This short training records your completion against your account. Please sign in with your Hello Clever Microsoft account to start.
Hello Clever · Security Awareness
Staying Secure at Hello Clever
We move money for real people. That makes us a target — and makes you our best defence.
⏱ About 20 minutes👥 Everyone🔁 Once a year
You don't need to be technical to keep us safe — you need five habits. This short module walks through each one, then a 10-question check at the end. You'll need all ten right to finish, but you can try a question as many times as you like. Do it in one sitting.
The one idea behind all five: when something feels off, urgent, or out of the ordinary — slow down and check. Attackers rely on you rushing.
Why this matters
Attackers don't usually "hack" their way in — they trick a person. A single convincing email or phone call can hand over a password, expose a customer's data, or move money. As a payments company we're a high-value target, and the people on the front line are aimed at most.
The good news: the same five habits stop the vast majority of attacks. Here they are.
1 Spot the phish
Phishing is a fake message — email, text, or call — designed to get you to click, log in, pay, or hand over a code. Watch for:
Urgency or threats — "act now or your account closes."
Unexpected links or attachments, or a login page you didn't go looking for.
A sender or web address that's almost right but slightly off.
Anyone asking for your password, an MFA code, or a payment/details change.
The same tricks come by phone (vishing) and text (smishing). Remember: nobody legitimate — including IT — will ever ask you for your password or a one-time code.
Do thisDon't click, don't reply, don't read out codes. Report it using the Report Phishing button in Outlook (or post in #int-tech-security-hub). You're never in trouble for reporting.
2 Guard our data
We're trusted with sensitive customer information. Two moves keep it safe:
Only open what you need. Look at the records your current task requires — don't browse, and never look up friends, family, public figures, or yourself. Your access is logged, which protects you as much as the customer.
Only share through approved channels. Never paste customer data into chat, screenshots, personal email, or some handy tool you found online. Use approved systems, and share only what's needed.
Do thisNeed-to-know, and approved channels only. Unsure where data can go? Ask in #int-tech-security-hub first.
3 Strong logins
Most break-ins start with a stolen or weak login. Make yours hard to take:
Keep multi-factor authentication (MFA) switched on everywhere — it's your strongest protection.
Use the password manager; never reuse a password across sites.
Never share your login with anyone — not a teammate, not "IT," not even when someone's in a hurry.
Do thisMFA on · password manager · never share your login.
4 Safe devices & tools
Your laptop and the apps on it are part of our defences:
Use only approved apps and devices for work. Get new tools through the approval process — don't install random extensions or apps (they can leak data or carry malware).
Never plug in a USB stick you find — "lost" drives are a common trap.
Lock your screen when you step away, especially working remotely or in public.
Do thisApproved tools only · no rogue USBs · lock your screen.
5 Speak up — report it
If you see something off — a suspicious message, a click you regret, a lost laptop, a strange request — report it fast in #int-tech-security-hub. Speed matters more than being certain; let the security team work out whether it's real.
You will never be blamed for reporting. The only real mistake is staying quiet. Reporting early is often what turns a near-miss into a non-event.
✓ Knowledge check
Answer all 10 questions correctly to finish. A wrong answer just lets you try again — the explanation appears once you get it right. Options appear in a random order.
Question 1 · Spot the phish
An email from "IT" says your password expires in one hour — click here to keep access. You…
Report it. Urgency plus a login link is the classic trick — clicking or replying both play into it. Reporting protects you and warns everyone else.
Question 2 · Spot the phish
A caller says they're from IT and asks you to read out the 6-digit code you just received. You…
Never share a one-time code — real IT never needs it. Anyone asking for your code is trying to get into your account. Hang up and report the call.
Question 3 · Guard our data
A teammate asks you to paste a customer's full details into chat to save time. You…
Approved channels only. Chat and screenshots aren't safe places for customer data — even for a colleague. Share the minimum, the right way.
Question 4 · Guard our data
A system lets you open records you don't need for your current task. You…
Only what the task needs. "Need-to-know" is a habit, not just a setting — and access is logged. Curiosity browsing is a reportable misuse.
Question 5 · Strong logins
A website offers to "remember" your work login so you can skip MFA next time. You…
Keep MFA on. It's the single best defence against account takeover — convenience isn't worth dropping it.
Question 6 · Strong logins
A colleague is locked out and asks to borrow your login "just this once." You…
Never share your login. Shared credentials break the trail of who did what — and are a gift to an attacker. The help desk can get them access properly.
Question 7 · Safe devices & tools
You find a USB stick in the office car park. You…
Hand it in; never plug it in. "Lost" USBs are a known way to deliver malware — and removable media isn't for work data anyway.
Question 8 · Safe devices & tools
A free browser extension would speed up your work but isn't on the approved list. You…
Request it properly. Unvetted tools (shadow IT) can quietly leak data or carry malware — the approval process exists to check exactly that.
Question 9 · Speak up
You think you may have clicked something dodgy, but you're not sure it was an attack. You…
Report it now. You don't need to be sure — fast reporting gives the team time to act, and you're never punished for it.
Question 10 · Speak up
You realise you've left your work laptop on the train. You…
Report it straight away. Fast reporting lets security protect the data on it (lock or wipe it). Delay is what turns a lost device into a breach.
Your five habits
Spot the phish — don't click; report it, and never share passwords or codes.
Guard our data — only what you need; approved channels only.
Strong logins — MFA on, password manager, never share your login.
Safe devices & tools — approved only, no rogue USBs, lock your screen.
Speak up — report anything suspicious fast, no blame ever.
Acknowledge & finish
Please answer all ten questions above correctly, then confirm below. This records that you understand the policy and your part in protecting our customers.
✅
Training complete — thank you
Keep those five habits going. If you ever see something suspicious, report it in #int-tech-security-hub — fast and without worry.