Incoterms help to make international trading easier by providing standard terms that are uniformly recognised across the world. These trade terms are frequently used in domestic and international trade contracts.

It’s important to note that, while the Incoterms 2020 have been published, parties can continue to use previous revisions of the Incoterms, as long as they are decided upon in their agreements.

Types of Incoterms

The commonality of Incoterms in trading contracts makes it important for you to understand what they mean and the responsibilities of the various involved parties.

Incoterms 2020 are made up of 11 different Incoterms. The update resulted in a couple of key changes, which are outlined in the dropdowns below. This article will detail all 11 of the Incoterms 2020 to help you understand more about them.

Note that one incoterm had a change of name to better reflect the content of the incoterm – DAT (Delivered at Terminal) was updated to DPU (Delivered at Place Unloaded).

For more information on Incoterms 2010, visit the following article: Beginner’s Guide to the 11 Types of Incoterms 2010

It’s important to understand the key responsibilities outlined by each Incoterm and choose the one that is most suited to your needs. Our guide to the Incoterms 2020 should be a useful resource to help you understand your responsibilities when reading over national and international trade contracts.

This resource is meant to only act as a brief introduction to Incoterms 2020. Also, remember that all revisions of the Incoterms can still be used, including Incoterms 2010, as long as they have been clearly decided upon in your agreement. Further information on Incoterms can be found directly from the ICC. It’s important to fully understand the rules outlined by the Incoterms to avoid any unplanned costs to the buyers and seller.

What to Read Next

• Beginner’s Guide to the 11 Types of Incoterms (2010)
• Business Essentials Courses
• Anti-Bribery & Anti-Corruption Policy Template

The post Guide to the Incoterms 2020 – Key Changes Explained appeared first on The Hub | High Speed Training.

What is Menu Engineering?

If you work in the hospitality industry it’s likely that you’ll have come across the term menu engineering before. It refers to the process of analysing the performance of every item on a menu. You should consider three key areas, popularity in comparison to similar items, pricing and profit. This should then influence where items are placed on a menu, helping increase profitability per guest.

As well as where items are placed, menu engineering also refers to the overall appearance of a menu. Firstly, it must match the tone of the establishment and, importantly, it must be carefully thought out and designed. Often, this is the first thing customers see when deciding where to eat so you need to leave a lasting impression.

Menu engineering will give you greater insight into the products you sell and where you can increase your profits pertaining to an individual item.

Why Do I Need Menu Engineering?

Menu engineering is a tool that will benefit most establishments within the hospitality industry, particularly restaurants. It can be applied to almost any menu, including those online, drink menus, or a specials board.

The main reason you need menu engineering is to increase your business’ profitability. It allows you to subconsciously encourage customers to purchase what you want them to. And the dishes you’re going to want them to buy are those with the highest profit margin.

You should also focus on calculating the individual cost of menu items. This includes all the ingredients that are required, as well as the costs incurred during the production and serving processes. Menu engineering, then, should form a large part of your cost and profit management.

You should also use this information to optimise an item’s contribution to the overall profit margin of the business. For example, you can use menu engineering to manage waste, therefore saving money as well as reducing the amount of food thrown away. You can do this by calculating the quantity of each product that needs to be prepared every day, based on its popularity.

Using a Menu Engineering Matrix

A menu engineering matrix will help you to recognise which products are good for your business. More importantly, it’ll help you to identify which you need to focus on more. Throughout the process, you need to put all menu items into one of the four menu engineering categories. You can only do so once you have calculated how much of each menu item has sold during a set period, and the profit driven by each. You can then use this data to plot the item within a menu engineering matrix.

A menu engineering matrix is a graph on which you should place each item, based on what you have concluded in terms of popularity and profitability. You can determine popularity by the quantity of the dish sold within a set period, while profitability is the item’s contribution margin. The matrix is split into four categories:

• Dog
• Plow-horse
• Puzzle
• Star

Dog

If a menu item falls within the ‘dog’ category this means it has both low profitability and low popularity. They tend to cost a lot to make, whether that be in terms of labour or ingredients. As well as this, they aren’t very popular with diners. Consider whether you can alter the dishes that fall under this category. If they remain unsuccessful you should either move its location on the menu, or get rid of it as an option entirely.

Plow-horse

Items in this section have low profitability but are popular amongst diners. Although the ingredients used are more expensive, the item sells well so you need to be careful when adjusting the recipe. You may be able to find suitable alternatives that don’t noticeably impact the menu item. 

Another option you should consider is portion size. You should have already monitored how much food is wasted, including in terms of each meal. If leftovers from a dish in the ‘plow-horse’ category are frequent, you may want to consider making the portion size smaller. If you decide to take this approach the portion alteration should only be minor, as a noticeable reduction may upset customers who have come to expect a larger portion size.

Puzzle

Puzzle menu items are those that have a high profit, but don’t tend to sell particularly well. You want to try and increase their popularity with consumers. This can be done by listing the food item in a different place on the menu. Research has suggested that diners look to the top right-hand corner of menus for the longest duration. Therefore, it makes sense to position items with a high profit here, particularly if they currently don’t sell well. Over a period of time, you should assess the change in popularity of the item to determine its success based on its new position on the menu.

Star

Star menu items have high profitability and popularity. This means that they are cheap to make and are very  popular with your customers already. When it comes to items in the star category it is best to leave them as they are and continue to promote them as you already do. Make sure they are visible on your menu, as they are clearly a popular choice. Ideally, you should be aiming to make every item on your menu a star.

Using Menu Engineering to Help Reduce Your Food Waste

Customers are keen to support sustainability, and this extends to their dining decisions. However, not all customers are willing to pay more for it. Reducing your food waste is one way in which you can be sustainable without impacting the cost of your products for customers. As well as increasing your profit, menu engineering can also help you to reduce the amount of food waste being produced. By monitoring the quantities of the ingredients required for a dish, you are only using as much of each that is required. While this is likely to be done with profit in mind, it will also have the added bonus of reducing the amount of food your business is having to waste.

One initiative you could implement to try and reduce your food waste is to offer smaller portion sizes as an alternative. If, during your assessment, you notice that diners are frequently not finishing some dishes in particular, this may indicate that they are simply too big. However, simply making them smaller is likely to upset some diners. Instead, you may decide to offer the same dish but as a smaller portion size. This helps to cut down on the amount of leftover food that has to be disposed of. In addition, consumers may think that they are getting better value for money, when in fact you could make a profit.

Reducing the amount of waste your business produces is essential from both a profit and environmental perspective. You can find out more on how you can reduce food waste in restaurants in our article, here.

5 Menu Engineering Tips for Your Restaurant

There is great potential for your restaurant to improve its overall profit by using menu engineering. We have put together some general tips aimed at restaurant managers and supervisors, but most will be applicable to any business that serves food.

1. Set time goals.

Firstly, you need to work out what can realistically be achieved at your restaurant, and how long it is going to take to implement any changes. Menu engineering is a complex, time consuming task, and you must make sure you make the most of the data you have. Work out what you want to achieve, then what you can actually achieve, and by when.

2. Use complex menu descriptions, but sparingly.

Longer, more detailed menu descriptions of dishes can increase sales by up to 30%. Doing so gives the consumer more information about a dish, making it sound more impressive, and tends to draw their attention from the price. However, don’t use complex descriptions for every item on the menu. For some, simpler, dishes such as sides, this isn’t necessary. Having thorough descriptions for a select few makes these dishes seem more impressive and so they stand out from other menu items. You may want to use longer descriptions for items that fall into the ‘puzzles’ matrix category.

3. Constantly review your menu.

Having engineered your menu, you should be constantly reviewing it to determine what is selling well and why some dishes are underperforming. Often, you will get some anomalies that just don’t sell well with customers despite your adjustments. In these instances, reassess what decisions you previously made and see whether you can try a different approach. You should aim to carry out a menu engineering analysis periodically, as dish popularity and profitability is likely to change over time. For example, you may decide to do so seasonally, as your menu changes.

4. Focus on what your customers want.

You must pay attention to and understand what your customers like and want. If you decide to remove or alter a dish, you may be faced with unhappy regular customers. This is particularly the case when it comes to menu items that fall under the ‘plow-horse’ section of the matrix. Although you cannot please everyone, you need to focus on what your customers want. One way in which you can do this is through getting feedback directly from customers. Ask them what they like about your menu and what they would suggest you change. It would also be useful to ask them about specific items on your menu, particularly as to why they would never pick certain options. Of course, some of this will come down to personal taste preference, but you’re likely to learn something that can inform your menu decisions.

5. Train your staff in menu engineering.

Finally, you must talk to your staff about the changes that have been made. Waiting staff are likely to be asked about the menu by customers, so they need to fully understand it themselves. You should also communicate to staff which dishes they should encourage customers to buy. Often, this will be menu items that fall under the ‘puzzle’ category, with low popularity but high profitability. You should also ask your staff for their input when you are engineering your menu. Employees working front of house may have received customer feedback on a particular dish, while chefs will know which dishes take a lot of time to make, or produce more food waste. As a result, you can learn a lot that will inform your menu engineering decisions simply by talking to employees.

Menu engineering allows you to fully assess your dishes and menu. This provides you with an opportunity to increase your food business’s profit. It is crucial that you consider which of your dishes are the most popular with your customers. You can then fully assess how they might respond if you were to alter or remove a dish from the menu entirely. This is why customer feedback and input is so valuable. When implementing menu engineering you need to listen to your customers and employees, as well as use the data you have gathered.

What to Read Next:

• Food Preservation Methods and Guidance
• The Importance of Stocktaking in Hospitality: Guide for Managers
• Upselling Techniques in Restaurants
• Level 3 Supervising Food Safety in Catering

The post Menu Engineering: How to Use it to Increase Profitability appeared first on The Hub | High Speed Training.

Who needs a Data Protection Licence?

The Data Protection Act 2018 requires all data controllers to register with the Information Commissioner’s Office (ICO). They must apply for a data protection licence and renew their registration annually.

A data controller is any individual or organisation that processes personal information, including sole traders, limited companies, and MPs. If this definition applies to you, you’ll need to register.

Not sure if you need a DPA licence? The ICO website has a self-assessment tool that you can use.

Notification to the ICO

Notification is a statutory requirement. Every individual or organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence.

To notify the ICO, you must provide them with details about how and why you process personal information. The ICO then publishes certain details in the register of data controllers, which is available to the public for inspection.

You can search the data protection licence register online here.

How Do I Get a Data Protection Licence?

You can complete your Data Protection Act registration via a simple online form, which you must fully complete. This involves providing details on your organisation, the types of data that you process, the number of employees in your business, and your turnover. You might need to add details of your Data Protection Officer during this process too.

Make sure you have your payment details ready to pay the annual data protection fee.

Need a Course?

Our Data Protection Training Course is designed to help businesses and individuals comply with the essential principles of the UK’s Data Protection Act and the EU’s General Data Protection Regulation (GDPR).

You may also be interested in: Key Principles of the Data Protection Act 2018

Data Protection Licence Fee

The fee for registration depends on the size and turnover of your business. The ICO will determine which of three payment tiers you fit into, which were introduced as part of GDPR. The tiers range from £40 to £2,900, but most organisations will only need to pay £40 or £60.

The three tiers of data protection fees are: 

• Tier 1: micro organisations. This tier applies to business with a maximum turnover of £632,000 for the financial year or no more than 10 employees. If this tier applies to you, you must pay £40.
• Tier 2: small and medium organisations. This tier applies to business with a maximum turnover of £36 million for their financial year or no more than 250 employees. If this tier applies to you, you must pay £60.
• Tier 3: large organisations. This tier applies to any businesses that do not meet the criteria for the first two tiers. They must pay £2,900 for the licence fee.

There is no VAT required for a DPA licence. Furthermore, charities and small occupational pension schemes will only need to pay £40, regardless of their size and turnover.

If you’re unsure about which tier you fit into, you can take the ICO’s assessment online.

Data Protection Licence Renewal

You must renew your data protection licence annually. To do this, you’ll need your order and registration reference, and payment details to repay the fee to the ICO. Your business will receive a reminder six weeks before the renewal fee is due.

Be sure to not ignore this reminder, as renewal is absolutely crucial for ensuring you carry out data handling activities legally and securely.

What to Read Next:

• Data Protection Act Summary
• Online Data Protection Training Course

The post How to Apply for a Data Protection Licence appeared first on The Hub | High Speed Training.

Therefore, offering credit to customers requires a robust credit control procedure if you want to actually receive payment and maintain a positive cash flow. You also need to ensure you meet certain legal requirements and know how the law can help you. By taking the necessary steps, you can provide credit to customers and reduce the risks to your business.

Need a Course?

Our Credit Control Training Course teaches effective chase techniques, how to tackle common excuses for non-payment, and how third parties and the court can help you reclaim debts. With this knowledge, you’ll be able to offer credit to customers with as low a risk as possible and chase overdue payments effectively.

Do I Need a Consumer Credit Licence? (& Other FAQs)

To offer credit to customers, you will likely need to acquire consumer credit authorisation from the Financial Conduct Authority (FCA). You need to do so even if you had a licence in the past. However, you do not need it if you only offer credit to limited companies. Consumer credit authorisation was previously known as a consumer credit licence when the Office of Fair Trading (OFT) regulated credit, but the Financial Conduct Authority renamed it when they assumed control.

You will need consumer credit authorisation for the following activities:

• Selling goods or services on finance (this includes hire purchases).
• Lending money.
• Credit broking.
• Hiring or leasing out goods for over 3 months.
• Arranging credit for other people.
• Issuing credit cards to people.
• Collecting or purchasing consumer credit debts.
• Assisting people with their debt problems or offering them advice on their credit standing.

This list is not exhaustive, as the Financial Conduct Authority’s definition of businesses that may or may not need authorisation is broad. However, generally speaking, any business that provides goods and services on finance to customers and unincorporated associations needs to have authorisation.

What if I have a consumer credit licence from OFT?

Consumer credit licences are no longer sufficient authorisation. If you registered for interim permission from the OFT before the change, you are permitted to continue carrying out credit activities while you wait for full authorisation from the FCA. However, you must apply for authorisation as soon as possible. This is necessary to become properly authorised and added to the FCA’s list of registered businesses.

How do I apply for consumer credit authorisation?

The Financial Conduct Authority provides a 9-step checklist you should follow before applying for authorisation:

1. Have your National Insurance or passport number to hand.
2. Prepare relevant business documents, including draft agreements, pre-contract information, promotional literature, and website screenshots.
3. Calculate the highest projected amount of client money (where relevant to your firm) and consumer credit income for the next 12 months.
4. Determine what regulated financial activities you plan to carry out.
5. Have your employment history for the past 5 years to hand. You should also have your residential addresses from the past 3 years and details of significant events for each approved person.
6. Prepare details of partners, shares, subordinated loans, and other external funding where relevant.
7. Establish the firm’s approved person(s) and money laundering reporting officer, where relevant. Be ready to describe how your firm will manage risks from money laundering.
8. Have your business plan to hand.
9. Complete the IT self-assessment questionnaire, which you can find on the Financial Conduct Authority’s website.

You will then need to register with their Connect service to make an application.

Are there any limits or exemptions relating to authorisation?

You do not need authorisation if the only credit-related activity you carry out is taking credit card payments. However, you will need authorisation if you issue credit cards.

You are also exempt from authorisation if you only offer certain types of instalment credit agreements. This includes those that are repayable by fewer than 12 instalments within 12 months, that finance specific goods or services, and are for a fixed amount of money. It is not exempt if it involves interest charges, conditional sales or HP agreements, pawn agreements, or buying land.

It is also worth noting that the Consumer Credit Act 2006, which expanded on the Consumer Credit Act 1974, removed the £25,000 financial limit for the regulation of consumer credit and consumer hire agreements. This means that all consumer credit agreements can be subject to regulation.

However, agreements exceeding £25,000 will not be subject to regulation where ‘the agreement is entered into by the borrower wholly or predominantly for the purposes of a business carried on, or intended to be carried on, by the borrower.’ (Quote extracted from FCA handbook.)

If you’re still unsure whether you need authorisation, contact the Financial Conduct Authority. You should describe to them the type of credit-related activities you plan to carry out so the FCA can properly advise you.

Implementing Good Credit Control Procedures

If your business offers credit, you must have strong control procedures in place. Otherwise, you’ll likely face customers who pay late or regularly encounter ‘problems’ that endlessly delay their payment. Proper procedures ensure that you do business with customers who are more likely to pay in the first place, and that you have a working chase system for when they don’t.

Effective credit control is crucial because unpaid credit will rapidly lead to a backlog of bad debts. This in turn impacts your cash flow. Studies show time and time again that poor cash flow is one of the most common reasons businesses fail, so you’re entering dangerous territory if you offer credit unprepared.

To implement good credit control procedures, you should do the following:

Establish payment terms early on

Providing credit is a contractual agreement that needs clear-cut terms and conditions in order for you to retain control. As a credit provider, it’s your job to establish the terms your customers must agree to upfront. This means that, if they try to avoid paying, you can use your agreement to apply pressure and involve the law if necessary.

Check your customers

The more customers you offer credit to, the higher chance there is of finding people who won’t or can’t pay. Therefore, you need to carry out proper checks on every potential customer to identify their creditworthiness. You can do this through credit checking companies and/or through references they provide in their application for credit. Doing so could help you avoid a massive headache in the future.

Don’t buy excuses

Although many customers that you encounter will be perfectly trustworthy, plenty of people simply want to get out of paying. Whether this is because they’re a penny pincher or are hundreds of thousands of pounds in debt, they are armed with every excuse in the book and are bad for business. You should therefore immediately apply pressure to anyone who starts piling on excuses or unfulfilled promises.

Consider insurance

Despite your best efforts, unpaid accounts do happen. To minimise the amount that you write off, consider acquiring credit insurance to reclaim a percentage of bad debts. It may not be viable if your business is small, but it’s certainly worth thinking about if the number of your customers who use credit is rapidly increasing.

Know your rights

The Late Payment of Commercial Debts (Interest) Act 1998 and the Late Payment of Commercial Debts Regulations 2002 exist to give businesses the legal right to apply 8% interest and other costs on late payments. You should state this in your terms of payment and use it on customers who clearly don’t want to cooperate. Furthermore, you can take issues to solicitors and the court if need be.

Create a solid chase cycle

The process you follow when chasing late payments can make or break how rapidly you reclaim it. You must know exactly what to say, how frequently to chase, and what methods to use. Proper credit controlling ensures you remain in control and apply an effective amount of pressure. This will prevent debtors from walking over you or becoming annoyed and less likely to cooperate.

While offering credit is a powerful way to attract new customers and increase profits, you need to jump through all the legal hoops and establish proper processes to do so successfully. Make sure you familiarise yourself with each of these steps, including a professional credit control method, so you can get started with a strong foothold.

What to Read Next:

• Credit Control Training Course
• Definitive Guide to Sole Trader Tax
• How to Write a Business Plan for Your Cleaning Company

The post How Can I Offer Credit to My Customers? appeared first on The Hub | High Speed Training.

Although the Data Protection Act has received various amendments, it still contains a set of key principles that all data-handling businesses must follow. The Act has updated its previous principles to reflect those put into place by GDPR, which instructs businesses on how to protect people’s personal data.

The principles give you an overview of what data protection law requires from all data controllers. They exist to protect the data you process about data subjects and apply to everything that you do with people’s personal data. Therefore, it’s essential that you understand them.

Need a Course?

Our Data Protection Training Course is designed to help businesses and individuals comply with the essential principles of the UK’s Data Protection Act and the EU’s General Data Protection Regulation (GDPR).

The Data Protection Act Key Principles:

Fair, lawful, and transparent processing

GDPR states that personal data must be ‘processed lawfully, fairly and in a transparent manner in relation to the data subject’. This means that all data controllers must only process data for the purpose they acquired it and with consideration of the data subject’s rights. You must have a legitimate reason for processing their data and never hold onto it for other purposes.

Furthermore, you must tell the person exactly what you’ll use their data for and receive explicit consent. When you are acquiring their data, you must offer a clear statement about how you plan to use it before they agree. Keep in mind that you can only provide opt in options, not opt out. You must also include information in your privacy policy about why you may need people’s personal data.

Purpose limitation

The principle of purpose limitation states that data must only be ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’. The only exception to this is purposes relating to public interest and scientific or historical research. However, the controller must have authorisation to do so.

Purpose limitation supports the previous principle: you cannot use data for any purpose other than the one you collected it for. For example, let’s say you are acquiring data to complete a transaction with a customer. Without explicit consent, you cannot use that same data for marketing purposes.

It’s also important to know that most businesses must notify the Information Commissioner’s Office (ICO) of how and why they plan to acquire data. Some organisations are exempt, such as if you only process personal data for payroll or for maintaining a public register. If you are unsure about whether you need to notify the ICO, you should contact them directly and ask.

Data minimisation

The data minimisation principle refers to the importance of only holding as much data about a person as is necessary. Data must be ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed’. For example, if you are collecting data to post a catalogue, you only need the person’s name and address. You don’t need their date of birth or gender, as it’s not relevant. Furthermore, when you no longer need data to fulfil its original purpose, you must securely delete or destroy it.

In accordance with this principle, you cannot collect data on a ‘just in case’ basis. You must carefully consider the purpose for which you’re acquiring data before you gather it. If you think you’ll eventually need to use a person’s data for something else, you’ll have to recollect it with new consent nearer the time. You cannot collect it in advance for future purposes.

Fulfilling the principle of minimisation is crucial for reducing risks, such as if a data breach occurs. It also ensures that data is not subject to misuse.

You may also be interested in our following guides: How to Apply for a Data Protection Licence and How to Select Suitable Data Protection Methods

Accuracy

The principle of accuracy states that the data you collect must be ‘accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay’. To fulfil this principle, you must update data if a customer notifies you of a change. You must also erase the data if it’s no longer necessary. Under the regulations, data subjects have the right to rectification and you must fulfil this request within one month.

Accuracy also applies to outsourced processes, such as using an external payroll company. You must have a system in place for ensuring they can easily correct any personal data they hold. Primary data controllers are responsible for ensuring this occurs. Therefore, you must make sure you’re aware of all the third parties that process any data you hold about people.

Data retention periods

To comply with the principle of data retention periods, data you hold must be ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed’. You may store it for longer for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

The duration for which you can lawfully hold data varies depending on the purpose you acquired it for. It is up to each individual business to determine this themselves. In some cases, the law may enforce a retention period. For example, you must keep P60s and P45s as part of HR records for 6 years. You should also be aware that data subjects have the right to erasure. This is also known as the right to be forgotten. If you receive a request for erasure, you must respond within a month to notify them of your intended actions.

If you no longer need data for its original purpose, or a person asks for you to erase it, you must securely delete or destroy it.

Another requirement regarding data retention is keeping internal records of data processing activities. This is a new requirement under GDPR. It applies to all businesses if their data processing could risk an individual’s rights or freedoms. Businesses with more than 250 employees must keep more detailed records, which the Data Protection Officer should oversee.

Data security

This is a crucial principle, as it refers to the processes you must follow to securely handle personal data. Under the regulations, it’s essential that the data you hold is ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’. Data security requirements also apply to any third parties that process data you collected. It’s your responsibility to ensure they comply.

Data security applies to both physical and digital data, and to internal and external threats. People must not be able to access data without proper authorisation. For example, by physically accessing a room that holds records or digitally acquiring them through cyber-attacks. Your business must have procedures in place to mitigate these risks, and it’s up to you to determine what is proportionate and necessary to achieve an adequate level of security.

Examples of cyber security measures include: installing security software (such as antivirus), enforcing security policies, providing information, instruction, and training to staff, and only granting access to people who actually need to use the data.

Accountability

Accountability is a new addition to the Data Protection Act in accordance with GDPR. To comply with it, data controllers must be able to prove that their data protection measures are sufficient. They must have appropriate technical and organisational procedures, which include suitable privacy policies and keeping sufficient records of their processing activities.

Not only is accountability crucial for complying with data protection law, but it also reflects positively on your business. Customers, clients, and employees will recognise that you handle their private information securely, meaning they’re more willing to give you their trust and do business with you.

What to Read Next

• GDPR & Third Party Data Processors
• Data Protection Quiz
• Data Protection in Schools: How to Comply With The Data Protection Act 2018
• Online Data Protection Training Course

The post Key Principles of the Data Protection Act 2018 appeared first on The Hub | High Speed Training.

Hackers who steal your personal information may use it to commit identity theft or hold it for ransom, which is damaging for anyone. The consequences can take years to rectify and have severe emotional and financial impacts on individuals and businesses alike. Therefore, it’s crucial that you understand the most common cyber attacks and how to avoid them.

What is a Cyber Attack?

Cyber attacks are an attempt to disrupt or gain access to an individual’s, or a business’s, system or data. Hackers carry out cyber attacks by using malicious programs, deceptive files, and fake web pages to infiltrate systems and online accounts.

There are three common motives behind cyber attacks:

1. Financial gain

This is the most common motive. If a hacker acquires your passwords and other personal information, or successfully installs malware on your computer, they can commit identity theft to access your money. They may also use it to commit further crimes. For example, money laundering, selling your information to other cyber criminals, or blocking it until you pay a ransom.

A recent example is the ransomware attack on the NHS in 2017, which encrypted data on infected computers across the NHS. The malware stated that the user would lose access to the files forever unless they paid a ransom fee. Fortunately, the cyber attack did not succeed in stealing patient data and the NHS did not pay any ransom, but the attack led to major disruptions that cost valuable time and money.

Hackers might also use your profiles to post spam and attack other accounts for further financial gain. Additionally, they may attack on a larger scale to commit fraud, such as sending invoices to businesses that look like they are from a legitimate supplier

2. Political or social agenda

Many hackers carry out cyber attacks to access and leak data that helps push their own political or social agendas, or, more commonly, to damage those of others.

These ‘hacktivists’ often look for data that harms their target’s reputation or campaign. Their targets may be a public business, government, other political body, or a single individual. However, not all of these types of attacks seek data. Some aim to temporarily or indefinitely shut down networks or systems. These types of cyber attacks are known as Denial of Service (DoS) attacks, and commonly target governments and political bodies.

Hacktivists can stand anywhere on the political spectrum, from far left to far right, and everywhere in between. For example, some hacktivists focus on bringing down terrorist websites, while others may be members of a terrorist group themselves.

3. Intellectual challenge

Some hackers carry out cyber attacks purely for the challenge and seek no criminal gain. These types of hackers often take on the role of a ‘white hat’, or ‘ethical’, hacker, by helping companies implement and test data security measures to prevent cyber attacks.

For example, following the cyber attack on the NHS, NHS Digital employed ethical hackers to test and improve their cyber defences. Reportedly, the person who helped the NHS recover from the attack was also a white hat hacker.

Whatever the motivation, cyber attacks are damaging and dangerous, even those that ethical hackers commit. Many of them go on to sell the software they created while hacking for sport, allowing other hackers to commit serious cyber crimes.

The Most Common Categories of Cyber Attacks

Over time, hackers have developed various types of cyber attacks to achieve different aims. These are the six most common categories:

1. Malware

Malware (i.e. ‘malicious software’) is one of the most common and oldest forms of cyber attacks. It refers to harmful programmes and software, such as Trojans, viruses, and worms. These allow a hacker to access or destroy data on the infected system.

Hackers often spread malware by disguising it as a downloadable file, such as a Word document, PDF, .exe file, etc. They usually attach them to emails or have download links on websites in a form that looks legitimate.

In order to infect your system, malware requires you to click and allow the download. It can only access your computer with your approval. Therefore, you can easily avoid it by only downloading files from trustworthy sites or senders.

Once malware is on your system, the hacker can access your data in numerous ways. For example, some can monitor keystrokes, activate webcams, or remotely take control of your machine. Ransomware is also a common form of malware, which locks your data and demands payment.

2. Phishing

Similar to malware, phishing involves tricking the user into clicking false links. The hacker may send you an email that states your account requires urgent attention and directs you to a fake login page. The fake site captures any personal data you enter, which the hacker can then use to log into your actual account.

Phishing can also happen over social media, where hacked accounts share links via a status update or private message. This type of phishing is often effective, as users are likely to trust links sent by people they know.

Whatever platform hackers use, phishing messages usually incite curiosity or panic to bait vulnerable users. You can avoid phishing attacks by being wary of such messages. Always keep in mind that your bank will never contact you for personal information. Furthermore, Google accounts shouldn’t ask you to re-enter your login details if you’re already logged in.

3. Denial of Service (DoS)

A denial of service attack involves the hacker flooding a website with more traffic than the server can handle, which causes it to overload and shut down. They do this by sending a high amount of connection requests to the site from their own computer, or from several that they hacked remotely. If they use more than one, it is known as a Distributed Denial of Service (DDoS) attack.

Hackers usually carry out DoS attacks for political or social motives, rather than financial, as they cause disruption and confusion for the site owners.

Need a Course?

Our Introduction to Cyber Security Course raises your awareness of the risks to information security, such as cyber attacks. It will help you to understand what measures you can take to help prevent unauthorised access to confidential information in the workplace.

4. Password attacks

Password attacks involve the hacker running a program on their system that tries to systematically guess users’ passwords. The two most common types of password attacks are dictionary attacks and brute force attacks. Dictionary attacks try common ‘dictionary’ words and letter combinations, whereas brute force attacks attempt every letter and number combination possible.

Password attacks differ from malware and phishing because they don’t require you to do anything, except have an easy-to-crack password. After a certain amount of trial and error, a dictionary attack may land on your password and access your account if it’s simple enough. If you use a unique combination of words and numbers, it will struggle to hack it. However, a brute force attack will eventually get your password no matter what, although it will take a long time to guess longer, unique passwords (for example, not 123456).

Therefore, it’s important that you follow password security guidance to come up with passwords that are difficult to hack.

5. Drive-By Downloads

This type of attack requires users to visit websites with vulnerabilities that hackers have exploited. For example, those in programmes like Java and Adobe. By visiting the site, the user unknowingly allows a hacker’s harmful code to download onto their system. This code enables the hacker to then send further downloads to hack your data.

To avoid this, make sure you only visit secure sites and keep your software up to date. Avoid downloading browser add-ons and plugins.

6. Man in the middle (MITM)

Hackers carry out MITM attacks by exploiting non-encrypted wireless connections. If you connect to a public WiFi network and then log in to pages or communicate with a service, a hacker may be able to intercept this connection by impersonating the users and manipulating both to divulge personal data.

The simplest way to prevent this type of attack is to avoid using non-encrypted wireless connections, particularly if you plan to log into a site or share personal information. For example, if you log in to your email or use a customer service live chat. Although it’s tempting to use the free data available on trains and buses, stick to using your mobile data or avoid these types of activities altogether until you’re on a safe connection, e.g. your home internet.

Knowing that all these various types of cyber attacks exist can feel intimidating. However, you will now know what to look out for, meaning you can navigate the internet and set up your accounts securely. Good cyber security helps you, and your business, stay safe from identity theft and the other complications that cyber attacks can cause.

What to Read Next:

• Guide to Selecting Suitable Data Protection Methods
• Cyber Security in Food & Drink Manufacturing: BRCGS Standards
• Data Protection Online Training
• Cyber Security Online Training

The post What are the Most Common Types of Cyber Attack? appeared first on The Hub | High Speed Training.

Why is Password Security Important?

Repeatedly using the same passwords or using ‘weak’ passwords can leave you vulnerable to hackers. If a hacker cracks your passwords, they could gain access to your social media accounts, bank accounts, emails and other sensitive accounts that hold your confidential, personal data. If someone obtains access to this information, you could become the victim of identity theft. Therefore, creating a strong password is vital.

Password hacking is often carried out in one of the following ways:

1. Brute force attacks. A hacker uses automated software to guess your username and password combination. The software tries every possible character combination and will try the most commonly used passwords first, so weak or common passwords can be relatively simple for a brute force attack to crack. While this method will eventually crack your password by cycling through every possibility until it matches your character combination, you can make it take a very long time by using a complex password.
2. Dictionary. With this method of hacking, a hacker will run a defined ‘dictionary’ against your passwords. This dictionary also includes the most common password combinations, therefore it is a relatively easy and quick way of hacking into weakly protected accounts. By using a single-use, strong password for each account, you should be able to protect yourself from a dictionary hack.
3. Phishing and social engineering. Accessing someone’s password using a phishing or social engineering attack is not technically a type of hack, but it provides the ‘hacker’ with access to your passwords and confidential information. This in turn allows them to access your accounts. Phishing occurs when a hacker targets you with spoofed emails that look like they come from legitimate organisations, while social engineering is real world phishing (i.e. over the phone).

The repercussions of identity theft can be long lasting and they are not only limited to financial problems. The victim could also face a range of emotional implications, including stress and anxiety. Therefore, it’s important that you take measures to protect yourself from the burdens of having an account hacked.

Need a Course?

Our Introduction to Cyber Security Course raises your awareness of the risks to information security, such as cyber attacks. It will help you to understand what measures you can take to help prevent unauthorised access to confidential information in the workplace.

Password Security Tips

If you want to keep your accounts and personal information safe, it’s vital that you understand how to create a strong password. Are you guilty of using ‘1234’, ‘admin’ or ‘password’? If you are, it’s time for you to work on your password security. Below we have compiled a list of helpful tips so you can be sure that your accounts are secure.

To create a secure password you should never :

• Use your name, family member’s names, important dates such as anniversaries and birthdays, special places, the word ‘password’ or sequential lists of numbers or letters. All of these are far too easy to crack, and you should avoid them at all costs.
• Use dictionary words. When hackers attempt to access your accounts, they run various dictionaries against your passwords in an attempt to crack them. This includes both English and foreign words and phonetic patterns. So while you might think that opening a dictionary and picking a word at random is safe, it’s not. Hackers are also able to scan for common substitutions, so substituting ‘@’ for ‘a’ or ‘!’ for ‘l’ doesn’t help. Under a brute force attack, a random word with common substitutions and numbers or symbols added onto the end would only take around 3 days to crack.
• Write your password down. If you write down your passwords and leave them somewhere accessible, especially near your computer, it makes it easier for people to access your accounts. Instead memorise your passwords and keep them private.
• Enter a password over an insecure Wi-Fi connection. Everywhere you go there is the opportunity to connect to an insecure Wi-Fi account, including cafes, book stores, restaurants and shopping centres. It might seem okay to connect to these and enter your passwords to social media and email accounts, but hackers can easily intercept your private information.

Instead, it’s important that you:

• Set different passwords for each account. Consider your current password situation. Do you use the same password for Facebook, online banking, Amazon, etc.? Would cracking one password allow a hacker to enter multiple secure accounts? You should always set a different secure password for each of your accounts to ensure maximum security.
• Use long passwords. The longer the password the more secure it is. Ideally, you should aim for a password that’s 12 characters or longer but, if you want to go shorter, ensure it’s not less than 6 characters.
• Mix letters, numbers and symbols. Additionally, you should use a mix of lowercase and uppercase letters to help create the most secure password possible.
• Use a string of words, such as ‘allotmentcarrothumaneats’. By using four separate words that you find easy to remember, you will make it much harder for automated hacking software to guess. This method could increase the time taken to guess your password from a few days to over one hundred years.
• Change automatically generated passwords. When you sign up to some companies, you receive an automatically generated password. You should change this to your own as soon as possible.
• Make use of the password analysers some companies use. Are you told your password is ‘weak’ when you enter it? If you are, you should take note of this and make some changes.

Your passwords will never be 100% hack-proof, but by using the tips outlined in this article you will be able to ensure a high level of protection for your accounts. 

What to Read Next:

• Data Protection Online Training
• Cyber Security Online Training
• Money Laundering Red Flag Indicators: Recognising Suspicious Behaviours
• What are the Most Common Types of Cyber Attack?

The post Password Security Guidance appeared first on The Hub | High Speed Training.

• Max out your bank or credit card funds.
• Leave you liable for debts you didn’t accrue.
• Use your identity to commit non-financial crimes.
• Severely damage your credit score so you are unable to take out loans or mortgages.

Though it might be possible for you to clear your name or regain lost funds, the emotional toll and financial worries can linger for a long time. Therefore, it’s important that you are aware of the common types of identity theft and how criminals steal information so you can protect yourself.

Common Types of Identity Theft

Identity thieves are always finding new ways to steal and use personal and confidential information. Below are some examples of how a criminal might commit identity fraud.

• Driver’s license fraud. Driver’s license fraud occurs when a criminal has a driver’s license issued to themselves under another person’s identity. They might use the license to commit traffic violations that end up on your record and you could lose your license.
• Financial identity theft. Criminals are able to use your stolen personal information to take over your financial accounts or create their own, which can be very serious and stressful. It can take you months or years to rectify the effects of financial identity theft and it could result in large volumes of debt and a poor credit score.
• Child identity theft. Child identity theft is usually committed by a relative who will take out loans and credit cards in the child’s name. As children have no reason to check or monitor their credit reports, they will usually remain unaware of the fraudulent activity until they come of age and require loans. This type of fraud can take years to sort out and could stop you from being able to buy a house or car. It’s also likely to increase the interest rates on any loans you might be offered.
• Change of address fraud. A fraudster could change your mailing address, diverting it to themselves instead. This allows them to look through all your mail and find out bank details, credit card details and other personal information.
• Employment identity theft. Criminals, illegal immigrants and the jobless use stolen identification and personal details to obtain employment. By using stolen identification, they are able to conceal their real personal history from their employers.

Need a Course?

Our Introduction to Cyber Security Training Course raises your awareness of the risks to information security, such as cyber attacks. It will help you to understand what measures you can take to help prevent unauthorised access to confidential information in the workplace.

How does Identity Theft Happen?

Identity theft can happen to anyone. Because of this, it’s important that you understand how criminals steal data so you know how to protect yourself. Below we have outlined the most common ways criminals can gain your personal details to use them against you.

Theft

Theft of your personal belongings, such as a purse or wallet, or of credit card or bank statements can provide criminals with your sensitive information. Criminals might even go rooting through your rubbish in search of discarded bank statements, so be cautious and shred them or block out sensitive information like your name, address and account numbers. Alternatively, they might attempt to steal new statements or cards directly from your mailbox. You should inform your local post office immediately if you notice your mailbox has been tampered with.

Phishing

Phishing is a type of email scam. The sender might pose as a real company, organisation or agency and prompt you to enter your personal information. If an email asks you for a large amount of personal data, such as your name, address, card details or bank account numbers, do not click on any links and register the email as spam. Additionally, if the email contains poor spelling or grammar, claims you won contests you didn’t enter, has offers that are too good to be true or makes unrealistic threats, it’s probably spam.

Cold Calling

Cold calling is when a criminal calls you, pretending to be a real company, organisation or agency, and coerces you into providing them with your personal information. You should always ignore unsolicited phone calls and assume they have bad intentions. Never give them any of your personal details.

Hacking

From banks to retail chains, criminals can hack into computer systems and steal personal credit card and bank information. Organisations will have systems in place to warn you in the event of a security breach, but before reacting to a message check with the company that your data has actually been compromised. Once you know the alert is legitimate, takes steps to close down any affected cards if necessary.

Identity fraud can be costly, both emotionally and financially. However, by understanding the ways criminals go about committing identity fraud and taking measures to stop people getting hold of your personal information, you can reduce the risks of being the victim of identity theft.

What to Read Next:

• Data Protection Online Training
• Guide to Selecting Suitable Data Protection Methods
• What are the Most Common Types of Cyber Attack?
• Cyber Security Online Training

The post What are the Most Common Types of Identity Theft? appeared first on The Hub | High Speed Training.

Need a Course?

Why don’t you let us help with your personal and professional development? Take a look at our Business Essentials course library where you’ll find everything from Cross-Cultural Awareness Training to Project Management training.

For more information on Incoterms 2020, visit the following article: Guide to the Incoterms 2020 – Key Changes Explained

It’s important to note that, while the Incoterms 2020 have been published, parties can continue to use previous revisions of the Incoterms, including Incoterms 2010, as long as they are clearly agreed upon in their agreements.

UK Departure from the EU

As a result of Brexit, and the UK leaving the EU, the UK has become a ‘third country’, resulting in extra administrative requirements on those trading between the EU and UK. For all shipments between the EU and UK, import and export declarations must be completed and any required duties will need to be paid. The Incoterm agreed will define where the responsibility lies between the buyer and the seller.

Types of Incoterms

The incoterms are common in trading contracts, which makes it important for you to understand what they mean and the responsibilities of the various involved parties.

This article will detail all 11 incoterms (2010) to help you understand more about them.

Using our guide to the 11 incoterms 2010, you should be able to easily understand your responsibilities when reading over national and international trade contracts. Make sure to keep up to date with every ICC update so you are never caught out.

What To Read Next:

• Guide to the Incoterms 2020 – Key Changes Explained
• Cross-Cultural Awareness Training
• Business Essentials Training Courses

The post Beginner’s Guide to the 11 Types of Incoterms (2010) appeared first on The Hub | High Speed Training.

• Placement. Placement is the process of introducing ‘dirty’ money into the financial system. Night deposits, ATM deposits, exchanging money for cashier’s checks or larger bills, and smuggling cash out of the country, are all examples of placement. Placement is vital for money launderers as it helps to mask ‘dirty’ funds with ‘clean’ money and provide legitimacy to the funds.
• Layering. Layering is the process of using several financial transactions to separate funds from an illegal source. Methods of layering include; moving funds between various onshore or offshore accounts and using complex financial transactions.
• Integration. Integration is the process of reintroducing laundered money back into lawful trade, by providing explanations for the ‘dirty funds’ that appear to be legitimate.

Banks and financial institutions are vital to the money laundering process. It can’t happen without passing the money through a financial institution in at least one of the three stages. Therefore, it’s important that those working in the financial sector know what to look out for. We have outlined the top ‘Red Flag’ indicators to help you identify when money laundering might be taking place.

Money Laundering Red Flags

Money laundering is damaging in many ways. Not only does it allow criminals to hide the proceeds of their illegal activities, it can also destroy the economy, harm honest taxpayers and pose many risks to your business.  Allowing money laundering to take place through your business can leave you prone to challenges in managing your assets. Liquidity problems could arise as large sums of laundered money often disappear without notice. You might also face hefty legal costs if enforcing authorities discover that you’re facilitating a money laundering operation.

You should be aware of the following behaviours that indicate a customer might be undertaking money laundering:

• Unusual transactions or activity compared to their normal dealings.
• Unjustified large cash deposits or constantly large balances.
• The use of large amounts of cash to purchase cashier’s checks or money orders.
• Unwillingness or avoidance of providing information about their business. This could be concealing owner information, beneficial business partners or who their client is.
• Inconsistent information such as multiple tax IDs or unverified documents.
• Complex financial transactions that are designed to conceal the source and ownership of the funds.

By being vigilant and looking out for any red-flag indicators, you will help to protect your business from the risks of money laundering.

Need a Course?

Our Anti-Money Laundering and Financial Crime Course is designed to raise your awareness of money laundering, how to recognise it, and how to prevent it from occurring in your business.

What To Do If You Suspect Money Laundering

You should immediately report any suspicious activity or transaction to your company’s nominated officer. The role of a nominated officer is to:

• Receive reports of any suspicious activity or transaction.
• Assess the reports and determine if there is, or could be, any evidence of terrorist financing or money laundering.
• Complete a Suspicious Activity Report for any suspicious activity or transaction and submit it to the National Crime Agency.
• Request a defence for the money laundering offence from the NCA, and ensure that no more illegal transactions are carried out.

Your manager must appoint a temporary nominated officer for you to report any concerns to, whenever the nominated officer is absent.

Anti-money laundering efforts are important in attacking illegal and terrorist activity as it begins to enter the financial system. Money laundering has a disastrous effect on a country’s economy, as well as being damaging to the government and social well-being. Therefore, it’s vital that you know the signs and are constantly watching out for any red-flag indicators. 

What to Read Next:

• Effects of Bribery and Corruption in Business
• Methods of Human Trafficking and Recruitment
• Anti-Money Laundering Quiz
• Anti-Money Laundering Online Training

The post Money Laundering Red Flag Indicators: Recognising Suspicious Behaviours appeared first on The Hub | High Speed Training.