Campaign

CyberScotland Partnership (CSP) is calling on businesses and organisations across Scotland to get the basics right when it comes to cyber security. Our new organisation/business asset pack focuses on simple, practical steps that strengthen your digital defences – keeping your operations, data and people safe all year round. 

Whether you’re a small charity, a local business or a large public sector organisation, taking basic precautions is the most effective way to prevent cyber incidents. We encourage you to share this pack now and to revisit it whenever you need a reminder of core cyber hygiene. 

We also invite partners to share the campaign using #GetTheBasicsRight to help spread these messages across Scotland. Together, we can create a stronger, safer digital environment. 

Five simple steps to strengthen your organisation 

Step 1 – Backing up your data 
Message: Lose the stress, not your files. 

Unexpected system failures, ransomware attacks or human error can lead to costly data loss. Regular, secure backups – stored separately from your main systems – are a simple but critical first step. Test your backups periodically to ensure they work when you need them. 

Step 2 – Protecting your organisation from malware 
Message: Updates + protection = safer systems. 

Cyber threats like viruses, ransomware and spyware can disrupt business operations. Keep software and operating systems up to date and ensure anti-virus tools are installed and running. These basic steps are your frontline defence against malicious attacks. 

Step 3 – Keeping your smartphones (and tablets) safe 
Message: Your phone holds your work life. Guard it. 

Mobile devices are an extension of your workplace. Enable device encryption, install updates promptly, use strong authentication, and avoid connecting to unsecured public Wi-Fi networks. A secure device keeps your organisation’s data safe. 

Step 4 – Using passwords to protect your data 
Message: A strong password is your first shield. 

Weak or reused passwords are a top target for cybercriminals. Encourage employees to use complex passwords, change them regularly, and consider using a password manager. Two-factor authentication adds an extra layer of protection. 

Step 5 – Avoiding phishing attacks 
Message: Pause. Investigate. Be safe. 

Phishing emails and messages are increasingly sophisticated. Staff should always check sender details, avoid clicking suspicious links, and report anything unusual. A cautious approach prevents data breaches and financial loss. 

Cyber security doesn’t need to be complicated and getting the basics right is the foundation of a safe, efficient organisation. Sharing knowledge and tips across your teams strengthens your collective defences. 

Additional Resources / Further Reading 

The following websites include additional advice and links to other trusted resources where you can find out more: 

Police Scotland – Business Email Compromise (BEC) 

https://www.scotland.police.uk/advice-and-information/internet-safety/cybercrime/#business%20email%20compromise

UK Government 

https://www.gov.uk/government/collections/cyber-security-guidance-for-business

National Cyber Security Centre (NCSC) – advice for organisations of all sizes 

https://www.ncsc.gov.uk/section/advice-guidance/small-medium-sized-organisations

https://www.ncsc.gov.uk/section/advice-guidance/large-organisations

https://www.ncsc.gov.uk/section/advice-guidance/self-employed-sole-traders

Trading Standards Scotland  

Business Scams – Trading Standards Scotland

Cyber and Fraud Centre Scotland 

Cyber MOT – Cyber and Fraud Centre – Scotland

Vulnerability Assessments – Cyber and Fraud Centre – Scotland

Phishing Resilience Exercise

British Business Bank 

https://www.british-business-bank.co.uk/business-guidance/guidance-articles/business-essentials/a-guide-to-protecting-your-smaller-business-from-cyber-attacks