January 2023

Bulletin Feedback

Thank you to those who took the time to fill out our survey, your input is helpful and will help us improve our bulletin. We appreciate your feedback and taking the time to share your thoughts with us.

National Cyber Security Centre (NCSC)

New Funded Cyber Essentials Programme

Small charities and legal aid firms are being offered free cyber security assistance to help put in place security controls to prevent common cyber attacks.

The new Funded Cyber Essentials Programme will provide free, expert assistance to help organisations meet the five technical controls of Cyber Essentials. The support is provided by one of IASME’s network of NCSC-assured certification bodies.

The focus of the programme is to support sectors which are at relatively greater risk of cyber attack because of the sensitive information they handle and because organisations typically have a lower level of cyber maturity.

To qualify for this scheme, the organisation must either be:

a micro or small business (1 to 49 employees) that offers legal-aid services
a micro or small charity that processes personal data, as defined under GDPR

For more information on the programme, or to register your interest, please visit the IASME website.

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here. To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

Reports of data breaches

Last Pass shared information about a recent security incident. SBRC has written a blog which summarises the key points from the breach alongside clear, easy-to-follow guidance.

There has been claims of Twitter also suffering a data breach. The alleged stolen information includes email addresses used to set up accounts.

If you’re a customer of an organisation that has suffered a data breach, follow our advice to protect your personal information.

Find out if you’re affected
Be alert to suspicious messages
Check your online accounts
If any have been accessed, take action

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

The Suspicious Email Reporting Service (SERS) received 6.4 million reports in 2022, with 67,300 scam URLs removed as a result. This brings the total number of reports to SERS since its launch in 2020 to 15.8m, with 198,500 takedowns.

The scams unveiled by the NCSC included phishing emails and messages from cyber criminals impersonating well-known HMG brands, such as the NHS, HMRC and Ofgem.  

The top HM Government branded attacks that have been reported to SERS that have resulted in takedowns are:

National Health Service (NHS)
TV Licensing
HM Revenue & Customs
Gov.UK
DVLA
Ofgem

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Securing your organisation for the year ahead

With the new year comes new opportunities to improve and strengthen our cyber security practices. It’s important that your organisation puts cyber resilience as a priority and ensure it’s a core part of your everyday operations to help prevent the threat of an attack.

Organisations looking to improve their cyber security and protect themselves from the most common cyber attacks should look to achieve Cyber Essentials accreditation. This simple and effective scheme will assess your organisation against five basic security controls.

280 Scottish organisations can access a free Cyber Essentials pre-assessment gap analysis by the Scottish Business Resilience Centre (SBRC) which will be delivered through its network of Trusted Partners.

The free analysis of your organisation’s cyber security systems will highlight areas of improvement to help them pass their Cyber Essentials accreditation the first time.

Regularly reviewing and implementing best practices on cyber security will make the biggest impact in keeping you and your organisation protected from cyber attacks.

Scottish organisations can get more information by contacting SBRC.

HMRC Scam Warning

Tax scams can happen at any time but are most common around key deadlines, such as when your tax return is due.

Fraudsters target customers when they know they are more likely to be in contact with HMRC, which is why Self Assessment customers should be extra vigilant this month. Taxpayers should be on the lookout for any suspicious calls, emails or texts and letters.

HMRC has warned that scammers are posing as HMRC and are emailing people fake ‘failed direct debit’ alerts and asking for personal and financial details. Another common approach scammers use is to entice you with money through fake ‘tax rebates’ or ‘tax refunds’ messages.

Customers can report any suspicious activity to HMRC. Forward suspicious texts claiming to be from HMRC to 60599 and emails to [email protected]. Read the HMRC’s scam advice to help you decide if a suspicious contact is a scam.

CyberScotland Week, 27th – 5th March 2023

CyberScotland Week is Scotland’s annual week-long festival of events on cyber awareness, cyber careers and innovation in cyber security.

Throughout the week, you’ll have the opportunity to participate in a wide range of interactive sessions, workshops, and panel discussions led by experts in the industry. Events are starting to appear on the website, so check them out and book your space. Increase your cyber awareness and resilience by attending events throughout the week and sharing our resources on the CyberScotland website.

There are many ways you can get involved in the week. You could host an event and share your knowledge with customers, colleagues or friends. If you are looking for a speaker for your event, please contact [email protected]

This is a fantastic opportunity for you and your organisations to stay secure online and learn how you can protect yourself, protect your business and be more cyber aware.

Keep up to date on social media: Facebook, Twitter, LinkedIn #CSW2023

Newsletters / Campaigns

Holiday Booking Scams

Many people have started to plan their next holiday. However, it’s important to be aware of holiday fraud, as scammers may try to take advantage of those looking to book a trip.

Fraudsters can take advantage of people looking to save money when booking their next holiday. The criminals will create convincing looking scam websites and advertise on social media to trick you into booking accommodation that is non-existent or has been fully booked. Fraudsters may impersonate airlines, travel companies and banks to steal personal information and money.

Get Safe Online’s campaign this month helps to raise awareness about fraudsters looking to exploit those of us looking to book a holiday getaway. To help avoid this happening to you, they’ve put together some expert tips on safely searching and booking holidays and travel with confidence.

Safer Internet Day 2023 – 7th February

Join this year’s social media campaign as we celebrate #SaferInternetDay in Scotland along with over 200 countries around the world!

The Supporters Pack includes tweets, graphics and templates to lend your voice to the biggest online safety campaign in the UK. Last year, over half of children and a third of parents heard the message, resulting in important conversations about keeping safe online. You can also grab the FREE resources to engage directly with young people and parents. This year’s theme is ‘Want to talk about it? Making space for conversations about life online’. Register your support now!

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Training and Webinars / Events

Exercise in a Box Workshop – exercising your response to a cyber incident, 26th January

Scottish Business Resilience Centre (SBRC) is facilitating workshops taking Scottish public and third-sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, ‘Sensitive Data Leak’ and ‘Micro Exercises’.

This is a great opportunity for you to test the resilience of your organisation.

January – 9.30 – 11 am

Exercise in a Box ‘Miro Exercises’ MS Teams – 26th January

February – 9.30 – 11 am

Exercise in a Box ‘Sensitive Data Leak’ MS Teams – 9th February

Workshops are free to those in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below.

Find out more details and book ongoing Exercise in a Box events

SBRC is going on tour with a series of roadshow events for Public and Third Sector organisations.

These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023.

Find out more and secure your place today.

laptop screen showing people on a video call.

NCSC Digital Loft: Incident management and the cyber threat from Russia

The NCSC will discuss the role of an Incident Management team and how it helps reduce the harm caused to victims of cyber incidents. They will also be discussing the potential cyber threat from Russia and what actions organisations can take, to minimise any business disruption that may be caused should Russia escalate it’s cyber capability towards the UK.

NCSC welcomes you to attend this interactive panel discussion to hear more about the role of an Incident Management team, private sector Cyber Incident Response and the cyber threat from Russia.

31^st January, 10 am – Register here

NCSC Digital Loft: Updating the Cyber Essentials technical requirements for 2023

An update to Cyber Essentials’ technical requirements will be revealed in January. This annual update aims to ensure that organisations with Cyber Essentials continue to guard against the vast majority of common cyber attacks.

To coincide with the publication of the refreshed requirements, we are hosting a live Digital Loft on 24th January 2023 (10.30-12.00) to share with you a first look at any changes and new guidance, and to answer your key Cyber Essentials questions. We will also be hosting a deep dive session on the technical changes on the 14th of March 2023.

Register today to get a preview of the changes and make sure you have all the info you need before the update goes live in April.

You can register for both sessions, 24th January and 14th March.

Check out all our event listings here

Open laptop with a blurred virtual meeting taking place.

CyberScotland Bulletin