Welcome to the
Scottish Business Resilience Centre
We are a unique organisation comprising contributions and secondments from Police Scotland, Scottish Government, Scottish Fire and Rescue Service, major banks, industries, investors and private membership. We aim to provide our members with a wide ranging one stop shop for business security services and advice and to date have established ourselves as a hub of innovation and business improvement in support of our partners and the business community.
How to Stay Cyber Secure
At the Scottish Business Resilience Centre, we provide a comprehensive range of integrated cyber security services that help you assess, build and manage your cyber security capabilities, and respond to incidents and crises. Our services are designed to help you build confidence, understand your threats and vulnerabilities, and secure your environment. Over the next few weeks we will be highlighting our range of services, with a spotlight on each.
Cyber Security Factsheets
This week the spotlight is on our Cyber Security Factsheets. Each week we will be unveiling 4 new Factsheets that cover a range of cyber related topics, that we are sure you will find useful and informative. These are free to download from the SBRC website. Check out the video below to find out more...
This week's Factsheets include:
Ransomware is a huge problem for everyone with companies of all sizes being attacked more and more often. Ransomware is a type of malware that encrypts the files and documents on your computer and makes them unusable unless you send a payment to the attacker (usually in bitcoins – an anonymous online currency). Our Ransomware Factsheet will help you understand and deal with this ever growing threat.
Tricks Used By Hackers to Upload Payloads
Did you know that hackers can hide dangerous code in harmless looking files? Hackers use a variety of tricks and methods to get their malicious payloads onto your devices or into locations where they can easily attack your devices. Our 'Tricks Used By Hackers To Upload Payloads' Factsheet will help you to understand how hackers go about this and the tricks they use every day to exploit your computer systems.
How to Identify Security Threats and What Action to Take
The 'Security Threats and their Solutions' Factsheet offers advice on countering the typical security threats you may encounter on the internet. Bearing these countermeasures in mind will help you recover
after being exposed to an online security threat.
Types of Cyber Threats
The 'Types of Cyber Threats' Factsheet has been developed to explain some of the most common and dangerous online threats for home users and small-medium sized businesses alike. It will describe in detail the techniques a malicious hacker may use to exploit your computer system. The Digital Economy: A House of Commons Report
The House of Commons Business, Innovation and Skills Select Committee has published its report on the digital economy. To read the report, which highlights the UK's position as a leader in the world of digital and highlights the need for the next Digital Strategy from the Government to take the repercussion of Brexit into account, please click here.
Social Media: Be Social, Be Secure
With cyber fraud posing an increasing threat to organisations and individuals on social media, it is more important than ever to consider your online security. We understand that social media security can be a confusing topic so we have created a series of free single-page factsheets addressing security measures you can take on a variety of popular social media platforms. Our factsheets also cover more general online security issues addressing topics like using Wi-Fi securely and how to identify a security threat.
We are proud to unveil the first 4 of these factsheets, concerning Snapchat , Pinterest, Wi-Fi and General Social Media Security Tips which can be downloaded for free here.Check our Website regularly, as we will be issuing a further four of these factsheets every week, for the next five weeks.
NCA report calls for stronger law enforcement and business partnership to fight cyber crime
The National Crime Agency has today published the Cyber Crime Assessment 2016, outlining the immediate threat to UK businesses from cyber crime. This is the first cyber crime assessment produced jointly by the NCA and industry partners. To read the report please click here.
Scottish Cyber Awards
Applications are now open for the First Scottish Cyber Awards!
This is your chance to shine and be recognised for all of the great work you do in the cyber field. Please click here for more information.
We are delighted to announce that all of the award sponsorship opportunities for the Scottish Cyber Awards sold out within a week! This is a great indicator of the excitement and anticipation surrounding Scotland's first Cyber Awards Ceremony. Award applications will open on Monday the 4th of July and all of the information you need to apply will be right here on the SBRC website.
Scottish Cyber Awards - Category Sponsors
The SBRC 2016 Issue 3 Newsletter is out now!
Just click on the cover image below to learn about our latest events, additions to the team and board and our involvement in Project Griffin.
Do you have responsibility for Lone Workers?
The Personal Guardian could be just what you are looking for.
Scottish firms asked to join terrorism awareness scheme
Scottish businesses and organisations are being urged to sign up for a scheme to keep their staff and the public safe in the event of a terrorist attack.
The scheme, called Project Griffin, is aimed at workers in busy or crowded places, including the hospitality industry and the health service.
Ch Insp Ronnie Megaughin, deputy director of the Scottish Business Resilience Centre, said: "This extension of Project Griffin, which will enable a greater number of businesses to ensure their staff are sufficiently aware and prepared for an act of terrorism, is most welcome.
"Whilst being prepared and knowing what to do is vital, it is equally important that as many people as possible who work in busy places are aware of the threat and are better equipped to recognise and report suspicious activity.
Didn't make it to the Real McCoy event in Glasgow last week? Don't worry you can find out what it was all about in this brief overview below:
Overview of New EU Data Protection Legislation from PricewaterhouseCoopers
(Please click on the image below to read the full document)
Small Firms Struggle To Tackle Threat of Cyber Crime
Scotland’s small businesses are aware of the increasing threat of cyber crime but are still failing to act on the threat effectively, according to the most detailed cyber security survey of small businesses in the past year.
The survey highlights how firms are being overwhelmed and confused by the amount of advice around cyber crime. As a consequence they are choosing to take only the most minor “common knowledge” preventative measures, like using anti-virus software and firewalls, which leaves them unwittingly vulnerable.
The survey also shows that SMEs still do not regard the data they hold, whether their own or that of customers, as having value.
The study is the first of its kind to assess why Scotland’s SMEs are not doing more to protect themselves, despite the almost daily reports of companies being hacked, having personal data stolen or experiencing a loss of business.
The research, by the University of Glasgow, was commissioned by the Scottish Government and the Scottish Business Resilience Centre (SBRC) and funded by a Royal Academy of Engineering Industrial Secondment Grant.
SBRC Director Mandy Haeburn-Little said the survey provides crucial guidance on how small businesses, government and other agencies all need to change their thinking to counter the threat of cyber crime.
She said: “It’s vital we do everything we can to support smaller companies including the many, many companies who work from home. These findings will help us to do this. The findings show that SMEs do care and take cyber crime seriously, but they are hitting obstacles on what to do about it. However also particularly concerning is that many small businesses still do not recognise that there is a value attached to the data they hold .
“The fact that there is so much advice online – and also significant levels of conflicting advice - is leaving them confused, bewildered and overwhelmed. The survey also shows that the majority of people simply turn to Google for advice despite there being several dedicated websites and portals of guidance available.
“This all points to the need to establish clarity over recommended actions and a single source for advice and contact. This is very much in line with the concept of the creation of a cyber hub for Scotland which would act as one trusted source of advice and cyber security services at affordable cost. SBRC is taking forward the scoping of this concept with more news on this expected in the next six months.”
The SBRC is considering how small businesses can be more supported with their specific needs and for other simple measures to be introduced to keep cyber crime front of mind to help to drive behavioural change.
University of Glasgow senior lecturer Dr Karen Renaud, who was seconded to the SBRC and who conducted the survey, found that:
• 95% of businesses carried out security activities that showed they did care about security, but only 15% thought they were at significant risk of being the target of an attack.
• More than 50% said they consulted Google for cyber advice with less than 7% consulting Government websites. With 12 million results coming up on Google, firms feel unable to identify trustworthy advice and are left floundering.
The recent Cyber Breaches Security Survey, carried out by Ipsos Mori for the UK Government, found two-thirds of large British businesses have experienced a cyber attack or breach in the last 12 months – one in four of which were attacked at least once a month. More than half (53 per cent) of small businesses in Scotland think it is unlikely or very unlikely they would be a target for an attack and only 23 per cent feel completely prepared for one, with 19 per cent saying they have not taken any steps to protect their data.
The SBRC, whose partners include the Scottish Government is now proposing to highlight the survey recommendations in its ongoing discussions with the Scottish Government and Police Scotland as part of Scotland’s developing cyber strategy.
Cyber crime can take many forms, including theft, fraud, selling sensitive company data and sabotaging equipment.
In the past year, notable cyber attacks have included the TalkTalk scandal and the crashing of the BBC website; however, smaller firms are at an increased risk due to limited resources and lack of in-house IT capabilities.
As part of its cyber prevention guidance, the SBRC provides crucial, affordable services to protect companies by working with ethical hacking students - particularly vulnerable small firms - from e-criminals and scammers.
These assessments can vary from a cyber footprint review, which assesses what information is available online about a business or an individual and how that can be better managed, to a security test which looks to identify the risk of unauthorised intrusion from an external or internal source.
Other cyber assessments can be carried out including cyber attack rehearsal, simply business hygiene checks for small companies and phishing simulation.
Meet Our New Ethical Hackers!
We are delighted to be continuing to work with Abertay Ethical Hacking students to improve business cyber security. This will be the fourth year running that we will be having ethical hacking students work with us directly here at the centre. Due to increasing demand we have been offering cyber services all year round but now that the students will be based with us here in the office over the Summer there is no better time to get in touch with your cyber security concerns. Pensioners Conned Out Of Life Savings
Eight conmen who operated a scheme in which they pretended to be police officers in order to con pensioners into handing over large sums of money have now been jailed according to news circulating today.
In order to avoid falling prey to similar scams please consider the following advice provided by SBRC's Financial Resilience Manager Graham Vance:
Banks and other financial institutions will NEVER phone or contact customers advising them to move money from their accounts for any reason. If you receive a call from anyone saying they represent your bank, politely refuse to comply with any instructions, hang up, wait for a few minutes and then contact your bank on a number that you know relates to the bank. Before you dial your bank’s number make sure you hear a dialling tone. Criminals who are trying to scam you will try and hang on the line to keep it open for as long as the telephony system will allow before automatically closing the connection down.
We were delighted to be featured in a recent Bright Red Triangle Bites e-mail as you can see below:
If you would like to check out the password checker tool for yourself to find out how long it would take a hacker to crack your password just click here. Business Extortion Alert from National Fraud Intelligence Bureau
A number of businesses in the UK have recently been targets of online extortion attempts. To read the urgent alert released by the National Fraud Intelligence Bureau on this issue, which includes advice, please click on the image below.
Scotland Announces First National Cyber Awards Ceremony
Key public bodies, along with leading private firms will endorse a new awards ceremony to recognise Scotland’s commitment towards cyber security excellence.
Set to take place in November this year, the awards will feature categories that celebrate innovative new technologies, the good practice of both small and established companies and progress within the education sector.
Recent research has revealed that large numbers of people receiving pension money do not take appropriate, qualified and professional advice on how to manage their money. Receipt of pension money is an event to be savoured and celebrated – it can also be the source of heartbreak, broken relationships and deterioration in health if not managed properly.
The situation in the UK is quite clear. Anyone offering financial advice must be registered with the Financial Conduct Authority. The reason for this is to make sure that people receive appropriate advice and guidance which is approved by the financial regulators. Taking advice from unqualified “financial consultants” or “investment managers” is a very risky business and exposes people to the risk of fraud resulting in significant financial losses. Moreover, should people find themselves out of pocket because of advice taken from unregistered consultants they are unlikely to have recourse to the financial compensation scheme.
Fraudsters have no conscience. They constantly seek innovative ways of relieving people of their hard earned cash. The methods they use are many and varied from cold calling investment opportunities to mail and telephone scams. Probably the most common method used is internet schemes where fraudsters pose (through e-mails and websites) as genuine businesses, enticing people into providing personal details or worse, bank details.
The message from the Scottish Business Resilience Centre is simple:
If you are in receipt of a lump sum, whether it be the proceeds of a pension or matured insurance policy, take advice from a trusted and qualified financial advisor. The names of all registered advisors are posted on the website of the Financial Conduct Authority and if your advisor’s name is not there you should be asking some serious questions.
Treat all cold callers (on the phone or at the door) with the utmost suspicion and do not provide or confirm any personal details until you are absolutely sure who you are dealing with. Do not be pressured into making a quick decision – this is a common method used by fraudsters who will tell you that the offer is off the table as soon as they leave you or hang up.
Never trust e-mails that you are not expecting. If you are in any way suspicious come out of the e-mail and search the sender of the e mail on a recognised search engine.
Remember that receipt of lump sums can often have the effect of making normal, rational, logical people vulnerable to scams and frauds. Be sensible, take a deep breath and consult with a qualified professional – a short pause at the start will give you the comfort of knowing that your decisions were sound and may save you a lot of heartache and regret later on.
A handy article from Cnet explains how to encrypt iOS and Android devices as well as detailing the pros and cons of encrypting certain devices. If you are considering encrypting your smartphone you may want to read the guide here.
Worried about Ransomware?
Thomas Stanford have produced a free guide on how to stay protected against this evolving threat. Find out more here. SWITCH IT OFF!
Why it's dangerous to leave your Wi Fi on as demonstrated by one of our superb speakers from the Trading Securely conference, Glenn Wilkinson.
Have you read the Little Book of Resilience?
It's author, Liggy Webb of The Learning Architect, has kindly made it available here for free. Click here or on the image above to start reading!
Cyber Security Advice videos from our Ethical Hacking Team
Our ethical hackers have recorded several videos which provide advice on different cyber security issues. The latest video is below and you can you can view the full range of videos by clicking here.