You appear to be using an unsupported browser, and it may not be able to display this site properly. You may wish to upgrade your browser.

Staff training, internet use, phishing and mobile devices

You can help protect your business from online threats by:

  • training staff
  • having policies on internet use and mobile devices


Training can help make your staff better able to cope with security threats, like phishing or viruses.

Stay Safe Online: Top Tips For Staff explains why cyber security is important, how attacks happen, and then covers:

  • defending yourself against phishing
  • using strong passwords
  • keeping your devices secure
  • reporting incidents ('if in doubt', call it out')

The training is aimed at SMEs, charities and the voluntary sector, but can be applied to any organisation. You can find this free training on the National Cyber Security Centre (NCSC) Website.

You can find cyber security training for staff on the NCSC website.

You can find out more about GCHQ certified training on the NCSC website.

The Scottish Government has created a staff Basics of Cyber Security Training Guide. The guide includes:

  • topics to teach your staff, such as password security, phishing, malware and social engineering
  • resources and links to available training courses and materials
  • links to further information from authoritative sources and trusted partners

You can find this guide on

Internet use

If your business's staff have access to the internet at work, your business should:

Guidance on acceptable use of the internet is sometimes known as an 'acceptable usage policy'.

An acceptable usage policy tells staff:

  • when they can use the internet privately at work
  • what they are allowed to look at
  • how to use confidential information

You can find more advice on creating an acceptable usage policy on the Get Safe Online website.


'Phishing' is a common type of online fraud.

It involves criminals using fake emails or web links to obtain sensitive information, such as:

  • passwords
  • usernames
  • bank account details

You can find more advice about phishing on the Police Scotland website.

You can also find guidance on protecting your business from phishing on the National Cyber Security Centre website.

Using mobile devices

Mobile devices such as smartphones and tablets can be the targets of theft and online threats.

Your business should offer staff guidance on the safe use of mobile devices, such as:

  • protecting devices using a PIN
  • installing internet security software, updates to software and apps
  • making sure devices can be tracked, locked or wiped
  • avoiding the use of public Wi-Fi
  • watching out for 'shoulder surfers' when using devices in public

You can find more advice on using mobile devices on the Get Safe Online website.

You can find guidance for organisations deploying a range of end user device (EUD) platforms as part of a remote working solution on the National Cyber Security Centre website.

Back to top