Craigs-Classroom

Why Cyber Security Matters

Why cyber security matters

Aim: Understand why security is everyone’s job.


Summary: Cyber attacks can stop work, leak data, cost money, and damage reputation. It isn’t only “hackers vs tech”—mistakes, weak passwords, lost devices, and phishing are common causes. UK organisations also have legal and regulatory duties (e.g., data protection), so good security is part of doing business well.

The impact (plain English)

  • People: stress, time lost, disrupted lessons or meetings, reputational harm.
  • Operations: systems offline, orders delayed, projects paused.
  • Money: incident response costs, fines/fees, lost sales, higher cyber insurance.
  • Trust: customers, learners and partners may take their business elsewhere.

Bottom line: security protects people, services and trust—not just “computers”.

It’s not just “hackers vs tech”

Most incidents start with everyday slip-ups:

  • Reusing or weak passwords.
  • Clicking a phishing link and entering credentials.
  • Losing an unencrypted device (phone/laptop/USB).
  • Forgetting to install updates/patches.
  • Sending a file to the wrong recipient.

Good security is a team sport: people, process and technology working together.

UK obligations (at a glance)

  • Data protection: personal data must be handled lawfully and securely (UK GDPR/Data Protection Act).
  • Duty of care: organisations must take reasonable steps to prevent harm (appropriate controls, training, reporting routes).
  • Sector expectations: many sectors have additional rules or guidance (e.g., NCSC advice, industry standards).

We’ll explore laws and standards later in the course—here, just recognise why they exist.

Everyday threats you’ll actually see

  • Phishing & smishing: messages that push you to click, open, or pay now.
  • Credential stuffing: attackers try known leaked passwords across many sites.
  • Malware & ransomware: malicious software that encrypts files or steals data.
  • Business email compromise: fake invoices or bank-detail changes that look real.
  • Shadow IT & misconfiguration: using unapproved tools or leaving defaults on.

Simple controls that make a big difference

  • Multi-Factor Authentication (MFA): stops most account takeovers.
  • Updates & patching: close known holes quickly.
  • Backups (tested): let you recover without paying ransoms.
  • Least privilege: only the access you need, nothing extra.
  • Report early: a quick heads-up prevents a small issue becoming a big one.

Mini case study (1 minute)

A colleague receives a “Teams meeting change” email and clicks the link. The page looks normal, but it asks them to log in again. They enter their password. Minutes later, the attacker uses it to forward all their email and sends a fake invoice from their account.

What stopped it?

  • Noticing the odd URL (hover to check before clicking).
  • MFA would have blocked login even with the stolen password.
  • Early reporting lets IT reset the account and warn others.

Try it (quick activity)

Write down three assets you value at work or study (e.g., learner data, lesson plans, laptop). For each, list one bad thing that could happen and one simple control that reduces the risk.

Example:

  • Asset: Lesson plans
    Risk: Accidental sharing outside the team
    Control: Use approved storage with the right sharing permissions

(You can pop your answers into your notes, or save them for your portfolio.)

Optional evidence (tiny first win)

  • Task: Turn on MFA for a personal account (e.g., Microsoft/Google/Apple).
  • Submit: 1 screenshot showing MFA is enabled + 2–4 sentences explaining why MFA helps.
  • Tip: Hide/blur personal info before uploading; include date/time on the screenshot.
  • Where: Add to your Week-1 orientation task in Moodle ([Moodle link]).

Key terms (you’ll see these again)

  • Asset: something of value (data, device, service, reputation).
  • Threat: anything that could cause harm (person, event, action).
  • Vulnerability: a weakness that a threat could exploit.
  • Risk: the chance something bad happens and how bad it is.
  • Control: a safeguard that reduces risk (policy, training, technology).
  • Phishing: a message that pretends to be trustworthy to trick you.

Quick FAQs

Do I need to be “technical” to help with security?

No. Spotting suspicious messages, using strong passwords and MFA, and reporting issues early are the most valuable actions anyone can take.

Will this slow me down day-to-day?

Not much. MFA takes seconds, and updates can run in the background. These small habits prevent far bigger delays later.

What if I make a mistake?

Tell someone quickly—your tutor, coach or IT contact. Early reporting turns a slip-up into a learning moment and limits damage.

Recent Posts
Categories
Study Guide: Understanding Cryptography in Cyber Security
03 – Programming, Scripting and AI
05 – A – Networking Part 02
Tags