Lewis Silkin – Home Office issues cybersecurity guidance for sponsor licence holders

The Home Office warns sponsor licence holders: Stay cyber aware to safeguard personal data in the Sponsorship Management System (SMS). Don’t fall victim to phishing scams or malware attacks.

Text:

In today’s digital landscape, safeguarding personal data is more crucial than ever. With the rapid acceleration of ever more sophisticated cyber threats and attacks, the Home Office is urging sponsors of workers and students to enhance their cyber awareness to protect the sensitive information within the Sponsorship Management System (SMS). Sponsors need to comply with the UK GDPR, and part of this compliance is implementing robust data handling and storage practices to prevent unauthorised access or breaches. Employees should also be trained so they can spot anything suspicious and report it before a breach occurs. Below are some essential tips to keep your data secure.

Be alert to online scams

The Home Office advises you to:

  • Avoid suspicious links: Never click on links asking you to verify credentials.
  • Check URLs: Ensure website URLs end with ‘.gov.uk’ for secure government sites.
  • Protect your login details: Never share your SMS login details (username and password) with anyone.
  • Regularly update passwords: Change your SMS password regularly and ensure it is strong and long.
  • Use unique passwords: Use different passwords if you have access to more than one SMS account.
  • Deactivate inactive users: Remember to deactivate Level 1 users if they leave or change roles in your organisation.
  • Keep your contact details updated: Ensure your telephone number and email address are current.
  • Maintain active users: Always have at least one, preferably two, active Level 1 users.

Report concerns

If you receive an email or telephone call that seems suspicious, or if you believe your SMS account may have been compromised, report it immediately:

  • Employers: businesshelpdesk@homeoffice.gov.uk
  • Educators: studyengagementteam@homeoffice.gov.uk
  • Business Helpline: 0300 123 4699

Legitimate communications from UKVI

All electronic communications from UK Visas and Immigration (UKVI) at the Home Office regarding your sponsor licence will come from:

  • An email address ending in @homeoffice.gov.uk, @fco.gov.uk, or @fcdo.gov.uk
  • The Account Management Portal (AMP)
  • The Home Office Sponsor Management System

UKVI will never ask for your SMS user ID or password, and will never provide you with a link or password to log into SMS. If there are concerns about the integrity of your SMS account, UKVI will take steps to secure your data, including deactivating users and contacting you with follow-up actions.

By staying vigilant and following these guidelines, you can help ensure the security of the SMS and the personal data it contains.

Further advice and guidance is available on the National Cyber Security Centre (NCSC) website and we have a dedicated data, privacy and cyber team who can assist with any questions you may have.

If you have any queries about managing your sponsor licence, please get in touch with a member of our Immigration team.

 

Related Item(s): Data, Privacy & Cyber, Immigration

Author(s)/Speaker(s): Stephen OFlaherty, George Hannah,