Incident Response

Have a plan to prevent, detect, respond and recover

It is good practice to have a Cyber Incident Response Plan in place that sets out the steps your organisation should take to prevent, detect, respond and recover from cyber attacks. Your plan does not have to be complex but it should be clear on the roles and responsibilities of key individuals who can take action. This should not sit in isolation and should be woven into the wider resilience, business continuity and disaster recovery planning.

Reporting a cyber incident internally

If you suspect that you have been the victim of a cyber attack, it is essential that you act quickly to minimise the risk and impact. Your actions will be critical to damage limitation.

It is important that you know who within your organisation should be notified and how to notify them if you suspect you have been duped by a suspicious email, perhaps clicking on a suspicious link or visiting a suspicious website, or if your device is operating strangely. Exploiting email and browsing remains the most common method of launching cyber attacks and gaining access to organisational networks.

These attacks are designed to both exploit and dupe you into ‘letting them in’. Anyone can fall for phishing attacks—it’s why they are the primary first choice of cyber criminals. It is essential that you don’t delay in reporting suspicious incidents. Do not just switch off the device and/ or walk away in the hope that it will all go away. Action is needed as quick as possible.

Reporting a cyber incident externally

Depending on the nature of attack you may require to report certain incidents externally whether that be to a regulator, to the Information Commissioner, the police or indeed your customer base if it is their data affected.

You should know who within your organisation has this responsibility, as there should be an organisational plan in place to deal with a cyber attack. Cyber attacks are also crimes and as such consideration should be given to reporting the attacks to Police Scotland (dial 101). In addition, the National Cyber Security Centre (NCSC) can offer advice and guidance on handling incidents.

Incident management

The NCSC defines a cyber security incident as: A breach of a system’s security policy in order to affect its integrity or availability The unauthorised access or attempted access to a system Cyber incidents can take many forms, such as […]

Report Cybercrime

You can report Cybercrime as follows: By phoning 999 (emergency) or 101 (non-emergency) In person at any police station

Cyber Incident Helpline

In partnership with Scottish Government and Police Scotland, SBRC has launched the UK’s first cyber incident response helpline for the SME community and the third sector to help victims of cybercrime understand what support is immediately available to them and […]