We are all our first line of defence
Working in a regulated industry means we take staff training seriously. Our Three Lines of Defence model for managing risk means that everyone, at every level of our organisation, has responsibility for risk management on a day-to-day basis. We deliver a year-round programme of internal training, testing, awareness and education on issues such as information security, data privacy and data protection, and how to report an incident. This includes a cyber security awareness month, where we provide hints and tips on what to look out for when it comes to phishing, smishing and other cyber security issues. We perform regular company-wide phishing tests to monitor internal vigilance when it comes to suspicious emails and timely news items on issues such as mobile security during the summer holidays or online shopping security in the run-up to Christmas.