In light of the newly passed Online Safety Act 2023, businesses must prepare for a significant transformation in their online operations to ensure the safety of users and protect their liability.
The aim of the Act is to make online spaces safer for individuals in the UK, the regulation seeks to secure services, ensuring that they’re safe by design and operated to a higher standard of protection while also emphasising increased transparency and accountability within these services.
The three main categories of harmful content:
- Illegal content and activity (note that defamation is not included in this category)
- Content that is lawful but harmful to children
- Fraudulent advertising
Vivek Dodd, CEO of compliance training service, Skillcast, comments:
Ensuring the online safety of your staff and safeguarding sensitive information has become more crucial than ever. This marks a significant turning point in our digital landscape, ensuring that it is no longer out-of-date.
Vivek Dodd, CEO of Skillcast
To assist businesses in their readiness, Skillcast has offered guidance on how to educate and prepare your staff for online safety:
- Understanding Online Safety Act 2023 Ensure that your staff is aware that the Online Safety Act 2023 provisions aim to promote a safer online environment, which includes tackling illegal content, protecting children, and preventing fraudulent advertising. Highlight that compliance with this legislation is not only a legal requirement but also a commitment to creating a more secure online experience for users and your organisation.
- Identify High-Risk Content Clarify what constitutes “high-risk” content under the Online Safety Act, including illegal content, content harmful to children, and fraudulent advertising. Provide examples to help staff recognise such content.Emphasise that understanding these categories is essential for recognising and addressing potential threats to online safety. By being able to identify high-risk content, your staff can play a proactive role in preventing the dissemination of harmful materials, which aligns with the Act’s goals of creating a safer online space.
- Spotting Phishing Attempts Train your staff to identify phishing attempts. Explain that phishing involves fraudulent emails or websites that impersonate legitimate sources to steal personal information. Encourage them to scrutinise email sender details, avoid clicking on suspicious links, and verify requests for sensitive information.
- Strong Passwords and Password Managers Research from the World Economic Forum shows that 80% of all breaches are due to weak passwords. That’s why educating your employees on the principles of strong passwords and the advantages of using password management tools is crucial.Train your staff to create strong, complex passwords, stressing the need to avoid using easily guessable information like birthdays or names, and emphasise the importance of using password management tools. These tools securely store and encrypt passwords, enhancing security and protecting sensitive information.
- Vigilance in Online Communications Explain the critical importance of being vigilant in all online communications. Remind your staff to exercise caution when sharing personal information, even with seemingly familiar contacts. Cybercriminals often impersonate trusted individuals or organisations. Encourage your employees to verify the identity of anyone requesting sensitive information, particularly in unexpected or unsolicited communication.
- Securing Home Routers Discuss the importance of securing home routers, which connect staff to the internet. Advise them to change default router passwords, enable WPA3 encryption for Wi-Fi networks, and set up strong, unique Wi-Fi passwords to protect against unauthorised access. Discuss the significance of router security in safeguarding their home network and how changing default router passwords is a fundamental step to prevent unauthorised access.
- Implement Two-Factor Authentication (2FA) Encourage the use of 2FA for online accounts whenever possible as it adds an extra layer of security by requiring a one-time code sent to their mobile device during login, making it harder for unauthorised access. Highlight the significance of 2FA in bolstering account security and how the dynamic element can deter hackers.
- Protect Privacy Settings and Controls Guide your employees in adjusting privacy settings and use social media responsibly. Explain that limiting publicly accessible personal information and managing app permissions are vital for minimising the risk of identity theft.
Joanne is the editor for Workplace Wellbeing Professional and has a keen interest in promoting the safety and wellbeing of the global workforce. After earning a bachelor's degree in English literature and media studies, she taught English in China and Vietnam for two years. Before joining Work Well Pro, Joanne worked as a marketing coordinator for luxury property, where her responsibilities included blog writing, photography, and video creation.