact us page.
Try to avoid a phishing attack by following these rules
If you receive a suspicious email make sure you:
- DO NOT CLICK on any link or attachment contained in the email.
- DO NOT REPLY to the email.
- Report the email by contacting us if it is Ocurrio-branded.
- Delete the email
- Update your anti-malware (anti-virus, anti-spyware) and run a full scan on your computer.
Introduction to Cloud Security
Training data is increasingly being stored online in the cloud. What does this mean and is it as scary as it sounds?
What is the cloud?
You might have heard about ‘the cloud’ and wondered what it meant. In simple terms, it’s a way of describing data and applications that are stored online.
As little as a decade ago, programs were run directly from people’s computers. Users installed the software themselves onto the hard drive, usually from a CD-ROM. The data created by that software was also stored on the hard drive.
But as internet speeds have increased and data storage costs dropped, all of that is changing. Now many applications run at least partly online, from remote servers. And the data they generate is also stored on those servers.
Businesses all over the world are moving to the cloud. There are good reasons for doing so, which we’ll explain in this guide. Then we’ll look at cloud security and provide some useful tips that may help make your data safer in the cloud.
This guide provides general advice on cloud security and isn’t intended to cover everything. After reading it, you should be more familiar with ways to secure your data in the cloud. But before you jump in, remember that nothing is ever 100 percent secure. Always get professional advice if you have concerns about the security of your data (whether in the cloud or otherwise).
Five key benefits of cloud computing
There are some significant benefits to businesses using the cloud:
- Lower IT costs but improved experience
Software upgrades, patches and backups are vital to keeping a business running. Cloud applicationsdo most of this for you, saving on your IT support bill. And cloud software is often based on an affordable monthly subscription – not a big capital expense. Why manage IT in-house when you can have experienced professionals doing it for you?
- Faster updates
Cloud software is being developed all the time. New features are added and bugs are fixed as quickly as possible. This means you always have the latest software – no need to wait a year for the next version.
- Access from anywhere at any time
Cloud applications aren’t tied to a single desktop computer. You can access your software and data from wherever you happen to be as long as you have an internet connection. With most programs, you can use a laptop, desktop, smartphone or tablet. Many newer applications will run in a web browser on almost any device.
- Better business continuity
Power outages, fires, floods, burglaries, earthquakes – all of these are potential business risks. Cloud-based companies can recover faster from disaster than those with data stored on-site. They could be up and running within hours, instead of weeks or longer.
- Greater agility
Cloud systems are often able to share data or integrate with each other. This means you can process your information in new and useful ways. For example, contractors can manage their purchase orders and invoicing on a platform that feeds directly into your cost control system.
How is the data stored?
One of the common questions people have about cloud computing is, “How is my data stored?”. In most cases it’s stored on servers in big data centres, which are secure and managed 24 hours a day.
And what about the journey between your computer and those data servers? Professional cloud applications use secure, encrypted connections. That means your data is encrypted on your computer before it’s sent to the server – and also when it comes back again. This means that nobody can listen in to what’s being sent or received.
Cloud software companies take data security very seriously and work hard to protect their customers’ data. So you might be wondering how data is ever hacked. It does happen, but it’s something you can help prevent. We’ll look at that next.
Five key ways you can make your data more secure
High-profile hacking cases in recent years have made some people nervous about storing their data in the cloud. But in nearly every case, it’s not as simple as the cloud being the problem. Often it’s the way the cloud is used that causes issues. Here are five ways you can increase the security of your data:
- Make sure your passwords are secure
Many people use passwords that aren’t secure. They might use their pet’s name combined with their date of birth, or their child’s name spelled backwards. Or they might use other combinations that seem clever but are actually easy to guess.
Short passwords can be cracked by brute force, by giving a computer a word list and letting it try combinations of words. Longer passwords are harder to crack – but also harder to remember.
This is a widely-debated area of computer security. It’s worth doing a web search for ‘correct horse battery staple’ for some interesting information. In the meantime, remember to keep your passwords long, as random as possible, and unrelated to your own life. Use a different password for each cloud application. If you want something more secure than a password, you might want to use a passphrase instead. Passphrases are typically about 20 to 30 characters long and usually harder to crack than passwords. While these need to be meaningful, try not to use your birth date or username.
You can use password manager software to help you remember multiple logins and to generate strong passwords. You only need to remember one password to access the manager, which securely stores all of your other usernames and passwords for you.
- Take advantage of login and online activity monitoring
Some cloud applications provide additional information about how their system is being used. Review the additional security services they provide and take advantage of them – every precaution you take makes a difference. For example, some online services display details of when you last logged in to their service. If you notice this is incorrect, or from a suspicious location, then raise it with the appropriate party. Remember: tools like this are provided as a service – they’re there for you to use.
- Use anti-malware (also known as anti-virus software)
Malware (short for malicious software) can get onto your computer, laptop, tablet or smartphone and do something malicious like stealing your data. It usually means that the user of the device has clicked on a link or attachment in an email, or visited a website that’s not secure. If there’s a link or attachment that you don’t know or trust then don’t click on it.
Once malware is on your machine, it might log your user ID, password or credit card information and send it to a hacker. Or it might quietly take over your computer and use it to attack other machines.
Malware is designed to be hidden, so you’re not likely to notice it by chance. Make sure you use anti-malware on your phone, laptop, desktop and tablet. And always ensure that your anti-malware and any other software you have is kept up to date.
Make sure you get your anti-malware from a reputable source. This is because often what can look like genuine software, is actually malware in disguise. Malware is one of the easiest ways for hackers to get access to your device, so it’s important to take this seriously.
- Be aware of phishing or other hacking methods
Hacking can happen through people, not just computers. For example, imagine a phone call: “Hello, it’s Mary from IT support. We’re upgrading your software but it looks like your password has changed since last time and we can’t get in to do the upgrade. What’s your new password?” This is type of hacking attempt is called social engineering.
Another method of hacking is called ‘phishing’ and this happens by email. Often the email will contain links that the hacker wants you to click on. Without training, your staff might give away vital security information via phone or email.
In any of these cases, the cloud isn’t the problem. The same attacks could be carried out on data stored in-house. In fact the risk would be even greater, because burglary or theft could also be issues. It’s easier to steal a USB stick or a laptop full of data than it is to steal information in the cloud. The problem is usually in the way the technology is used.
Train your staff and yourself about online safety and good security practices
You wouldn’t let your staff drive a forklift truck or work in sales without proper training. The same should be true of computer equipment and software.
Whether your business uses a smartphone, laptop, desktop or tablet, staff should be trained in data security best practices. They should also be taught how to choose secure passwords and identify phishing scams.
A full data security policy is beyond the scope of this guide, but it’s something every business needs. There are online resources that can help you draft one, and plenty of security companies can advise you too. Check out this resource by Get Safe Online.
Remember, an unsecured computer is an open door into your vital business data. Make sure all the doors are locked.
Cloud security is all about your attitude
Cloud data storage can be more secure than storing data on your own business premises. There’s less risk of loss or theft, more flexibility and the ability to recover quickly from a disaster.
But nothing can be perfectly secure on its own. The way you use something affects its security. For example, you wouldn’t leave your car unlocked in the middle of a town at night. Make sure you take cloud security seriously by:
- using sensible passwords
- protecting your computing devices against malware
- training your staff to identify risks and phishing attacks
- complying with all laws about data storage in your area.
Remember, nothing is ever 100 percent secure, so you need to take the right precautions to protect your data. If you follow the steps in this guide, you’ll be well on your way to making your data safer in the cloud.