CyberScotland Bulletin

NCSC urges UK organisations to bolster cyber defences

The NCSC is urging UK organisations to check out their cyber security guidance in response to malicious cyber incidents in and around Ukraine.

This guidance encourages organisations to take actionable steps that reduce their risk of falling victim to an attack. While the NCSC is not aware of any current specific threats to UK organisations, it is vital organisations stay ahead of a potential threat and make sure the fundamentals of cyber security are in place to protect their devices, networks and systems.

New Guidance for Construction workers

New Cyber Security for Construction Business guide from the NCSC, provides tailored, practical advice for the industry on how to protect their business and building projects. The guide is split into two sections. The first section is aimed at helping business owners and managers understand why security matters and summarises the cyber threats. Section two is aimed at advising staff responsible for IT equipment and services within the companies and provides guidance that can be implemented to make the business more resilient.

Basic Cyber Check tool for SMEs

Basic Cyber Check is a new free service from the NCSC, aimed at small to medium organisations, schools and charities, to help provide critical IT security checks and help you understand your top vulnerabilities.

The software will scan the internet for IP addresses (the unique address used to connect you to the internet), with common vulnerabilities that could allow criminals access to your network and devices. If your organisations IP address is on the list, you could make an attractive target for criminals. This tool will provide you with guidance to help fix any vulnerabilities found and help signpost you to additional guidance to protect your organisation.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has power to investigate and take down scam email addresses and website. As of February 2022, the NCSC have received over 10 million reported scams which has resulted in 76,000 scams being removed by the service across 139,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

Donating to charity safely

The work carried out by charities and voluntary organisations is invaluable in helping those in need around the world.

Sadly, the charity sector can be an attractive target for criminals. Criminals may set up fake websites and social media profiles during publicised disasters in order to steal funds from generous donations. These can be tricky to spot as they are made to look like the official pages. There have been several fake web pages and social media profiles pretending to be the Ukrainian Red Cross which are asking for donations. There has also been reports of adverts circulating which looks like British Red Cross asking for bitcoin donations to their Ukraine Crisis Appeal. British Red Cross confirmed on their website that these adverts are not legitimate.

Charities welcome your generosity in their support and by making simple online checks before you give, you can ensure your money reaches genuine registered charities.

Get Safe Online has valuable advice when donating to charities online. Take time to make sure you are safe to proceed, by checking the web links and charities’ official web pages for information. Be cautious of any links asking you to donate which come via email, phone call, text message or social media. Make sure to verify that your donations are going to a trusted organisation.

In Scotland, all charities must be registered, and an online register of charities is maintained by the Office of the Scottish Charity Regulator (OSCR). OSCR has produced guidance for members of the public that wish to support the Ukrainian people and some of this advice will also be relevant for charities.

The Disasters Emergency Committee (DEC) is an umbrella body that brings together 15 UK aid charities in times of crisis. It has an ongoing Ukraine Humanitarian Appeal to which you can contribute here.

CyberScotland Partnership celebrates first anniversary

The CyberScotland Partnership, created one year ago, provides individuals and businesses across Scotland’s public, private, and third sectors with guidance on cyber security and resilience. The group work together to drive the delivery of activities that will help achieve the outcomes of The Strategic Framework for a Cyber Resilience Scotland.

The Partnership has grown from 10 to 16 organisations over the year and has collaborated in cyber security campaigns for a range of audiences including providing advice to businesses during COP 26, raising awareness among students on how to stay secure online and created a Cyber Incident Response Pack which has supported just under 1,300 organisations to help plan and recover from cyber incidents. You can read more about the participating organisations on the CyberScotland website.

New Scottish Cyber Co-ordination Centre

Building on the success of the CyberScotland Partnership, the Scottish Government have announced a new Scottish Cyber Co-ordination Centre (SC3) to help improve Scotland’s ability to prevent and respond to the increasing cyber threat.

The £1.5 million central co-ordination function will pool expertise to share intelligence, provide early warning of cyber threat and attacks, manage incidents and lead recovery. The SC3 will have a primary focus on the public sector initially, and in its first year, will look at how Scotland can manage threat and vulnerability at scale. SC3 is set to be formally launched later this year.

Holiday Fraud

Many of us may be looking to book a holiday, but before parting with your money, it’s important to be aware of potential holiday scams online or via social media.

Holiday fraud can vary from fake accommodation listings advertising hotels, and self-catering properties that simply don’t exist, to “too good to be true” offers with flights being particularly targeted. Criminals can approach you over the phone, via text, email and social media, offering incredibly cheap deals to tempt you into booking a holiday with them. In reality, the holiday you’ve booked, or parts of it, doesn’t exist at all.

Here are some simple tips to help you avoid holidays scams.

• Read the terms and conditions and research the organisation you’re booking with before making any purchases. Verify that addresses exist through web searches and online maps.
• Beware of ‘too good to be true’ offers and prices.
• Beware of anyone that asks for payment by bank transfer only.
• Always use the secure payment options recommended by reputable online travel providers. If possible, use a credit card when making purchases online as it may help to get your money back if you fall victim.

Scotland’s Census

Now that the Scottish Census is live, there will be an increase in scams pretending to be from the Census.

Please be extra vigilant during this time and follow the published guidelines for detecting and reporting a scam. The Scottish Census website provides information on how you can take part and includes advice to make sure you do not fall for fraudsters pretending to be from census.

Scottish Apprenticeship Week, 7-11 March 2022

This week is Scottish Apprenticeship Week. Whether you’re looking to improve your long-term talent pipeline or address skills gaps, the Scottish apprenticeship programme offers flexible options to suit your business needs. Employers can use apprenticeships to attract new talent or upskill existing staff.

Skills Development Scotland have created a practical guide for employers on cyber security and technology apprenticeships. The toolkit will guide you through the different types of training available for new recruits and for members of your existing workforce. It will also explain some practical considerations relating to wages, your responsibilities as an employer, funding for training, and other important points to think about. It also highlights options for attracting new talent into your organisation, including through work experience placements, apprenticeships and internships.

There are many qualifications in cyber security available in Scotland. You can study an NPA in Cyber Security at school, apply for an apprenticeship, or study a master’s degree at University. Skills Development Scotland and Digital World have produced a guide to highlight the range of qualifications available for individuals wanting to pursue a career in Cyber Security.

Trading Standards Scotland

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

CyberScotland Week 2022, Learning for a life online, 28^th February – 6^th March

Last week provided a fantastic opportunity for you and your organisation to learn how to stay secure online and how you can protect yourself, protect your business and be more cyber aware.

The events included a diverse range of in-person and online events. Free webinars, resources and learning opportunities took place throughout the week to a wide audience to help people and organisations become more informed about cyber risks and how to become more cyber resilient.

Some of the events have been recorded and are available to watch on demand on the CyberScotland Week website.

Introduction to Cyber Learning and Incident Response, SBRC

In collaboration with the Scottish Government and the Scottish Council for Voluntary Organisations (SCVO), Scottish Business Resilience Centre (SBRC) are running a selection of free cyber security webinars for third sector organisations to better their cyber resilience. The webinars will provide an introduction to cyber security.

• ‘Introduction to Cyber Learning’ webinar will discuss the basics of cyber security and mitigations organisations should put in place. This webinar is an interactive discussion on the introduction to cyber learning curated particularly for third sector organisations.
• ‘Introduction to Incident Response‘ discusses the need to implement a plan in the event of a cyber breach. The trainers will discuss what incident response is, why it’s a necessary implementation to every business, and how businesses can begin implementation.

Organisations will be invited to complete SCVO’s Cyber Check-up survey which will help identify the next steps you need to make you more cyber secure.

Find out more and register online and check out their upcoming Exercise in a Box workshops.

CyberUK 2022, 10 – 11 May, Wales

Registration for in-person attendance at the NCSC’s flagship event, CYBERUK 2022, taking place 10-11 May at ICC Wales, Newport, is now open.

Held over two days, CYBERUK 2022 will be attended by more than 1500 delegates, integrating cyber security leaders with technical professionals, strengthening the cyber security community. Keynote speeches will also be streamed on the CYBERUK YouTube channel in order to maximise accessibility for all. Apply to attend.

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up receive the technical bulletin.

Read the latest bulletin here

• Cyber Security Information Sharing Partnership
• NCSC launches early warning notification service