News

The Cyber Scotland Partnership and Police Scotland have issued a cyber security reminder for public and private sector organisations to remain vigilant and take appropriate precautions to reduce their risk to ransomware and other cyber attacks leading up to and during the holiday season.

This advice is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting. Specifically, malicious cyber actors have often taken advantage of holidays and weekends to attack and disrupt critical networks and systems belonging to organisations, businesses, and critical infrastructure.

Among the mitigations described in this joint alert includes the need for organisations to identify IT security employees for weekends and holiday cover who would be available to provide IT support during these times in the event of a ransomware attack.

Other best practice recommendations include:

  • Implement multi-factor authentication for remote access and administrative accounts
  • Mandate strong passwords and ensure they are not reused across multiple accounts
  • If you use remote desktop protocol (RDP), ensure it is secure and monitored      
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness
  • Review and, if needed, update incident response and communication plans that list actions an organization will take if impacted by a ransomware incident
Text says, Turn on 2 factor authentication. Secure your devices with strong passwords and update the software regularly.

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” said Jude McCorry, Chair of the Cyber Scotland Partnership Steering Group. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season. We urge all organisations to remain vigilant and report any cyber incidents to Police Scotland.”

Jude McCorry, Chair of CyberScotland Partnership

“Police Scotland is dedicated to combatting cyber-crimes targeting the public and our private sector partners. Cyber criminals have historically viewed holidays as a preferred opportunity to implement ransomware and cyber-attacks,” said Insp Mark Gallacher Police Scotland Cybercrime Harm Prevention. “We will continue to provide cyber threat information and share best safeguard practices. We urge IT professionals to prepare and remain alert over the upcoming holiday period and report any suspicious activity”

Inspector Mark Gallacher, Police Scotland Cybercrime Harm Prevention

Ransomware continues to be a national security threat and a critical challenge; however, there are actions that Business leaders, and employees in any organisation can take to proactively reduce their risk to cyberattacks during the upcoming holiday season. We encourage all organisations to visit www.ncsc.gov.uk, for resources and advice on how to protect yourself from becoming a victim of ransomware.

Contact Police Scotland on 101 if you have been a victim of Cybercrime.

More advice can be found here: https://www.cyberscotland.com/cyber-security-christmas/

Related content

UK Government launch the UK National Cyber Strategy

The UK Government has published its new National Cyber Strategy. This strategy sets out the government’s approach to protecting and promoting the UK’s interests in cyberspace. Their plan is to ensure that the UK continues to be a leading responsible […]

Take Five to Stop Fraud – The Art of Saying No

We are proud to be supporting the Take Five to Stop Fraud campaign this Take Five Week. Criminals are experts at impersonating people, organisations and the police so it can be difficult to spot scam texts, emails and phone calls. […]

Cyber Security Explainer Videos

CyberScotland Partner Scottish Business Resilience Centre have released a selection of cyber security awareness videos. These short videos offer up simple and easily digestible information on some of the most common terms and issues arising in the cyber world. SBRC’s […]

Back to top of the page