Cultivating Cyber Secure Behaviour in Education From widening access to information, to remote learning and accessibility, technology has had many positive influences on the education sector. However,
Next Steps
Step 0: Republic Pre-launch all-staff emails
A series of three emails to engage staff and prepare them for the launch of Republic.
Email #1: 3-6 weeks before Republic is available to end-users
To be delivered 3-6 weeks before Republic is available to end-users
Email Subject: Welcome to Republic!
Email Content: We’re excited to introduce you to Republic – a new way of helping you to play a critical role in cyber security. On [date of installation], we are going to be installing the Republic software on your company device.
Why is this change happening?
Cyber security is an ever-growing concern and whilst it is often seen as highly technical, the majority of attacks actually leverage the way that people make choices. At [name of organisation], we know we need to take this threat seriously and believe that it is critical to do all we can to help everyone make the most secure decisions. In doing, so we will be able to stop cyber criminals from getting their way.
What is Republic?
Republic is your personal cybersecurity coach, designed to support you in becoming the most secure you can be. Think of it as a friendly guide that helps you navigate the complex world of cyber threats – tailored specifically to you. Republic will ask you a few questions every week to understand you better and give you the opportunity to take on challenges at your own pace to develop your anti-scammer skills.
Something that’s essential to know is that Republic is on your side. It never spies on you and information you choose to share is anonymised so no-one can point the finger at you for making mistakes.
If you need a little help from time-to-time Republic may offer you a very brief video (less than 60 seconds!) focused only on the specific thing that you need. After all, we know that everyone is busy so the last thing you need is long, boring, and irrelevant annual training.
Over the coming weeks we will be sharing a little more information about this change but if you have any concerns, you can speak to [point of contact].
Best regards,
[Your Name]
[Your Organisation]
Email Subject: Welcome to Republic!
Email Content: We’re excited to introduce you to Republic – a new way of helping you to play a critical role in cyber security. On [date of installation], we are going to be installing the Republic software on your company device.
Why is this change happening?
Cyber security is an ever-growing concern and whilst it is often seen as highly technical, the majority of attacks actually leverage the way that people make choices. At [name of organisation], we know we need to take this threat seriously and believe that it is critical to do all we can to help everyone make the most secure decisions. In doing, so we will be able to stop cyber criminals from getting their way.
What is Republic?
Republic is your personal cybersecurity coach, designed to support you in becoming the most secure you can be. Think of it as a friendly guide that helps you navigate the complex world of cyber threats – tailored specifically to you. Republic will ask you a few questions every week to understand you better and give you the opportunity to take on challenges at your own pace to develop your anti-scammer skills.
Something that’s essential to know is that Republic is on your side. It never spies on you and information you choose to share is anonymised so no-one can point the finger at you for making mistakes.
If you need a little help from time-to-time Republic may offer you a very brief video (less than 60 seconds!) focused only on the specific thing that you need. After all, we know that everyone is busy so the last thing you need is long, boring, and irrelevant annual training.
Over the coming weeks we will be sharing a little more information about this change but if you have any concerns, you can speak to [point of contact].
Best regards,
[Your Name]
[Your Organisation]
Email #2: 2-4 weeks before Republic is available to end-users
To be delivered 2-4 weeks before Republic is available to end-users
Email Subject: Republic: What will I have to do?
Email Content:
You might be wondering, “What’s actually involved with Republic?” or “What will you be expecting of me?”. These are great questions, and we hope the answer will be a pleasant surprise: not a lot!
Initially you’ll be asked to sign in using your work email address and from there you’ll begin a short induction which will just ask you a few questions about the job you do, simply to make sure everything is tailored from the get-go. After a quick walkthrough of Republic’s key features you can choose to explore on your own or let it run in the background.
As we need to show you the ropes, the first week will be a little busier than usual. You’ll be introduced to our suspicious email spotting game and asked how much you want to take part. You’ll also see your first couple of desktop questions. After this, Republic will simply live on your device, asking you 1-3 questions a week and offering informative videos if you need them. There is a lot more to discover such as games, challenges, and informative content, but that is all at your own discretion.
These very short interactions with Republic take just a few moments of your time but can make a massive difference in your ability to effectively defend against attackers.
But that’s it! No information overload. Just smart, targeted support. Better still, the more you work with the platform, the less it will ask of you over time. It’s just in the background, helping you where you need it.
Only [x] more weeks until you’ll have Republic on your device!
Best regards,
[Your Name]
[Your Organisation]
Email #3: 1-2 weeks before Republic is available to end-users
To be delivered 1-2 weeks before Republic is available to end-users
Email Subject: Republic: Why does it matter?
Email Content:
Before Republic is rolled out to your device, you may be thinking “Why does cyber security matter?”. However, the unfortunate truth is that we rely on technology now more than ever, meaning that it is even more important to keep yourself and others safe from threats.
Take the following example of Sarah, who is a relatively junior member of staff working in the administrative department of a UK hospital: She receives an email which looks a lot like the normal internal communication messages she regularly gets but this one is asking her to open an attachment about changes to pay for the upcoming year. When she does so, nothing obvious happens. The file just appears to be broken somehow. She makes a mental note to ask someone about it which she immediately forgets when she opens the next email and carries on with her day. Not long after this though, documents suddenly fail to open when clicked, file icons begin to change, and when Sarah hovers over a file to find out what’s going on, everything has a new file extension: .encrypted
Whilst Sarah is a fake name to protect the victim, this was a real attack that took place in 2022. The file contained malicious software which spread across the hospital’s network. It prevented staff from accessing any files, including patient records. This caused significant disruption to patient care, resulted in the leak of patient private information, and cost millions of pounds to deal with.
I am confident that you want to be able to do your job without significant disruption from costly attacks. Particularly when attacks have the potential to divert funds away from places where it will do more good. I am also sure that you want to protect sensitive information that an attacker could exploit or sell. Finally, I am convinced that you want to avoid being the victim of an attack for the benefit of yourself, your peers, and anyone else who might be affected, particularly when attacks cross the boundaries between work and home life.
This is why Republic is so critical. We are all human and just like Sarah we all have the potential to be targeted and tricked. Republic helps reduce the likelihood of that happening by being there for you when you need it.
Republic will be available for you to use on [date of deployment]. I sincerely hope that once it is installed and ready, you will actively engage with it to make sure that you are the best you can be at cyber defence.
Thank you,
[Your Name]
[Your Organisation]
Email Subject: Republic: Why does it matter?
Email Content:
Before Republic is rolled out to your device, you may be thinking “Why does cyber security matter?”. However, the unfortunate truth is that we rely on technology now more than ever, meaning that it is even more important to keep yourself and others safe from threats.
Take the following example of Sarah, who is a relatively junior member of staff working in the administrative department of a UK hospital: She receives an email which looks a lot like the normal internal communication messages she regularly gets but this one is asking her to open an attachment about changes to pay for the upcoming year. When she does so, nothing obvious happens. The file just appears to be broken somehow. She makes a mental note to ask someone about it which she immediately forgets when she opens the next email and carries on with her day. Not long after this though, documents suddenly fail to open when clicked, file icons begin to change, and when Sarah hovers over a file to find out what’s going on, everything has a new file extension: .encrypted
Whilst Sarah is a fake name to protect the victim, this was a real attack that took place in 2022. The file contained malicious software which spread across the hospital’s network. It prevented staff from accessing any files, including patient records. This caused significant disruption to patient care, resulted in the leak of patient private information, and cost millions of pounds to deal with.
I am confident that you want to be able to do your job without significant disruption from costly attacks. Particularly when attacks have the potential to divert funds away from places where it will do more good. I am also sure that you want to protect sensitive information that an attacker could exploit or sell. Finally, I am convinced that you want to avoid being the victim of an attack for the benefit of yourself, your peers, and anyone else who might be affected, particularly when attacks cross the boundaries between work and home life.
This is why Republic is so critical. We are all human and just like Sarah we all have the potential to be targeted and tricked. Republic helps reduce the likelihood of that happening by being there for you when you need it.
Republic will be available for you to use on [date of deployment]. I sincerely hope that once it is installed and ready, you will actively engage with it to make sure that you are the best you can be at cyber defence.
Thank you,
[Your Name]
[Your Organisation]
Step 1: Distribute the Outlook Plugin (Required)
Download BOTH plugin manifest files
Deploy the Plugin Files to Outlook
1. Log in to Office 365 Admin Center
2. Navigate to the Microsoft 365 Admin Center: From the left-hand menu, select Show all to expand the menu
3. Upload a Custom App
5: Finish Deployment
6: Deployment Propagation
- Open your web browser and go to Office 365 Admin Center.
2. Navigate to the Microsoft 365 Admin Center: From the left-hand menu, select Show all to expand the menu
- From the left-hand menu, select Show all to expand the menu
- Expand Settings click on Integrated apps
3. Upload a Custom App
- Click on Upload custom apps. Near the bottom of the page
- Ensure the App type is set to Office Add-in.
- Choose the option to Upload manifest file (.xml) from your device.
- Choose Manifest.new.xml from your downloads, Click Next to proceed.
- Please Repeat this process for the other manifest file (Manifest.old.xml)
4: Deployment Settings
-
Choose to deploy the add-in to either All organization or Specific users/groups.
- Click Next again to continue
5: Finish Deployment
-
Click Finish deployment to complete the process.
- To confirm the deployment, check the Add-ins section where the new add-in should be listed.
6: Deployment Propagation
-
Note that it may take up to 6 hours for the add-in to be available for all specified users.
- Log in to Outlook Web Access.
- Click on the Settings gear icon in the upper-right corner.
- Select View all Outlook settings at the bottom.
- Navigate to Mail > Customize actions > Toolbar.
- Click on Manage add-ins.
- In the add-ins page, click on the ➕ Add-ins button.
- Choose Add from file and upload the .xml manifest file.
- Follow the prompts to complete the installation.
- Repeat this process for the other plugin file (both need to be installed)
- Open Outlook on your computer.
- Go to the Home tab.
- Click on Get Add-ins or Store in the ribbon.
- In the Add-ins window, select the My add-ins tab.
- Scroll down to the Custom add-ins section.
- Click on Add a custom add-in and choose Add from file…
- Locate and select the .xml manifest file you have.
- Follow the on-screen prompts to complete the installation.
- Repeat for the other manifest files (Both need to be installed)
Whitelist the Recyber.com domain
Step 2: Distribute the Endpoint Agent
Download the Microsoft Installer (MSI)
Deploy the Agent to All User Machines
1: Upload the MSI to Intune:
- Log in to the Microsoft Intune admin portal.
- Go to Apps > All Apps > Add.
- Select Line-of-business app and click Select.
- In the App package file section, click Select file and upload your MSI file.
- Enter the App name, Description, and other required details.
- Click Next.
- In the Assignments section, select which users or devices should receive the MSI.
- Click Next and then Create to deploy the app.
- Go to Apps > All Apps in the Intune portal to view the deployment status and confirm successful installation on devices.
For smaller environments or individual installations, follow these steps on each computer:
Download the MSI File:
- Provide the link to download the MSI file from your site, and instruct users to save it on their desktops or in a folder.
Run the MSI Installer:
- Double-click the downloaded MSI file to start the installation.
- Follow the on-screen prompts to complete the installation.
Verify Installation:
- After installation, open Outlook to ensure the plugin is available and active.
