Guidance

With the increasing use of technology, our lives are dependent on technology and devices more than ever before. While technology has brought countless benefits, it has also created new avenues for criminals and fraudsters to target individuals and organisations. Due to the use of technology, cyber criminals operate on a global scale while the new digital world offers them a platform to exploit individuals and organisations 24/7. It is crucial to recognise that cyber criminals now always pose a threat.

While cyber criminals are persistent, there are several proactive measures both individuals and organisations can take to protect themselves against potential threats:

Cyber crime operates around the clock and with the global reach of the internet, criminals can target victims regardless of time zones or location. Criminals can operate from any location, enabling them to maintain a constant presence and ensure that they never run out of potential victims. This means that organisations and individuals are always at risk, even during non-business hours or during holidays. They employ experienced techniques to gain unauthorised access to sensitive and private information. From phishing attacks to ransomware, their methods are constantly evolving. Cyber criminals execute their attacks in a professional way, making their fraudulent attempts hard to differentiate from genuine communications.

1. Staff training

You may have hired temporary staff to help during busier times over the summer months and we are urging all employers to train staff on cyber security basics. The cyber basics include how to spot a phishing email, how to report suspicious emails, and common scams that employees may be a target for. Our Introduction to Cyber Security for Staff guide provides free advice and practices to keep your staff and your organisation secure.

We recommend that staff are informed to report any suspicious emails to your internal IT team, however, ensure that your IT department has sufficient resources to accommodate this. We also recommend reporting any suspicious emails to the National Cyber Security Centre’s email reporting service.

2. Strong Security Practices

Individuals and organisations should both implement robust security measures such as using complex, unique passwords which are different for each online account and keeping all software and devices up to date to ensure the security software is viable.

Two-factor authentication can provide an extra layer of protection to online accounts. This is a standard security measure on many websites that request a second step to confirm the identity of the user. There are multiple methods of 2FA, including sending a code via email or text or using a trusted app to authorise a login attempt.

3. Regular Backups

Regularly back up important data and files, this can ensure that you can recover your information in the event of a cyber attack or a data breach. Particularly if your business closes for a period during the summer months, ensure that all your data is backed up beforehand. We recommend using the 3,2,1 method:

• Three copies of your data should be kept.
• Two copies should be stored on different storage media, such as one on a hard drive and another in the cloud.
• One of the backups should be stored off-site.

If all these steps are followed, if all your data is lost, it should be able to be recovered through at least one of these methods.

Keeping yourself and your organisation safe from cyber threats is an ongoing issue. It is vital to stay vigilant as cyber criminals don’t take holidays. Staying alert and proactive, and practicing safe online habits are essential steps to mitigate risks. Remember, if something doesn’t feel right always be cautious and report it.

If you are a victim of cybercrime always report this to Police Scotland by phoning 101, or if you are an organisation who has been a victim, call the Cyber and Fraud Centre – Scotland’s Incident Response Helpline on 0800 1670 623.