What guidance are you giving staff for setting passwords? NCSC's survey found 15% of us use pet's names that are easy to hack. What should you be insisting your team do, based on NCSC's guidance?
Tell staff to avoid passwords that are easily guessed or discoverable from social media. Too many passwords contain the following:
Avoid using the same password across multiple accounts.
Instead, the NCSC (National Cyber Security Centre) recommends strong passwords based on three random words (avoiding the types mentioned above) and adding symbols and numbers. The example they give is: "RedPantsTree4!".
Having more passwords that are more complex means you are going to have to save them somewhere secure. NCSC recommend saving them in your browser, but we recommend you use password management software.
However, whilst 80% said cyber security was a high priority, only 21% "always or often" save to a password manager.
Getting your team to observe good password practises is a practical and cost-effective way to enhance security. Of course, this doesn't replace other fundamental security measures such as Two Factor Authentication.
If you believe you have been a victim of fraud, you should report it to the Police using Action Fraud.